Using the Yammer API in a .NET Client Application

UPDATE 12/17/2013:  The authentication process Yammer uses to issue an access code changed recently.  If you have been getting a 404 error when executing the 3rd line of code previously described below to get the token, then read the updated step 3 below and/or grab the updated code attached to this post.

Recently I’ve been doing some work with the Yammer API from a console application.  The Yammer API does not have ton of documentation right now, and what is there is primarily targeted at using the API from a browser-based application.  But what about a classic scheduled task type application?  For example, suppose you wanted to write an application that would go through once a day and post the current leaders in a sales contest you’re having.  Imagine having your app read the data from SQL and then posting the information into the feed.  There just isn’t a lot of details on using it from server side code, and virtually none using .NET so I figured I would share and spread the joy.  Brian on the Yammer team was good enough to get me through a few of the rough spots so thank you Brian.  I also am attaching my console app to this post so that you have sample code to see for yourself.

To begin with, you should take a look at  You’ll find the documentation there on the Yammer API and a sprinkling of samples throughout.  The most important part of this process (assuming you have a Yammer network to work in already) is that you need to register a Yammer application.  When you do that you will get a client ID and secret, and you will tell Yammer where token requests for your application should be returned.  This process is explained in the Yammer developer documentation here:

Once you have your application registered you can start working on your code to call the Yammer APIs.  The first thing you need in order to do anything useful is an access token.  Obtaining an access token in Yammer is very much like getting an OAuth access token for a SharePoint App (and many other apps).  If you’re in the browser, a user would get a prompt where they would be informed that your application would like to access their Yammer information, and the user can allow it or not.  Once you get an access token it is good for a very, very, long time (“years” according to the Yammer documentation) so you don’t need to worry about doing this every time for every user – you can save your access token for a user and reuse it later.

This is important to remember, especially when you are just experimenting, because the Yammer documentation also describes how you can obtain an access token through the browser and then use that for your application.  If you go to, scroll down to the bottom of the page and read the section titled Generate a test access token for instructions on how to do this.

Now in my case, I didn’t want to go that route because I want something a little more hands off and sustainable.  So what I did is go through the process once through the browser, trace everything with Fiddler, and then write some code to simulate a person going through that process.  The flip side of taking this approach is that it does require you to have the credentials of the user you want to simulate granting the application rights to data, so neither option is really perfect.   If you look at the code in my console app you go through this process to get an access token:

  1. Make a request to the oath endpoint in Yammer like this:" + CLIENT_ID + "&redirect_uri=" + REDIR_URL.  In this case, “CLIENT_ID” is the client ID you got when you registered your app, and “REDIR_URL” is the Uri that the response from Yammer should return to when it’s finished.  It’s important to remember that if you test on different machines or in different environments, if you change where the response is going back to you MUST go update your application configuration in Yammer.  If your redirect_uri does not match the configuration of your application, then Yammer will just give you an error.  When you do get a response, there’s an “authenticity” token that you’ll need to extract out of the body and use on your next request.  Fortunately I’ve written wrapper code for making a request and extracting this token so it’s really just two lines of code:  response = MakeGetRequest(permUrl); and then string authToken = GetAuthenticityToken(response);
  2. Next you’re going to take the authenticity token and do an HTTP POST back to Yammer along with the credentials for the user.  When you do that there are also two cookies that you need to start sending along that were created when you made the first request:  yamtrak_id and _workfeed_session_id.  You’ll post that to to create a session with Yammer.  Again, I’ve wrapped up the POST and extracting and resubmitting the cookies so you are just making one method call:  postResults = MakePostRequest(postBody, authUrl1).
  3. UPDATE:  This process changes right here as of December 2013.  Yammer has changed the authentication process, so here's what we do on this step now:  you just need to make the same exact request that you made in step 1, with one difference.  When you make the request, you need to include the Yammer tracking ID and session ID cookie.  I made this all very easy for you by just adding one additional optional parameter to the MakeGetRequest method – AddCookies.  So to make this final request you just need one line of code:  response = MakeGetRequest(permUrl, string.Empty, true);  You should get an access code in the return query string just as you did with the previous code.
  4. Now that you have an access code you can make a request to" + CLIENT_ID + "&client_secret=" + CLIENT_SECRET + "&code=" + accessCode.  Just like before, “CLIENT_ID” and “CLIENT_SECRET” are what you got from Yammer when you registered your app; “accessCode” is the access code we got from step 3.  If this works, you’ll get a whole bunch of JSON In return that includes information about the current user, as well as the access token that you’ll need to include in all of your subsequent requests to read or write data into Yammer.

