Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Step by Step Guide to Delicious OAuth API

0.00/5 (No votes)
24 Apr 2010 1  
Learn how to use Delicious OAuth API in your .NET projects with an example

Introduction  

After merging with yahoo, Delicious's account registration is done using yahoo account. Moreover OAuth has been introduced for accessing Delicious's API. A guideline has been provided in Delicious's help page at  http://delicious.com/help/oauthapi describing the steps to use their API, but that is not so very illustrative. Also, no readily usable sample project or dll is available on the internet. So I have decided to write a sample application for accessing Delicious's OAuth API.  

What is OAuth? 

OAuth (Open Authorization) is an open protocol that allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their username and password.

OAuth allows users to hand out tokens instead of usernames and passwords to their data hosted by a given service provider like delicious, twitter, linkedin etc. 

Steps to call Delicious API

Following are the steps to make a successful API call to delicious using OAuth.

  1. Get an API key
  2. Get a Request Token
  3. Get user permission to access their data
  4. Get an Access Token
  5. Create the request for Delicious
    1. Building the “Base String”
    2. Generate the signature
    3. Make the request
  6. Refresh Access Token for future API calls without authorization

1. Get an API key   

To access any API using OAuth, a consumer/API Key and a consumer/API Secret Key are required. These can be obtained from Yahoo! Developer Network (YDN) API key form. Fill up this form appropriately and set the access scope eg to which of the yahoo owned site(s) you need API access.
Following two figures illustrates the steps to obtain OAuth access keys:

API key form page

Figure 1: API key form page   

API key confirmation page

Figure 2: API key confirmation page 

From this step you will get following key information:

  1. an Application Id
    aFWQnp1s
  2. an API Key (OAuth consumer key)
    ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6
  3. Shared/Consumer Secret
    1e782b9c13315e30d2fbac12348942cc9db674f2 

2. Get a Request Token

After getting the API keys, make a request to the YDN API at the following URL:

https://api.login.yahoo.com/oauth/v2/get_request_token

Include the following parameters:

Request Parameter Description
oauth_nonce A random string.
oauth_timestamp Current timestamp of the request. This value must be +/-600 seconds of the current time.
oauth_consumer_key Your consumer key.
oauth_signature_method The signature method that you use to sign the request. This can be plaintext or hmac-sha1.
oauth_signature Your shared secret.
oauth_version OAuth version (1.0)
xoauth_lang_pref (optional) The language preference of the User; the default value is en-us.
oauth_callback Your callback url as set up in the YDN process.

Your request should look something like the following:

https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_nonce=123456789&oauth_timestamp=1257965367&oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=plaintext&oauth_signature=1e782b9c13315e30d2fbac12348942cc9db674f2%26&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=http://mysite.com/callbackurl.aspx

Please note that you must include all the parameters specified above (except ‘xoauth_lang_pref’ which is optional) even though it might seem irrelevant in your case eg in desktop application ‘oauth_callback’ may not be required but still you need to put it in the request url.  ‘http://localhost/’ might be a sample value.

This should result in a response similar to:

oauth_token%3Drpfbncv%26oauth_token_secret%3D5f2e792b36c40edaf7bdd8fb10b6edd1fde87a52%26oauth_expires_in%3D3600%26xoauth_request_auth_url%3Dhttps%253A%252F%252Fapi.login.yahoo.com%252Foauth%252Fv2%252Frequest_auth%253Foauth_token%253Drpfbncv%26oauth_callback_confirmed%3Dtrue

which can be parsed to get:

  • oauth_token
  • oauth_token_secret
  • oauth_expires_in
  • xoauth_request_auth_url
  • oauth_callback_confirmed

3. Get user permission to access their data

To access any data form any of the user’s account, user’s explicit permission is required. To get this permission, we need to redirect the user to the url given in xoauth_request_auth_url with some additional parameters.

Your query parameters should be formed something like this:

<xoauth_request_auth_url>&oauth_nonce=<random string>&oauth_timestamp=<current timestamp>&oauth_consumer_key=<your consumer key>&oauth_signature_method=plaintext&oauth_signature=<your shared secret>&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=<your callback url>

Actual request URL would look like following:

https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=rpfbncv&oauth_nonce=123456800&oauth_timestamp=1257965400&oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=plaintext&oauth_signature=1e782b9c13315e30d2fbac12348942cc9db674f2%26&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=http://mysite.com/callbackurl.aspx

Visiting this URL, user can accept or deny permission to his/her private data. If user permits access to his/her account, an email will be sent to his/her mail account with a link to revoke permission (if required).

