Share via


Using Impersonation with the Yammer APIs

One of the things that isn't particularly well known about the Yammer APIs is that its OAuth infrastructure does support a form of impersonation (at least that's how I describe it). This can be extraordinarily useful when you need to access data on behalf of another user and do so within the constraints of the content they have rights to see, as well as to create content as if it was posted by them. You'll find a small amount of documentation about this on the Yammer developer site at https://developer.yammer.com/authentication near the bottom of the page. In short, what you need in order to do this is a verified admin account, and then that account can get an access token on behalf of another user; all you need to know is that user's Yammer ID.

I covered the details on getting an access token for an account in one of my initial posts on Yammer here: https://blogs.technet.com/b/speschka/archive/2013/10/05/using-the-yammer-api-in-a-net-client-application.aspx. This particular post also resulted in some problems for folks trying to obtain access tokens by programmatically going through the OAuth app trust process that a user would click through in a browser. I further posted about some of the ramifications for doing this and suggested the preferred way of dealing with access tokens here: https://blogs.technet.com/b/speschka/archive/2014/02/06/some-more-advice-when-using-the-yammer-apis-with-net.aspx. This post sort of ties the concepts in the previous two together in that a) it relies up on using a single service account to work with data in Yammer and b) it uses one of the built in Yammer features to obtain an impersonation access token. So let's take a look at this in a little more detail.

As I mentioned above, you'll want to start by using a service account, and that service account needs to be an verified admin in your Yammer network. Once you have created and configured the account, I recommend using the methods I described in my previous posts to manually obtain an access token for it. Once you have that, the rest of the process is relatively straightforward. Let's suppose for the sake of illustration that you want to add a user to a Yammer group (not something we recommend doing by the way - we actually discourage it, but it's a simple API so is good for demonstration purposes). Assume the user has an ID of 150493 and we want to add him to a Yammer group with an ID of 123456. At a high level we're going to do this:

 

1) Make a request to the tokens REST endpoint and pass to it the ID of the user you want to get an access token for, the client ID of your application, and the access token of your verified admin.

2) Take the JSON you get back and extract from it the access token for the user. 

3) Make a POST request to the JSON endpoint to add the user to a group; send along the access token for the user that is being added.

 

See, not too bad. Here's what the code actually looks like, I'll add a couple of comments below.

string tokenInfo = MakeGetRequest("https://www.yammer.com/api/v1/oauth/tokens.json?user_id=150493&consumer_key=" + YOUR_CLIENT_ID, yourVerifiedAdminAccessToken);
List<YammerToken> tokens = JsonConvert.DeserializeObject<List<YammerToken>>(tokenInfo);

if (tokens.Count > 0)
{
     //success returns an empty string
     string addToGroupResponse = MakePostRequest("", "https://www.yammer.com/api/v1/group_memberships.json?group_id=123456", tokens[0].AccessToken);
}

Now a couple of things for discussion. First, this code uses the techniques that I describe in my original Yammer .NET post here: https://blogs.technet.com/b/speschka/archive/2013/10/05/using-the-yammer-api-in-a-net-client-application.aspx. For example - how do you get the user ID for a person? Well I describe some options in that first post; in this case I have a very small network so I had made a call to get all of the users in my network and then I found the one I wanted to use. When you look at that post you'll see that I serialize the data for users into an object that includes the ID so in my actual code I can just use something like YammerUser.UserID.

The next thing worth noting is that I'm again using the simplified methods I described in that post to work with the REST endpoints: MakeGetRequest and MakePostRequest. If you want more information on those then check out that first posting. Finally, I used the same methodology I described in that original post to serialize the JSON data that I got from requesting the access token for the user into a .NET object. That's where the List<YammerToken> call came from. This is a new call that I added serialization support for in this post so I've attached the class I used for serialization to this posting.

So, as you see, once you have the background and the code from the first Yammer .NET posting I did, the actual process for doing this kind of impersonation with the Yammer REST endpoints is pretty straightforward and easy. From searching to retrieving content, having the ability to impersonate another user can be quite valuable when building your Yammer applications.

 

 

YammerImpersonate.txt

Comments

  • Anonymous
    January 01, 2003
    thanks
  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    February 18, 2014
    Great article and we had used this technique to build a migration tool, which convert SharePoint discussion to Yammer thread.
  • Anonymous
    August 26, 2014
    Thanks for the article steve !!!
  • Anonymous
    September 18, 2014
    The comment has been removed
  • Anonymous
    December 03, 2014
    I have a use case wherein we want Yammer users to post conversations and comments anonymously. This feature is not available in Yammer. Suppose I use impersonation, will I be able to develop an App to do this? Once a user is impersonated and his/her message gets posted, will the message appear under the name of service account?
  • Anonymous
    January 08, 2015
    m88 : http://m88en.com
    M88.com offer online sports games Asia, Sports Betting Asia, Sports Betting Sites Asia.
    m88asia : http://m88en.net
    Link to M88BET phone: m88en.com. – Register and Open Betting Account and Membership M88BET.
    m88bet : http://www.linkm88vip.com
    MANSION88 the house is one of the largest and most prestigious. Appeared quite early in the Asian market, the so-MANSION88 currently attracts more players.
    link m88 : http://m88wiki.com
    Home the M88 is the official sponsor of the football club in the Premier League
    Wish you happy with the new M88
    m88 casino online : http://m88free.com

    Modern Thai restaurant combines outstanding traditional cuisine and a subtle modern decor with a warm welcoming ambience. Thai Restaurants in Brisbane :http://www.watersidethainoodles.com.au , traveller reviews of Brisbane Thai restaurants and search by price, location, and more..