Now things get a lot more fun.  Since we’ll regularly be working with JSON when using the Yammer API, I’ve written a bunch of .NET classes that we can use to serialize and deserialize back and forth.  For example, when you get the access token back you can create an instance of one of my classes with code like this:  YammerAccessToken yat = YammerAccessToken.GetInstanceFromJson(response).  Once you do that you can easily refer to all the JSON goo in a .NET world.  So for example, to get the access token you can just refer to yat.TokenResponse.Token.  That is in fact how you will pass your access token to all subsequent requests that require it.

Now let’s start playing with the data.  Suppose you want to read the “All Messages” posts for a user?  It becomes a pretty trivial piece of code:

//make the request to Yammer for messages

response = MakeGetRequest("", yat.TokenResponse.Token);


//serialize the JSON that’s returned into one of Steve’s Yammer objects

YammerMessages yms = YammerMessages.GetInstanceFromJson(response);


//enumerate each message and do something

foreach (YammerMessage ym in yms.Messages)


Console.WriteLine("Message:  " + ym.MessageContent.PlainText);



If you look at the class I created for messages you’ll see that you can get things like the message ID, sender ID, message type, sender type, Url, thread ID, language, plain text, rich text, attachments, likes, etc.  All of these are simple to retrieve using this custom class.

Now suppose you just want to get information about a particular user?  Again, two lines of code gets you there:

response = MakeGetRequest(currentUserUrl, yat.TokenResponse.Token);

YammerUser yu = YammerUser.GetInstanceFromJson(response);


Once you have the YammerUser you can get at things like name, department, job title, photo Url, contact information (like email), network settings, and the list of feeds and groups that they belong to.  The last couple of items are important, because each feed and group contains an identifier, and you have to use that identifier when posting to it.


Posting a message to a feed is done via a FORM post, so we can again reuse some of the other code we’ve written.  When you post a new message, Yammer actually returns a message collection back to you containing one message, and you can use the same method described above to serialize it into a class to view the results.  Since this is just sample code, here’s an example of how I let the user running the console app just type in the message that they want posted to the newsfeed:


bool broadcastToAll = false;

Console.WriteLine("Type in the message you want posted to the Yammer IT Group then press enter:");

string myMessage = Console.ReadLine();


//it.GroupID is a group that I got for my user in one of the previous code samples

//the complete list of form variables that you can submit and their definition can

//be found at in the Manipulating

//Messages section

string msg = "body=" + myMessage + "&group_id=" + it.GroupID + "&broadcast=" + broadcastToAll.ToString();


//try adding the message

response = MakePostRequest(msg, ("", yat.TokenResponse.Token);


if (!string.IsNullOrEmpty(response))


YammerMessages newMsg = YammerMessages.GetInstanceFromJson(response);

Console.WriteLine("message sent: " + newMsg.Messages[0].MessageContent.PlainText);



Posting to a Yammer App page can be done using Yammer’s Open Graph API; they’ve documented it here:  You submit a multi-level chunk of JSON to create an entry using Open Graph, but again, I’ve created a custom object to make it easy for you.  Here’s an example of using my object that wraps the JSON needed for Open Graph:


YammerGraphObject go = new YammerGraphObject();

go.Activity.Action = "create";

go.Activity.Actor = new YammerActor("Steve Peschka", "");

go.Activity.Message = "Hey can we finally get this crazy write stuff working??";


go.Activity.Users.Add(new YammerActor("Anne Wallace", ""));

go.Activity.Users.Add(new YammerActor("Garth Fort", ""));


