Microsoft Yammer · OAuth Scopes

Microsoft Yammer OAuth Scopes

OAuth 2.0 searched

Microsoft Yammer publishes 2 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Microsoft Yammer API on a user’s behalf.

Tokens are issued from https://www.yammer.com/oauth2/access_token.json.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Enterprise SocialMicrosoftSocial NetworkingViva EngageYammer
Scopes: 2 Flows: authorizationCode Method: searched

OAuth endpoints

Authorization URL
https://www.yammer.com/dialog/oauth
Token URL
https://www.yammer.com/oauth2/access_token.json
Flows
authorizationCode

Scopes (2)

ScopeDescriptionFlows
access_as_user Delegated Entra permission for the Yammer API; allows the application to read and write to the Viva Engage (Yammer) platform on behalf of the signed-in user. The permission Microsoft's app-registration guide says to select for Entra applications calling the legacy Yammer REST APIs.
user_impersonation Delegated Entra permission for the Yammer API used with AAD/Entra tokens; allows the application to access the Yammer platform as the signed-in user (used by the Yammer-API-with-AAD-tokens flow, requested as https://api.yammer.com/user_impersonation).

Source

OAuth Scopes

microsoft-yammer-scopes.yml Raw ↑
generated: '2026-07-11'
method: searched
source: openapi/microsoft-yammer-openapi.yml
docs: https://learn.microsoft.com/en-us/rest/api/yammer/app-registration
note: Legacy Yammer OAuth 2.0 tokens carry no granular scopes (a token grants full
  access as the authorizing user), and legacy app registrations are restricted as
  of July 1, 2025. Microsoft now directs developers to Entra applications, where
  the Yammer API exposes delegated permissions only — no application permissions
  are supported (https://learn.microsoft.com/en-us/rest/api/yammer/app-registration).
schemes:
- name: OAuth2
  source: openapi/microsoft-yammer-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://www.yammer.com/dialog/oauth
    tokenUrl: https://www.yammer.com/oauth2/access_token.json
  description: Yammer OAuth 2.0 legacy tokens or Microsoft Entra tokens. Delegated access only.
scopes:
- scope: access_as_user
  description: Delegated Entra permission for the Yammer API; allows the application
    to read and write to the Viva Engage (Yammer) platform on behalf of the signed-in
    user. The permission Microsoft's app-registration guide says to select for Entra
    applications calling the legacy Yammer REST APIs.
  sources:
  - https://learn.microsoft.com/en-us/rest/api/yammer/app-registration
- scope: user_impersonation
  description: Delegated Entra permission for the Yammer API used with AAD/Entra
    tokens; allows the application to access the Yammer platform as the signed-in
    user (used by the Yammer-API-with-AAD-tokens flow, requested as
    https://api.yammer.com/user_impersonation).
  sources:
  - https://techcommunity.microsoft.com/blog/viva_engage_blog/yammer-api-with-aad-tokens-postman-collection/857923