4. Get an Access Token

Once the user has given permission for your app to access their data, all callback will be made back to your application in the following format:

<your callback url>?oauth_token=<request token>&oauth_verifier=<verifier>
eg
http://mysite.com/callbackurl.aspx?oauth_token=rpfbncv&oauth_verifier=burykq

Using the oauth_verifier parameter from above, and the oauth_token and oauth_token_secret (obtained in Step 2), request an access token, like this:

https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=<your consumer key>&oauth_signature_method=plaintext&oauth_version=1.0&oauth_verifier=<oauth_verifier>&oauth_token=<request_token>&oauth_nonce=<random string>&oauth_timestamp=<current timestamp>&oauth_signature=<your consumer secret>%26<request token secret>

eg

https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=PLAINTEXT&oauth_version=1.0&oauth_verifier=burykq&oauth_token=rpfbncv&oauth_nonce=987654321&oauth_timestamp=1257965412&oauth_signature=1e782b9c13315e30d2fbac12348942cc9db674f2%266a72597fdc62131f7167be3f9b4f31e955244bee

The response to this request should be an access token string, something like:

oauth_token=A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--&oauth_token_secret=6a72597fdc62131f7167be3f9b4f31e955244bee&oauth_expires_in=3600&oauth_session_handle=AMCJ2ErlG6YUqJHjxodfAPUCkzzz40sQGTA7LLwgZ1WLBVxZ3wosI_Y-&oauth_authorization_expires_in=889514663&xoauth_yahoo_guid=X2OMIMDRXITPDF7UFO5QGPYSZY

From which you can extract:

  • oauth_token
  • oauth_token_secret
  • oauth_expires_in
  • oauth_session_handle
  • oauth_authorization_expires_in
  • xoauth_yahoo_guid

5. Create the request for Delicious

Calling the Delicious API is performed in three steps:

  1. Building the “Base String”
  2. Generate the signature
  3. Make the delicious API call

a. Building the “Base String”

At his point, we have all the necessary information to call the delicious API. But building the request with required parameters is really tricky and 90% of the developers got stuck here. So carefully follow each word of the instructions written below.

Suppose we need to call API http://api.del.icio.us/v2/posts/suggest to get suggestions for http://www.yahoo.com/ eg the full request url is http://api.del.icio.us/v2/posts/suggest?url=http://www.yahoo.com/.

At frist, build a base string as instructed below:

  1. Take all the request parameters that you want to send to the API. In our case, this will be:
    • the url
    • oauth_consumer_key
    • oauth_nonce
    • oauth_signature_method
    • oauth_timestamp
    • oauth_token
    • oauth_version

    Then sort these parameters alphabetically, url encode each of the values and build a string of the format:

    <param1>=<value1>&<param2=<value2>&...&<paramN>=<valueN>
    eg
    oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_nonce=613149020&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1257971461&oauth_token=A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--&oauth_version=1.0&url=http%3A%2F%2Fwww.yahoo.com%2F

  2. Combine the request parameters with the HTTP Method being used (usually GET or POST), and the API url:<method>&<api url>&<request parameters>

    Note: the <api url> and the <request parameters> must be url encoded. Though we url encoded all the parameter values separately in the last step, we need to url encode them combining the key/value pairs.


    eg

    GET&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fsuggest&oauth_consumer_key%3Def1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6%26oauth_nonce%3D613149020%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1257971461%26oauth_token%3DA%253DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fwww.yahoo.com%252F

Note: Here always the confusion arises which parameters to include in the base string and which not. Actually you need to include all the parameters both oauth’s ones (like oauth_consumer_key,  oauth_token etc.) and requested API’s ones (url for this example). If API url contains no parameter (eg http://api.del.icio.us/v2/posts/) then only oauth’s parameters will do and if  the API url (eg http://api.del.icio.us/v2/posts/get?tag=programming&dt=2010-04-10T15:10:56Z) contains more parameters (eg tag and dt in this case) these also need to be included in the base string. FYI – date parameter’s (eg dt) value must be universal time and should be formatted as yyyy-MM-ddTHH:mm:ssZ.

b. Generate the signature

This step is very critical and prone to make more mistakes. Anyway, in this step you need to create a signature using HMAC-SHA1 signature algorithm.