YammerGraphObjectInstance jo = new YammerGraphObjectInstance();

jo.Url = "";

jo.Title = "yammo objectola";


go.Activity.Object = jo;


//the key is really here – I’ve overridden the ToString() method to return a

//JSON payload that can be used with Yammer

string postData = go.ToString();


//now we can just post the data to Yammer to create it

response = MakePostRequest(postData, graphPostUrl, yat.TokenResponse.Token, "application/json");


That pretty much wraps it up.  This is far from an exhaustive list of things you can do with Yammer.  What I wanted to do was just to give you a starting point of common tasks and data serialization techniques that you can use to build from.  I think as you look into building with the Yammer API you will be able to use the sample application I’ve attached to this posting as a good starting point and pattern for creating whatever custom Yammer application you like.  Now go get Yammered.   🙂

Comments (54)

  1. Anonymous says:

    Hi Steve,

    Just downloaded your updated code and so far all seems to be running smoothly again 🙂


  2. Anonymous says:

    I think my problem in the comment before has been solved – the REDIR_URL is only the URI of the app, correct? So I use REDIR_URL = "http://localhost". When opening my app in the browser with
    I get the resulting code like http://localhost/?code=3vd5… When starting the app here I get… //ADDED 12/17/2013 TO REFLECT CHANGES YAMMER MADE IN AUTH PROCEDURE response = MakeGetRequest(permUrl, String.Empty, true); …a HTTP 404 and the response is "".
    So no code=.., no fun. I don´t understand the obtaining of the "code" information. When getting the code in the browser and using this code in the app it works (one time, then the code is no longer valid for new requests, ok for that). For me it seems the
    app doesn´t get that code, but instead the HTML document from yammer where the user shall allow the app. Steve, do you have a tip for me, what I´m doing wrong? Thx!! Tony

  3. Anonymous says:

    I want to integrate yammer into my Windows store app, what should be my redirect_uri

  4. arutjothi says:

    Thanks a lot, Steve…..This post was very informative and appreciate your effort in shedding light into yammer integration…

    For those who are still complaining about the code with 404 error, you need to replace line # 457-459 in program.cs with the following code:

    cStart = cookies.IndexOf("_workfeed_session_id") + 21;
    string tempCook2 = cookies.Substring(cStart);
    tempCook2 = tempCook2.Remove(tempCook2.IndexOf(";"));

    The "Set-Cookie" header value was probably changed (or rather includes additional values) few months after Steve made this post. Due to this the ‘_workfeed_session_id’ value was fetched incorrectly as ‘disabled’. Getting the correct value of the session ID
    fixes the issue.

  5. Anonymous says:

    Hi steve! How about log out? Do you have any idea how to do that? -mia

  6. Anonymous says:

    @steve thanks for the reply is it possible to use the code in a console applications.

  7. Anonymous says:

    Hi Steve, great article! I´m also fighting with your sample console app, not sure what REDIR_URL should be used in my console app. As far as I understood, Yammer Redirects to that URL if the authentication process is successful. So what to do in a console app – I always run into the “Failed to get access token!”, the code is always emtpy. Thx for tips! Tony.

  8. Anonymous says:

    Hey Steve!! Thank a lot. This post helped me a lot! Quick question, how do i include an attachment while posting?

  9. Hi @Tony, the REDIR_URL is the name of your machine where your code is running. localhost should work because your local machine, where the code is running, will resolve that to the local machine. In my code sample I think it has sppdxwin8 for REDIR_URL because that’s where my machine is running. Just remember that whatever value you use for REDIR_URL, you need to use that same value in your Yammer network when you configure your application. Meaning when you go into look at My Apps in in Yammer, the Redirect URI should also be “localhost” if that’s what your REDIR_URL is – they need to match.

  10. Anonymous says:

    This is very useful .. thanks a lot .. can you please give some info on how to post an image on yammer group.. this would be really helpful ..thanks in advance

  11. JMH3143 says:

    Nice work!
    Well done!

  12. Hi @Martin, make sure your REDIR_URL points to the hostname of the machine where you code is actually running. That’s the most common reason the request fails.

  13. Heinrich Ulbricht says:

    Steve, huge thanks for your work! I hit only one obstacle: when trying your code I had problems retrieving the "code" in step 3. I did not get a redirect as result but a plain 200 – and thus no code in the URL. So I copied the URL from the previous step
    to the browser and looked at what happend when allowing access in the browser UI. What I saw seemed similar to the process _before_ your change (marked with REMOVED 12/17/2013 TO REFLECT CHANGES YAMMER MADE IN AUTH PROCEDURE). This is what Fiddler showed me
    and what worked for me: a POST request is made to "" with the POST BODY set to "utf8=%E2%9C%93&authenticity_token=#urlencodedtokenhere#&allow=Allow".
    I used your code to make the respective call: MakePostRequest(postBody, authUrl2); which then worked. On my machine I had to make another change regarding the redirect: wResp = (HttpWebResponse)wr.GetResponse(); threw an exception "Unable to connect to the
    remote server" because the local redirect to "https://localhost" failed. Thus I needed to disable the automatic redirect with "wr.AllowAutoRedirect = false" and needed to get the code from the response headers: qsCode = wResp.Headers["Location"].Split(new[]{‘?’})[1];
    (instead of qsCode = wResp.ResponseUri.Query).Then everything worked. Don’t know if Yammer again changed the login process or if this is a quirk with our Yammer instance.

  14. alexandrad9x says:


  15. Hey folks, for the various questions about how to use a particular aspect of the Yammer API, I would recommend you just look on the Yammer site at for details on the various methods and functionality it supports.

  16. Hi @Pankaj and @Lee. The process to obtain an access code did in fact change. I have figured out how to get it using this new process and updated the post and sample code attached to this post. Give it a try and see if that doesn’t resolve your issue.

  17. Ed (DareDevil57) says:

    thanks for sharing.

  18. Anonymous says:

    Is there any way to create groups in yammer using client?

  19. Pablo says:

    Great Post, right now I have to develop an application to get the user for specific yammer group. Quick question, Does the application need .net 4.5, right?

    Thanks in advance

  20. Hi @Pablo, it really doesn't need .NET 4.5 because you are using REST calls to retrieve the data.  So even though my samples are written 4.5, you should be able to use as is, or at the very worst, make some very minor modifications to work with previous versions of .NET.  It's not because there's some managed API in there for Yammer that I'm using, it's just because of the WebRequest / WebResponse code I'm using as well as generics and serialization.

  21. pankaj says:

    Hi , i am trying to use the same but it seems id does not work , i think the yammer has changed some API which does not work with console application do you have any idea.

  22. lee says:

    Hi Steve,

    I have also been having some problems since last week as I believe something was changed in the Yammer API regarding the access code (in step 3) being returned/passed in a query string.

    I have narrowed down the issue to acquiring the access code, as if we get the code manually (not ideal) and pass this to the authentication step then it can continue as it did before without any issues.

    Have you revisited this at all since the change and if so it would be great to hear how (if) you got it working again?

    Thanks in advance

  23. Martin says:

    Hi Steve,

    I tried your updated code but get a “Failed to get access token!”.

    In order to try the sample I did the following:
    1. Created a new app (with redirect to
    2. Updated the following variables in the code: CLIENT_ID, CLIENT_SECRET, REDIR_URL, userName, pwd
    3. Build the project without errors and ran it from the command line

    Looking into the code, one of the things I noticed, is that in line 137, “qsCode” doesn’t have a “code” block.

    If you have the time, please advice…

    Cheers, Martin

  24. Sagi Levy says:

    Hi Steve,

    Thanks a lot, your solution gave me frame for my needs from Yammer, that are quite similar to yours.

