These are my notes from the session Building a Participation Platform: Yahoo! Web Services Past, Present, and Future by Jeffrey McManus

This was a talk about the Yahoo! Developer Network. Over the past year, Yahoo's efforts to harness the creativity of the developer community has lead to the creation of healthy developer ecosystem with tens of thousands of developers in it. They've built their ecosystem by providing web APIs, technical support for developers and diseminating information to the developer community via Over the past year they have released a wide variety of APIs for search, travel and mapping (AJAX, Flash and REST-based). They have also provided language specific support for JavaScript and PHP developers by offering custom libraries (JavaScript APIs for cross-browser AJAX, drag & drop, eventing and more) as well as output formats other than XML for their services (JSON and serialized PHP). They plan to provide specific support for other languages including Flash, VB.NET and C#.

The Yahoo! APIs are available for both commercial and non-commercial use. Jeffrey McManus then showed demos of various Yahoo! Maps applications from hobbyist developers and businesses.

Providing APIs to their services fits in with Yahoo!'s plan to enable users to Find, Use, Share and Expand all knowledge. Their APIs will form the basis of a 'participation platform' by allowing users to interact with Yahoo!'s services on their own terms. They then announced a number of new API offerings

  • Browser-based authentication: This is a mechanism to allow mashups to authenticate a Yahoo! user then call APIs on the user's behalf without having the mashup author store the username and password. Whenever the mashup wants to authenticate the user, they redirect the user to a Yahoo! login page and once the user signs in they are redirected back to the mashup page with a token in the HTTP header that the mashup can use for authentication when making API calls. This is pretty much how Microsoft Passport works. I pointed this out to Jeffrey McManus but he disagreed, I assume this is because he didn't realize the technical details of Passort authentication. . The application is given permission to act on behalf of the user for two weeks at a time after which the user has to sign-in again. The user can also choose to withdraw permission from an application as well.
  • Yahoo! Shopping API v2.0: This API will allow people to make narrow searches such as "Find X in size 9 men's shoes". Currently the API doesn't let you get as granular as Shoes->Men's Shoes->Size 9. There will also be an affiliate program for the Yahoo! Shopping API so people who drive purchases via the API can get money for it.

  • My Web API: This is an API for the Yahoo!'s bookmarking service called MyWeb.

  • Yahoo! Photos API: This will be a read/write API for the world's most popular photo sharing site.

  • Yahoo! Calendar API: A read/write API for interacting with a user's calendar

Most of the announced APIs will be released shortly and will be dependent on the browser-based authentication mechanism. This means they will not be able to be called by applications that aren't Web-based.

In addition, they announced which aims to be a unified gallery to showcase applications built with Yahoo! APIs but focused at end users instead of developers.

.Jeffrey McManus then went on to note that APIs are important to Yahoo! and may explain why a lot of the startups they've bought recently such as,, Flickr, Dialpad, Upcoming and Konfabulator all have APIs.

As usual, I'm impressed by Yahoo!


Categories: Trip Report
Tracked by:
"Calendar APIs Will Be The New Hotness" (Dare Obasanjo aka Carnage4Life) [Trackback] [Pingback]
"Authentication and Web APIs" (Dare Obasanjo aka Carnage4Life) [Trackback] [Pingback]
"Yahoo Launches Browser Based Authentication (BBAuth)" (Dare Obasanjo aka Carnag... [Trackback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback] [Pingback]

Wednesday, March 8, 2006 7:33:19 PM (GMT Standard Time, UTC+00:00)
Browser-based authentication: I agree with your comments regarding the similarities with Passport. I wonder whether Yahoo faces the possibility of push back in terms of mashup developers yielding ownership of the customer data to Yahoo (in the same way that Hailstorm did)?
Wednesday, March 8, 2006 8:42:00 PM (GMT Standard Time, UTC+00:00)
Great summary. Thanks a lot for sharing. Were there any comments about how Yahoo will integrate the APIs from companies they acquire, like and Flickr?
Wednesday, March 8, 2006 10:27:38 PM (GMT Standard Time, UTC+00:00)
>>As usual, I'm impressed by Yahoo!

agreed, they appear to have a good handle on technology evangelism for the web, and how to take existing properties and open them up to the developer community via APIs & tech marketing / education.

interesting to compare them to Google -- pretty stark contrast there. although i think Google does some great products, i don't see the same level of attention / dedication to product marketing & community evangelism.

microsoft seems to do a decent job on this point, although i wonder if the historical toes to the pc platform perhaps conflict a bit with the web-based platform goals.

in any case, good to have all 3 companies (& others) compete for platform featureset.

- dave mcclure
Thursday, March 9, 2006 4:19:38 AM (GMT Standard Time, UTC+00:00)
I think Jeffrey's point was that Y! Auth is not a single-sign-on service but merely a browser-based way to authenticate to Yahoo and activate web services.

I'd also argue that Passport represents the classic Microsoft blunder in being extremely inaccessible and requiring a fancy SDK to implement.
Saturday, May 27, 2006 6:34:03 PM (GMT Daylight Time, UTC+01:00)
Dare, I don't have much information on Yahoo's authorization system yet (do you have any pointers to share?), but from what I've seen so far it sounds different from Passport.

It looks like Yahoo issues authorization tokens that are unique to the service, user and client. The key point here is authorization, not authentication.
The client may be a third party domain/site, or could be a desktop application.
See this link for a scenario integrating a desktop app with Flickr using this system:

In terms of third party code integrating with Yahoo's services (mashups and such), this is a very important security and privacy feature.
It means that because the user is logged into Flickr doesn't mean that the third party code can simply take advantage of the users cookies to access the user's private data. The third party tool first needs to get an authorization token, which proves consent from the user, even if the user is already authenticated.
Comments are closed.