Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Python API wrapper for the Yahoo Fantasy Sports public API
Author: Wren J. R. (uberfastman)
Do you like the YFPY API wrapper? Star the repository on GitHub and please consider helping support its ongoing development:
Cryptocurrency | Address |
---|---|
Bitcoin (BTC) | bc1qataspvklhewtswm357m0677q4raag5new2xt3e |
Ethereum (ETH) | 0x5eAa522e66a90577D49e9E72f253EC952CDB4059 |
READ THE DOCS HERE!
Detailed documentation on YFPY can be found at https://yfpy.uberfastman.com.
YFPY is a comprehensive wrapper around the Yahoo Fantasy Sports API. It allows for easy retrieval and parsing of almost any data you might wish to extract and use from any Yahoo fantasy league to which your Yahoo account has access (or for public leagues). The primary focus of this wrapper is on fantasy football (NFL), but it also supports usage with fantasy hockey (NHL), fantasy baseball (MLB), and fantasy basketball (NBA).
If you wish to use YFPY within another project, from within your project directory, run
pip install yfpy
or add yfpy
to your project requirements.txt
.
git clone git@github.com:uberfastman/yfpy.git
In order to use YFPY with private fantasy leagues, you must set up an app on your Yahoo account to allow access. Follow the step-by-step guide below for instructions on how to do so, or see Getting Started in the Yahoo Developer Network docs for more details.
Note: If you are only planning on using YFPY to pull "read only" data from public leagues, you do not need to do this.
Application Name
(Required): yfpy
(you can name your app whatever you want, but this is just an example).Application Type
(Required): select the Installed Application
radio button.Description
(Optional): you may write a short description of what the app does.Home Page URL
(Optional): if you have a web address related to your app you may add it here.Redirect URI(s)
(Required): this field must contain a valid redirect address, so you can use https://localhost:8080
API Permissions
(Required): check the Fantasy Sports
checkbox. You can leave the Read
option selected (appears in an accordion expansion underneath the Fantasy Sports
checkbox once you select it).Create App
button.Client ID
and a Client Secret
.Client ID
and Client Secret
and proceed with the steps in Environment Variables or Programmatic Persistent Authentication.YFPY now supports the usage of environment variables, either directly within the command line or using a .env
file. Any environment variables exported to the same shell in which YFPY runs will automatically be read when a YahooFantasySportsQuery
object is instantiated when env_var_fallback=True
(default).
.env
file, you can set up a .env
file by making a copy of .env.template
in the root project directory and renaming it .env
(you can do this in the command line by running cp .env.template .env
).Client ID
and Client Secret
retrieved by following the steps in Yahoo Developer Network App into their respective environment variables in your .env
file:YAHOO_CONSUMER_KEY=<YAHOO_DEVELOPER_APP_CONSUMER_KEY_STRING>
YAHOO_CONSUMER_SECRET=<YAHOO_DEVELOPER_APP_CONSUMER_SECRET_STRING>
Note: You can disable the fallback to environment variables behavior during instantiation of a YFPY query by passing the argument env_var_fallback=False
to the object:
from yfpy.query import YahooFantasySportsQuery
query = YahooFantasySportsQuery(
league_id="<YAHOO_LEAGUE_ID>",
game_code="nfl",
game_id=449,
yahoo_consumer_key="<YAHOO_CONSUMER_KEY>",
yahoo_consumer_secret="<YAHOO_CONSUMER_SECRET>",
env_var_fallback=False
)
Note: If you are running YFPY in Docker, instead of opening a new browser window, YFPY will output a URL to the command line, which you must then copy to a browser window in order to log in to your Yahoo account, allow access to your app, and retrieve the required verification code.
YFPY supports programmatic authentication using yahoo_consumer_key
and yahoo_consumer_secret
arguments when instantiating a YahooFantasySportsQuery
object. Additionally, you can pass in either a valid JSON string or a Python dictionary to yahoo_access_token_json
containing all required fields of a Yahoo access token.
yahoo_consumer_key
and yahoo_consumer_secret
overrides any values provided in a .env
file.yahoo_access_token_json
overrides yahoo_consumer_key
/yahoo_consumer_secret
values and any values provided in a .env
file for Yahoo access token individual fields.
