Yammer REST API: How to get access tokens for external networks?

Question

I'm working on an ASP.NET web application that reads data from Yammer. I've successfully acomplished authentication and getting messages from the "home" network.

Now I want to switch to another network and get messages from it. I've read all the documentation and specifically the Networks section which states the following:

Facilitates switching a user between different Yammer networks. All Yammer web requests contain a network permalink in the URL (https://www.yammer.com/network_permalink/resource_path) to denote the network context. API requests use a different OAuth token for each user/network combination.

Endpoint: Returns a list of networks to which the current user has access. Supports included_suspended parameter.

GET https://www.yammer.com/api/v1/networks/current.json

Ok, so I need to get the corresponding token for the user/network combination. Perfect. I do a GET request to that networks/current.json endpoint and I get all the networks the current user has access to. Great. Now, where are the tokens? They aren't in the json response.

So...

• How do I get messages from external networks using the Yammer REST API via server-side code?
• How do I get the tokens for the external networks?

UPDATE

Following Brian's suggestion:

1. I do a GET https://www.yammer.com/api/v1/oauth/tokens.json passing the current token in the authentication header (Bearer: xxxxxxxxx)
2. This returns the 2 networks the user I'm using is in. The home and the external. One thing I noticed is that the user_id is different for each network. I don't know if that's another user or if the same user has a different user_id for each network.
3. Now I want to get messages from the other network so I do a

GET https://www.yammer.com/api/v1/messages.json

but now using the token for the external network I got from the tokens.json endpoint. But I get the following response:

{
  "response":
     {
      "stat":"fail",
      "code":17,
      "message":"Attempt to access a protected resource failed."
     }
 }

And again, according to the doc that endpoint is for impersonation and restricted to verified admin users in paid Yammer networks.

I have no clue really.

UPDATE 2

The process described in the above update works for the user (me) that created the Yammer App. I'm using. Other users can't get messages from external networks unless I'm in that network. So it seems like they are using my tokens, but that's impossible unless there's a bug in the API.

Answer 1

You need to hit https://www.yammer.com/api/v1/oauth/tokens.json. This topic is covered over on the Zapier blog. Their blog specifies an access_token as a query string parameter, but that is no longer supported. Specify the access token for the current user on the Authorization header as shown on the Yammer developer site.

Answer 2

So far what i have discovered is this: Due to some cross domain restriction, the SDK creates a hidden iframe on the page to serve as a proxy bridge to use the users primary network credentials and get access to external network resources. The network parameter is the key in the puzzle.

The obtained token can be then manually set for further requests whenever the page is reloaded, avoiding the login window to show up again.

yam.platform.login({ network: '{your-permalink-goes-here}' }, function (data) {

    console.log('login-status: ',data)
    if(data.status ==='connected')
        yam.platform.request({
            url: "oauth/tokens.json"     
            , method: "GET"
            , success: function (tokens) { console.log('user-tokens:',tokens); }
            , error: function (err) { alert("There was an error with the request."); }
        });
})

Then for next requests, setAuthToken does the trick.

yam.platform.setAuthToken('{the-token-goes-here}'))

Answer 3

If you want your app to work in SSO enabled Network, you need to globalize your app. For this you need to raise a ticket to the yammer helpdesk.

Refer: yammer oauth2 returning 403 Client Error: Forbidden