Using Impersonation with the Yammer APIs

One of the things that isn’t particularly well known about the Yammer APIs is that its OAuth infrastructure does support a form of impersonation (at least that’s how I describe it).  This can be extraordinarily useful when you need to access data on behalf of another user and do so within the constraints of the content they have rights to see, as well as to create content as if it was posted by them.  You’ll find a small amount of documentation about this on the Yammer developer site at http://developer.yammer.com/authentication near the bottom of the page.  In short, what you need in order to do this is a verified admin account, and then that account can get an access token on behalf of another user; all you need to know is that user’s Yammer ID.

I covered the details on getting an access token for an account in one of my initial posts on Yammer here: http://blogs.technet.com/b/speschka/archive/2013/10/05/using-the-yammer-api-in-a-net-client-application.aspx. This particular post also resulted in some problems for folks trying to obtain access tokens by programmatically going through the OAuth app trust process that a user would click through in a browser.  I further posted about some of the ramifications for doing this and suggested the preferred way of dealing with access tokens here: http://blogs.technet.com/b/speschka/archive/2014/02/06/some-more-advice-when-using-the-yammer-apis-with-net.aspx.  This post sort of ties the concepts in the previous two together in that a) it relies up on using a single service account to work with data in Yammer and b) it uses one of the built in Yammer features to obtain an impersonation access token.  So let’s take a look at this in a little more detail.

As I mentioned above, you’ll want to start by using a service account, and that service account needs to be an verified admin in your Yammer network.  Once you have created and configured the account, I recommend using the methods I described in my previous posts to manually obtain an access token for it.  Once you have that, the rest of the process is relatively straightforward.  Let’s suppose for the sake of illustration that you want to add a user to a Yammer group (not something we recommend doing by the way – we actually discourage it, but it’s a simple API so is good for demonstration purposes).  Assume the user has an ID of 150493 and we want to add him to a Yammer group with an ID of 123456.  At a high level we’re going to do this:

 

1)  Make a request to the tokens REST endpoint and pass to it the ID of the user you want to get an access token for, the client ID of your application, and the access token of your verified admin.

2) Take the JSON you get back and extract from it the access token for the user. 

3)  Make a POST request to the JSON endpoint to add the user to a group; send along the access token for the user that is being added.

 

See, not too bad.  Here’s what the code actually looks like, I’ll add a couple of comments below.

string tokenInfo = MakeGetRequest(“https://www.yammer.com/api/v1/oauth/tokens.json?user_id=150493&consumer_key=” + YOUR_CLIENT_ID, yourVerifiedAdminAccessToken);
List<YammerToken> tokens = JsonConvert.DeserializeObject<List<YammerToken>>(tokenInfo);

if (tokens.Count > 0)
{
     //success returns an empty string
     string addToGroupResponse = MakePostRequest(“”, “https://www.yammer.com/api/v1/group_memberships.json?group_id=123456&#8221;, tokens[0].AccessToken);
}

Now a couple of things for discussion.  First, this code uses the techniques that I describe in my original Yammer .NET post here: http://blogs.technet.com/b/speschka/archive/2013/10/05/using-the-yammer-api-in-a-net-client-application.aspx.  For example – how do you get the user ID for a person?  Well I describe some options in that first post; in this case I have a very small network so I had made a call to get all of the users in my network and then I found the one I wanted to use.  When you look at that post you’ll see that I serialize the data for users into an object that includes the ID so in my actual code I can just use something like YammerUser.UserID.

The next thing worth noting is that I’m again using the simplified methods I described in that post to work with the REST endpoints:  MakeGetRequest and MakePostRequest.  If you want more information on those then check out that first posting.  Finally, I used the same methodology I described in that original post to serialize the JSON data that I got from requesting the access token for the user into a .NET object.  That’s where the List<YammerToken> call came from.  This is a new call that I added serialization support for in this post so I’ve attached the class I used for serialization to this posting.

So, as you see, once you have the background and the code from the first Yammer .NET posting I did, the actual process for doing this kind of impersonation with the Yammer REST endpoints is pretty straightforward and easy.  From searching to retrieving content, having the ability to impersonate another user can be quite valuable when building your Yammer applications.

 

 

7 thoughts on “Using Impersonation with the Yammer APIs

  1. Can this be done in Javascript. I want certain user to join a group and would also like to remove them programmatically. As a group admin, can this be done using Yammer’s JS lib

    Like

  2. Thanks a lot for the response. Can you share the link where the code is hosted. I am getting a broken image and unable to access the link.

    Like

  3. Hey George, not sure what issue you’re seeing. I just tried clicking on both of the links you left in your comment above and it correctly redirected me to the new location on this blog where those articles are located.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s