Complete setup using the verification code Yahoo displayed after the user approved access. Optionally also accepts clientId/clientSecret. On success it lists the user's leagues and sets a default automatically when there is only one.
AI agents use fantasy_authorize to create or update resources in Yahoo Fantasy Baseball — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Yahoo Fantasy Baseball environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
code | string | — | The verification code from Yahoo — leave blank if you clicked the authorization link (the code is captured automatically) |
clientId | string | — | Yahoo Client ID, if not already saved |
clientSecret | string | — | Yahoo Client Secret, if not already saved |
Parameters from the server's own tool schema.
This tool completes an OAuth authorization flow, storing credentials/tokens and establishing a session. It writes authentication state (tokens, session data) to the system. It is not purely reading data, nor is it destructive or financial. The blast radius is medium — a misuse could allow unauthorized access to a user's Yahoo Fantasy account.
From the tool's definition Complete setup using the verification code Yahoo displayed after the user approved access. Optionally also accepts clientId/clientSecret.
Risk signalsAccepts freeform code/query input (code)
Attacks that exploit this kind of access
Complete setup using the verification code Yahoo displayed after the user approved access. Optionally also accepts clientId/clientSecret. On success it lists the user's leagues and sets a default automatically when there is only one. It is categorised as a Write tool in the Yahoo Fantasy Baseball MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
fantasy_authorize accepts 3 parameters: code, clientId, clientSecret. The full parameter table on this page comes from the server's own tool schema.
Register the Yahoo Fantasy Baseball MCP server in PolicyLayer and add a rule for fantasy_authorize: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Yahoo Fantasy Baseball. Nothing to install.
fantasy_authorize is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the fantasy_authorize rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for fantasy_authorize. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
fantasy_authorize is provided by the Yahoo Fantasy Baseball MCP server (yahoo-fantasy-baseball-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
fantasy_authorize is one line of Yahoo Fantasy Baseball's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →