Generate OAuth Tokens (YDN)

Once you have the OAuth authentication credentials for your YDN app, your client application can request an access token and refresh token from the YDN authorization server.

In this procedure, you will generate two OAuth tokens: an access token and a refresh token.




A token that expires in one hour. Obtain a new token periodically to make API calls.


A persistant token. Use the same refresh token every time you make API calls.


This procedure assumes that you have obtained your YDN apps authentication credentials following the procedure described in authentication/enable-oauth.

The YDN OAuth 2.0 process generates three authentication credentials that you must have to generate OAuth tokens:

  • CLIENT_ID. The client ID is an OAuth 2.0 credential that uniquely identifies your app.

  • CLIENT_SECRET The client secret is an OAuth 2.0 credential that is known by both YDN and your app.

  • AUTHORIZATION_CODE The application access code is an OAuth 2.0 credential that the YDN console generated for your YDN app.

Step 1: Encode Client ID and Client Secret

Base64 encoding is a way of encoding binary data into text so that it can be easily transmitted across a network without error.

In this step, you will take the client ID and client secret that the YDN console generated for you and encode them using the base64 protocol. You can use an online encoding service like

No matter which service you use, ensure that no spaces are appended to the CLIENT_ID and CLIENT_SECRET keys and separate the CLIENT_ID and CLIENT_SECRET with a colon, i.e. CLIENT_ID:CLIENT_SECRET.

The generated value will now be referenced as ENCODED(CLIENT_ID:CLIENT_SECRET) in this guide.


Try to avoid using base64 and openssl command line tools.

Step 2: Generate Refresh & Access Tokens

In this step, you will generate an access token and refresh token for your YDN app using your OAuth credentials: client ID, client secret, and authorization code.

To generate OAuth tokens:

  1. Run the following cURL command in the Terminal.


curl "" \
   -X POST \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -H "Authorization: Basic <<ENCODED(CLIENT_ID:CLIENT_SECRET)>>" \
   -d 'grant_type=authorization_code&redirect_uri=oob&code=<<AUTHORIZATION_CODE>>'


There is a single space between Basic and ENCODED(CLIENT_ID:CLIENT_SECRET).


If the request is successful, the authorization code will no longer be valid due to security reasons. This means that the request can only be executed once. Please be sure to save the response. If you did not, you will have to create a new YDN app and redo the steps.

The YDN authorization server returns the JSON response. For example:

  1. Copy and save the refresh_token value.

    The refresh token value is constant and you will use it every time you generate a new access token.

Response Fields

A successful response contains the following fields:




The access token signed by Yahoo. Use this token to access Verizon Media DSP API. This token has a 1-hour lifetime.


Identifies the type of token returned. At this time, this field always has the value bearer.


The access token lifetime in seconds.


The refresh token that you can use to acquire a new access token after the current one expires. For details on how, see Refreshing an Access Token in RFC 6749.


The GUID of the Yahoo user.

You will use the access_token value to interface with the Verizon Media DSP API.