Yammer API with AAD tokens Postman Collection

October 14, 2019

The original article is published on the Microsoft Tech Community Yammer Blog.

We’re excited to inform that all Yammer v1 APIs now support the usage of Azure Active Directory (AAD) tokens. This is a critical step in Yammer’s authentication journey across web, mobile and platform to fully use AAD tokens instead of the Yammer OAuth token.

In this blog, we’d like to share steps for creating an AAD app, and visualizing Yammer API responses via the Postman client with AAD tokens.

Download the Postman Collection here.

1. Register a new app in Azure Active Directory

Go to https://portal.azure.com and register a new application.

1.pngRegistering an app in AAD

2. Get app registration details

Copy the Client ID and Secret, and set the Redirect URI to https://www.getpostman.com/oauth2/callback

2.pngApp registration details

3. Endpoints

Copy the OAuth 2.0 endpoints from the Azure portal to input into Postman

3.pngOAuth 2.0 endpoints for Postman

4. Request Yammer API permissions

Choose Yammer from the list of API permissions

4.pngRequest API permissions

6. Enable Delegated permissions

Choose Delegated permissions and user_impersonation. Application permissions are currently not supported and we’re planning on addressing that limitation.

5.pngDelegated permissions

7. Yammer permission is added

Yammer is added with a user_impersonation scope

6.pngDelegated permissions

8. Generate a new client secret

Generate a new client secret and choose to refresh the secret every year, every two years, or never

7.pngApp secret

9. Get Postman ready

Import the Yammer API collection into Postman

8.pngImport API collection into Postman

10. Enter Azure Active Directory Token details

Get the details from the Application Overview page for your app and endpoints and input into Postman and request token. Here's the fields:

Callback URL: https://www.getpostman.com/oauth2/callback

Auth URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize

Access Token URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/token

Client ID: Your Client ID

Secret: Secret that was generated in step 8

Scope: https://api.yammer.com/user_impersonation

9.pngGetting AAD Access token

11. Consent permissions

Consent permissions on behalf of your organization

007.pngAuthorize permission

12. Generate AAD Token

Generate and use your new AAD token. Token lifetime is 60 minutes.

3.pngGet AAD access token

13. Set variables in Postman

So you don't have to repeat typing, set a variable with the Yammer API URI prefix. Set yamURI to https://www.yammer.com/api/v1/

4.pngSet API variable

14. Select update and you are ready

Postman is now ready to make requests to Yammer API endpoints using Azure Active Directory tokens.

As Yammer integrates further into Microsoft 365, we’re excited for additional platform opportunities through the Azure Active Directory – this is just the beginning. We’re interested in all your feedback so be sure to comment on this blog or join us on the first Wednesday of every month in the Monthly Yammer Platform and API Office Hours.

Discuss this article in the Microsoft Technical Community.