    It took me some time to find a way to resolve the access-token after Yammer latest authentication changes.

    I tried to upload the code changes in the comment but the site does not allow it….

    If you like the fixes please send me mail to


  25. Saran says:

    Hi Steve, Thanks for your help us to envision the approach. I had tried the code and it is not working as expected. I am seeing Page not found exception (404) on MakePostRequest. Earlier I had configured the client application as mentioned with http://localhost.

  26. Saran says:

    Steve – Thanks for the wonderful post and guiding towards right direction!
    Sagi – Your code fix worked perfectly. Thanks for sharing the code!

  27. ansari says:

    Hi Steve!! Thanks a lot, for sharing such a good code, i had one question, when we are making a request for the first time from a new user, if return "Failed to get access token!", I added a debugger point on the code and found that, i get a blank data
    when the code run on the below code. //******************************************************************** //REMOVED 12/17/2013 TO REFLECT CHANGES YAMMER MADE IN AUTH PROCEDURE ////POST /
    HTTP/1.1 ////sample post body: ////authenticity_token=KBBgLyjZYGKzUs616hEV5BGqgX6N4D0ejJZ%2FG4zvDsI%3D&_method=post //postBody = "authenticity_token=" + preCodeToken + "&_method=post"; ////make the next post //postResults = MakePostRequest(postBody, authUrl2);
    //******************************************************************** I have uncommented this code, it return me with error saying page not found. on //postResults = MakePostRequest(postBody, authUrl2); What I think this is just a one time request which each
    user have to go, which provide allow/deny action for the app. Can you please help me in getting this code work.

  28. Anonymous says:

    I wrote this post a little while back here:

  29. Anonymous says:

    One of the things that isn’t particularly well known about the Yammer APIs is that its OAuth infrastructure

  30. Victor says:

    Struggling with this now for some time… What about if I have multiple networks ?
    If I use the process described at the
    I get only a token for the primary network, regardless of the app, the redirect or the various IDs. Any suggestions?

  31. Ashiq says:

    Hi Steve, I get a “Failed to get access token” exception. I followed your advise on creating Yammer APP. Could you please help. If I click “Allow” manually, after that it connects.


  32. Anonymous says:

    This post is in response to a question I get pretty frequently when talking about Yammer. The question

  33. developer says:

    Hi Steve,

    Thanks a lot for your great post. I am always getting The remote server returned an error: (400) Bad Request. from MakeGetRequest method. I have given the correct client id. Please guide me in fixing the issue. I am kind of stuck here. Its little urgent.

  34. Vlimo says:

    Hi Steve, I got this to work a couple of months ago but with the changes in the security mechanism of Yammer it does not seem to work anymore. The qscode variable does not seem to get filled in. Did it change again?

  35. Tim Laqua says:

    Hey, not sure if github does pingbacks – – thanks for your article!

  36. Anonymous says:

    One of the really hot topics cross our customers is the enterprise social and how to build real social

  37. siddharth Kumar says:

    Hi Steve

    Great Post – However looks like the flow is not working probably because of some yammer update. Any clues!!!!


  38. anonymous says:

    The SetCookies function doesn’t appear to be setting cookies correctly. It asserts the 2nd time called due to an apparent inconsistent cookies string.

    When this is first called:

    //make the first post for code
    postResults = MakePostRequest(postBody, authUrl1);

    it results in the following value for the string cookie:

    “yamtrak_id=5884a3b5-e8c5-4fcf-bc29-1362e7d0d3f0; path=/; expires=Tue, 28-Apr-2015 20:34:26 GMT; secure; HttpOnly,_workfeed_session_id=fcd86ff0b2abf68ea7652f39046e3194; path=/; secure; HttpOnly”

    However a few lines down when this is called:

    response = MakeGetRequest(permUrl, string.Empty, true);

    it results in the following value for the string cookie:

    “yamtrak_id=a12cf74e-51e1-4f2b-b45d-e3a9f237e26b; path=/; expires=Tue, 28-Apr-2015 20:54:43 GMT; secure; HttpOnly”

    You’ll get an exception since cEnd will be -1 the 2nd time through and all the string checking will fail.

