Skip to content

Yahoo OAuth2 Keys

Service Name: Yahoo

Service Description: Yahoo provides various web services including email, search, news, and more. OAuth2 keys are used to authenticate applications to access Yahoo's APIs and services on behalf of users.

Service Address: https://developer.yahoo.com/

Validation Type: API Auth

IP Allow list: Does not exist at the secret level, but can be configured at the application level in the Yahoo Developer Console.

Secret Access Scope: Grants programmatic access to Yahoo APIs and services based on the permissions requested during OAuth2 authorization.

Secret Revokement URL: https://developer.yahoo.com/apps/

Secret Example: Client ID: dj0yJmk9MDEzanlDMEpNYXlzJmQ9WVdrOVYwdFZSVkZHTXpZbWNHbzlNQT09JnM9Y29uc3VtZX JzZWNyZXQmc2N9MQ-- Client Secret: d6ea63702fe2a59778951b4440f6a2c0a46fb5c2

Suspicious Activity Investigation Instructions:

  • Review application logs for unusual API calls or access patterns
  • Check Yahoo Developer Console for unexpected changes to application settings
  • Monitor for unauthorized data access or actions performed on behalf of users
  • Review the OAuth2 scopes that have been granted to the application
  • Check for unexpected token refresh activities

Mitigation Instructions:

  • Log in to the Yahoo Developer Console at https://developer.yahoo.com/apps/

  • Locate the affected application

  • Generate new OAuth2 client credentials (this invalidates the old ones)
  • Update your application with the new credentials
  • Consider reducing the OAuth2 scopes to only what is necessary
  • Implement proper credential storage with encryption
  • Review and update your application's security practices