In PHP you can build this signature very easily as code shown below:

<?php $signature = base64_encode(hash_hmac(‘sha1', <base string>, <shared secret>.’&’.<access token secret>, true)); ?>

eg

<?php $signature = base64_encode(hash_hmac('sha1', GET&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fsuggest&oauth_consumer_key%3Def1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6%26oauth_nonce%3D613149020%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1257971461%26oauth_token%3DA%253DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fwww.yahoo.com%252F, 1e782b9c13315e30d2fbac12348942cc9db674f2.'&'.6a72597fdc62131f7167be3f9b4f31e955244bee, true)); ?>
 

This will result in the following string:
QAnF8ETJ0znTvcxBEb+MJoFicmQ=

In C#, you can also achieve this as code shown below:

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(), UrlEncode()));
string signature = Convert.ToBase64String(hashAlgorithm.ComputeHash(System.Text.Encoding.ASCII.GetBytes(data)));

Using c#, here you cannot directly use HttpUtility.UrlEncode() function as it encodes special characters like “/,\,:” etc. to lower case format like “%2f,%5c,%3a” whereas OAuth expects url encoding in upper case format like “%2F,%5C,%3A”. This issue needs to be considered while URL encoding.

c. Make the delicious API call

Finally, we are at the point of making a request to Delicious.

First, we need to create an Authorization Header to send in the request. To do this, take the parameters we used to generate the Base String, remove any parameters that were part of the actual API request (in our case “url”), and then ADD the signature we just generated in Stage 5b as an oauth_signature parameter. All parameters are then joined together in a comma separated string:

eg

Authorization: OAuth realm="yahooapis.com",oauth_consumer_key="ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6",oauth_nonce="613149020",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1257971461",oauth_token="A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--",oauth_version="1.0",oauth_signature="QAnF8ETJ0znTvcxBEb%2BMJoFicmQ%3D"

In c# we can add the header in the web request object as the code follows:

webRequest.Headers.Add("Authorization", "OAuth realm=\"yahooapis.com\",oauth_consumer_key=\"ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6\",oauth_nonce=\"613149020\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1257971461\",oauth_token=\"A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--\",oauth_version=\"1.0\",oauth_signature=\"QAnF8ETJ0znTvcxBEb%2BMJoFicmQ%3D\"");

We then add this header to our request that we are making for http://api.del.icio.us/v2/posts/suggest?url=http://www.yahoo.com/ and should get the expected response.

6. Refresh Access Token for future API calls without authorization

The access token obtained in step 4 remains valid for only 1 hour. So what happens after that period? Do you want to get authorization (by putting yahoo user id and password) again and again? What if you are writing a console application that will send updates of a delicious account to the subscribers at a regular interval? Well, don’t panic. A very feasible way is there.
You need to refresh the access token (using the expired token) to make subsiquent API calls.

The request url will look something like:

https://api.login.yahoo.com/oauth/v2/get_token?oauth_nonce=3423rw3d&oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=plaintext&oauth_signature=55d4cf6bf417023ce5dcc3b77132fb021cd13b21abcdef%264asf4rklwefsadlkfs325fasfdsdwfr3osferw3f&oauth_version=1.0&oauth_token=A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--&oauth_timestamp=1204762971&oauth_session_handle=ALKVBsl8DHR1rsAHSwTmAxYIsIGs3l31syRaA_aaF.RDs.MknmVM4P

All the request parameters are described below:

Request Parameter Description
oauth_nonce A random string
oauth_consumer_key Consumer Key provided to you when you sign up on the registration
page.
oauth_signature_method The signature method that you use to sign the request. This can be PLAINTEXT
or HMAC-SHA1.
oauth_signature The concatenated Shared Secret (Consumer Secret) and Token Secret separated by
an “&” character.
oauth_timestamp Current timestamp of the request. This value
must be +-600 seconds of the current time.
oauth_version OAuth version (1.0).
oauth_token The expired Access Token.
oauth_session_handle The persistent credential used by Yahoo! to identify the Consumer after a
User has authorized access to private data. Include this credential in your request
to refresh the Access Token once it expires.

Conclusion

Delicious API will return all the results in xml format. You need to format it as per your requirement. Hope this will help.

(In this article I mainly followed and used some texts and code samples from http://delicious.com/help/oauthapi, Delicious.Net and LinkedinOauth).

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here