    Does this sample work with apps that run within an internal network? I looked at the value of ‘response’ here:

    response = MakeGetRequest(permUrl, string.Empty, true);

    and in the html code it’s looking for a user name and password since the app is within our corporate network. Anyway to bypass this extra login?

  39. Kaviya says:

    Can we create a new group in yammer usign api?

  40. Anonymous says:

    Working with attachments to message postings in Yammer has been something that I’ve had a few questions

  41. vishnu says:

    hi Steve

    thanks for the code ., I tried running howeve getting the error
    Error in MakeGetRequest: Unable to connect to the remote server

    I have checked Step 3 change is done in code and its there
    . Is the code attached in this blog is updated or is there any change in yammer authenitcaion recently

    Your help is really appreciated

  42. sushil chauhan says:

    how can i post image on yammer wall. can anyone help me to sort it out..


  43. PR says:

    Hello Steve,

    I’m working on a migration product that migrates content in to yammer from other platforms. My application will be deployed to each individual clients on their premises. Given this background, I have a question about my application authenticating with yammer.

    Since Yammer uses OAUTH 2.0 authentication mechanism, I can think of two ways to authenticate with yammer

    (1) Develop and deploy a centralized REST Service that can be used to get access tokens that will be used by the application
    (2) Develop an authentication module within the application that programmatically authenticates with yammer.

    Since my application is an individualistic client deployment and not a centralized app, I decided to go with the second (Programmatic) authentication mechanism as elaborated your article . Is there any drawback to this way of authentication ?

  44. Ashwin Sudhini says:

    After getting the authenticityToken when the MakePostRequest(postBody,authUrl1) method is called, I am getting a 404 (unable to connect to the remote server).It is because of " wr.GetResponse()" unable to generate the response.I have tried number of ways
    like setting the wr.AutoRedirectUri = false and tried using authUrl2 as parameters to the MakePostRequest as well but none of them succeeded in getting the reponse.Please let me know if anything has been updated later in the code.

  45. Anonymous says:

    This is going to be a multi-part series to dissect and tear apart an application I tweeted about using

  46. Christian Bech says:

    Hi Steve, you code used to work great, but for some reason the post to /session, returns HTTP 404 both for the updated code here and the one you did with file upload. I can’t find the reason right now, since it works when doing the same post through a
    browser. Are you aware of any changes in the Yammer API, that is not documented.

  47. ASF says:

  48. heshan says:

    hi stevei i want to get notifications when some one use # xxx .can you help me with this

  49. heshan says:

    i am developing a app that send a specific message when some one hash tags me,what way i can do this

  50. Not getting Access Token says:

    Is it working for anyone? I tried to run it with Client_ID and CLient_Secret but not getting the access token back. It is failing at this line. No code in the query string. Can someone please point me in the right direction?

    if (qsCode.IndexOf("code") > -1)
    string accessCode = qsCode.Substring(qsCode.IndexOf("=") + 1);

    response = MakeGetRequest(accTokenUrl + accessCode);

    if (!string.IsNullOrEmpty(response))
    YammerAccessToken jat = YammerAccessToken.GetInstanceFromJson(response);

    if (!string.IsNullOrEmpty(jat.TokenResponse.Token))
    accessToken = jat.TokenResponse.Token;

  51. hyt says:

    Thanks for sharing. Do you have an example how to delete a yammer message from message file? Like the messages older than certain days?

  52. Manimaran says:

    Thanks u very much for this post Steve…..This post was very informative and appreciate your effort in shedding light into yammer integration…

    Here i integrated my application with yammer with help your post. but here i’m facing one problem like accessing the external network and posting messages to the group/external peoples.

    Kindly help me where i made the mistake.

    Thanks in advance.

  53. Anonymous says:

    Okay, I’m going to preface everything in this post by saying what I’m going to be describing