yahoo_access_token_json
are the following:
access_token
consumer_key
consumer_secret
guid
refresh_token
token_time
token_type
consumer_key
and consumer_secret
fields in yahoo_access_token_json
override any values provided in yahoo_consumer_key
/yahoo_consumer_secret
.Example of Using yahoo_access_token_json
:
from yfpy.query import YahooFantasySportsQuery
query = YahooFantasySportsQuery(
league_id="<YAHOO_LEAGUE_ID>",
game_code="nfl",
game_id=449,
yahoo_access_token_json={
"access_token": "<YAHOO_ACCESS_TOKEN>",
"consumer_key": "<YAHOO_CONSUMER_KEY>",
"consumer_secret": "<YAHOO_CONSUMER_SECRET>",
"guid": "<YAHOO_TOKEN_GUID>",
"refresh_token": "<YAHOO_REFRESH_TOKEN>",
"token_time": 1234567890.123456,
"token_type": "bearer"
}
)
save_token_data_to_env_file=True
, which will write all required Yahoo access token fields an .env
file located in the provided env_file_location
directory..env
file to authenticate your app.Note: You MUST provide a value for env_file_location
or else NO Yahoo access token data will be saved!
YAHOO_ACCESS_TOKEN_JSON
. This environment variable is only used if env_var_fallback=True
(default) when instantiating a YFPY query."
) by invoking YahooFantasySportsQuery.save_access_token_data_to_env_file
with save_json_to_var_only=True
(instead of saving the Yahoo access token fields to individual environment variables as described in Persistent Authentication Using Access Token Fields) like below:from pathlib import Path
from yfpy.query import YahooFantasySportsQuery
query = YahooFantasySportsQuery(
league_id="<YAHOO_LEAGUE_ID>",
game_code="nfl",
game_id=449,
yahoo_consumer_key="<YAHOO_CONSUMER_KEY>",
yahoo_consumer_secret="<YAHOO_CONSUMER_SECRET>",
env_file_location=Path(".env")
)
query.save_access_token_data_to_env_file(
env_file_location=Path(".env"),
save_json_to_var_only=True
)
yfpy.query.YahooFantasySportsQuery
class for example usage of all available queries.quickstart/quickstart.py
for example usage output.
RUN QUERIES
section you wish to run.CHECK FOR MISSING DATA FIELDS
section you wish to check for any new/missing data fields returned by the Yahoo Sports Fantasy Football API.YFPY can be used within Docker for a more seamless, platform-agnostic experience.
docker compose up
docker exec -it yfpy-package-1 bash
Then:
python quickstart/quickstart.py
docker exec -i yfpy-package-1 bash -c "python quickstart/quickstart.py"
docker compose -f compose.yaml -f compose.dev.yaml up
See DEPLOYMENT.md for Docker image deployment.
YFPY has a collection of fully functional code snippets that can be run using pytest. These snippets demonstrate how to use YFPY to retrieve your Yahoo Fantasy Sports data.
test/unit
directory for example code snippets using pytest.test/integration
directory for example code snippets using pytest.auth/.env.template
in the auth/
directory and rename it to .env
.Client ID
and Client Secret
into the environment variables in .env
so that pytest can use them when hitting the Yahoo Fantasy Sports API.-s
flag.test/integration/conftest.py
are defined in quickstart/quickstart.py
, and can be changed for testing by uncommenting/commenting out the values inside each respective function.pytest -v -s
pytest -v -s -m unit
pytest -v -s -m integration
YFPY has only been tested extensively on macOS, but is written to be platform-agnostic, and seems to work without issue on Windows and Linux.
YFPY requires Python 3.10 or later, and has been tested through Python 3.12.
Direct project dependencies can be viewed in requirements.txt
, and additional development and build dependencies (not including transitive dependencies) can be viewed in requirements-dev.txt
.
Occasionally when you use the Yahoo Fantasy Sports API, there are hangups on the other end that can cause data not to transmit, and you might encounter an error similar to this:
Traceback (most recent call last):
File "yfpy-app.py", line 114, in <module>
var = app.run()
File "/Users/your_username/PATH/T0/LOCAL/PROJECT/yfpy-app.py", line 429, in run
for team in team_standings:
IndexError: list index out of range
Typically, when the above error (or a similar error) occurs, it simply means that one of the Yahoo Fantasy Sports API calls failed and so no data was retrieved. This can be fixed by simply re-running data query.
FAQs
Python API wrapper for the Yahoo Fantasy Sports public API.
We found that yfpy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.