Yammer REST APIs and ADAL Access Tokens


Yammer is now a full, certified member of the Office 365 suite.  The recent milestone was when Yammer attained the Office 365's industry leading compliance commitments. As a result, all Office 365 tenants with a subscription that includes Yammer gain the full benefits of Yammer. This also means that you can now develop third party applications that can access Yammer APIs with Office 365 tokens, based off the Azure Active Directory Authentication Libraries (ADAL).The intent of this blog is to shed more light on how to develop yammer apps using the ADAL integration.

As you may know, there are lots of Azure Active Directory libraries that are available for different platforms, such as .Net, Ruby, Node.js, Python, Java etc,  that could help you get started with development with minimal effort. In the same vein,  I have had several interactions with customers and partners that do not fully understand the abstractions that are behind these libraries, as a result, this blog will  focus on how to manually generate an ADAL token - without any library, and how to use the obtained token to consume Yammer APIs.

Add an application in Azure AD

Navigate to Azure portal - > Active Directory ->  Add :

2016-07-05 11_10_20-Active Directory - Microsoft Azure

Once the app has been created, navigate to the app, click Configure, then  "Add Application":

2016-07-05 13_09_16-Photos

Go back to the app and delegate Read/Write permission to the Yammer Platform:

2016-07-05 13_10_22-Photos

On the same page, select Key duration, then Save.  Please copy the  generated key into somewhere secure before exiting the page as it cannot be recovered.

2016-07-05 14_01_47-Active Directory - Microsoft Azure

Obtaining an ADAL token:

I'd suggest you install either Fiddler, RESTClient or Postman  RESTful Client for this section. I'll be using Postman.

Click the "View Endpoints"  links and copy the TOKEN and AUTHORISATION endpoints into a notepad:

2016-07-05 14_57_39-Skitch - 2016-07-05 14_01_47-Active Directory - Microsoft Azure 7_5_16 2_34 PM

Authorisation:  The first step is to authorise and get the user's consent -  using the authorisation endpoint. Append :

  • resource
  • redirect,
  • response_type and
  • client_id  (copy this from app's page in Azure AD)

as parameters to the authorise endpoint as shown below:

https://login.microsoftonline.com/9368c64f-f161-4329-ba2e-c721ff522198/oauth2/authorize?resource=https://www.yammer.com&redirect=https://www.example.com/&response_type=code&client_id=294d24b7-540e-460c-a424-8cad815dcecc

Copy the URL into a browser and you be should redirected to the app's login page. Login with an active user in Office 356 and grant consent. If the login is successful, you should be further redirected to the specified redirect_uri. Copy the code from the browser's url:

2016-07-05 15_19_26-Network Connections

Token:  Next,  launch Postman or your preferred RESTful client, input the following parameters, and  send a POST request to the token endpoint in the format shown in the screenshot-

https://login.microsoftonline.com/9368c64f-f161-4329-ba2e-c721ff522198/oauth2/token

You should get a 200 OK response if all went well.

2016-07-05 15_26_16-Network Connections

 

Yammer REST API 

Copy the full value of the "access_token".   We can now use this token to perform actions in Yammer. How cool!

To do that, you'd need to send the access token as a Bearer token in the request's Authorisation header.

Try it out by sending a GET request to the current user endpint   - https://www.yammer.com/api/v1/users/current.json

Voila!!!

2016-07-05 15_36_22-Network Connections

Gotchas

  • ADAL token is not supported by some Yammer API endpoints yet.  The autocomplete endpoint for example does not accept ADAL tokens.
  • Yammer does not support ADAL tokens from web applications due to CORS limitation. It only works from client/console applications.
  • Bear in mind that this integration is still in a preview state (as at the time of writing this blog)
  • The Yammer network and or the user must be mapped to Office 365 as a prerequisite. So if your network is still using single sign -on (SSO), you'd need to disable it first as Office 365 sign-in for Yammer is mutually exclusive to SSO.

Please follow the steps that are described in this blog to perform self/preliminary troubleshooting in your development environment. Contact Yammer support if you need further help.


Comments (0)

Skip to main content