Step 2: Implement Authentication

The next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data.

The Yammer API supports using the following token types:

  1. Azure Active Directory
  2. Yammer OAuth 2 (Legacy)

Azure Active Directory Tokens

All Yammer v1 REST API endpoints support using Azure Active Directory (AAD) Tokens that are acquired using the Microsoft Authentication Library (MSAL). MSAL is available for .NET, JavaScript, iOS and Android, which support many different application architectures and platform. Learn about using MSAL.

Client-side Single Page JavaScript Application

If you are using a Single Page Azure Active Directory Application that uses the Implicit Grant Flow, then your Azure Active Directory Application will need to be mapped to its corresponding Yammer Platform Application. This is required to ensure that your application is not affected by Cross-Origin Resource Sharing (CORS) permissions issues. Please provide details about your Azure Active Directory application and Yammer Application by creating a Microsoft Support ticket to request mapping of both those application IDs to solve for CORS permissions issues.

Yammer OAuth 2 (Legacy)

Yammer's v1 REST API endpoints also support using Yammer OAuth 2 Tokens.

  1. Server-Side Flow: Referred to as “Authorization Code Grant” in the OAuth 2.0 Specification, the server-side flow should be used whenever you need to call the Yammer API from your web application server.

  2. Client-Side Flow: Referred to as “Implicit Grant” in the OAuth 2.0 Specification, the client-side flow should be used when you need to make API calls from a client, such as JavaScript running in a web browser or from a native mobile or desktop application.

Learn more about using Server-Side and Client-Side flows here.