Google Data APIs

Eric Bidelman
28 October, 2008
Quick poll
Why should you care?
 Why should you care?

• 15 Google Data APIs, 40+ others

- Maps, AJAX APIs, OpenSocial (gadgets), Gears, and many more

• Standard protocols
- HTTP, RESTful APIs
- Atom Publishing Protocol (XML), JSON, etc.
- OAuth

• Easy development
- most products have APIs  no need to start from scratch 
- open source client libraries

• Gain large user base

- build on top of popular Google services
- mashups with other web services
Wide variety of services
Wide variety of services
 Today’s Agenda

• Demos
- web applications, gadgets, mashups
- desktop samples

• Google Data Protocol

- APP, XML, REST, HTTP
- under the hood: raw protocol demo

• Authentication
…because private data is more interesting

• AJAX Search APIs

• Questions & Answers

LIVE Demos!
 Demos - PHP YouTube vs JSON YouTube

YouTube Video Browser (PHP)

APIs: YouTube Data API
PHP client library
http://www.googlecodesamples.com/youtube/php/YouTubeVideoBrowser/

YouTube Video Browser (JSON)

APIs: YouTube Data API
JavaScript (alt=json-in-script)
http://www.googlecodesamples.com/youtube/js/YouTubeVideoBrowser/
 Demos – Book Search Data API

Book Search Browser

APIs: Book Search Data API
PHP client library, JavaScript

http://www.googlecodesamples.com/books/php/BooksBrowser/
 Demos - Mashing up Google Calendar + Contacts

Calendar Event Creator

APIs: Contacts & Calendar Data APIs, App Engine
Python client library

http://calendar-contacts.appspot.com/
 Demos – Installed Applications

DocList Uploader
APIs: Documents List Data API
.NET client library

http://code.google.com/apis/gdata/articles/doc_list_uploader.html
 Demos – Google Data Gadgets

Blogger Gadget
APIs: Blogger Data API, OAuth, OpenSocial
JavaScript client library

http://gdata-samples.googlecode.com/svn/trunk/gadgets/blogger/blogger_gadget.xml
Google Data Protocol
 Protocol - Atom Syndication Format

Feeds and Entries

<feed xmlns='http://www.w3.org/2005/Atom'> <id>…
</id><title>…</title><updated>…</updated>
<entry>
<id>http://picasaweb…/entry/…albumid/5141841</id>
<updated>2008-05-08T04:15:41.000Z</updated>
<title type='text'>App Engine Hackathon NY</title>
<link rel='http://schemas.google.com/g/2005#feed'
type='application/atom+xml'
href='http://picasaweb…/feed/…albumid/5141841'/>
</entry>
<entry>…</entry>
<entry>…</entry>
</feed>
 Protocol - HTTP Communication

Create
POST /calendar/feeds/default/allcalendars/full
201 Created

Retrieve
GET /calendar/feeds/default/allcalendars/full
200 OK

Update
PUT /calendar/feeds/default/allcalendars/full/{ID}
200 OK

Delete
DELETE /calendar/feeds/default/allcalendars/full/{ID}
200 OK
Protocol - HTTP Status Codes

200 OK
201 CREATED
304 NOT MODIFIED
400 BAD REQUEST
401 UNAUTHORIZED
403 FORBIDDEN
404 NOT FOUND
409 CONFLICT
500 INTERNAL SERVER ERROR
 Protocol - Google Data API Extensions

• Extended data model

<gCal:timezone>, <gd:phoneNumber>, <gml:pos>
<media:thumbnail>
Feature Google  Atom RSS 2.0
Data
• Batch operations Syndication Format Y Y Y

Queries Y N N

• Authentication Updates Y Y N

- ClientLogin - desktop apps Optimistic  Y N N

Concurrency
- AuthSub - web apps
- OAuth - open standard Authentication Y N N

• Alternate formats
- alt=rss, alt=json, alt=json-in-script, alt=kml (Picasa Web)
Authentication
 Authentication - Overview

Problems: Authentication is difficult

• Private resources
• Security considerations

Solution: Let Google handle it!

• Authorization not Authentication
• Tokens not credentials
• User grants/denies access to their private data
 Authentication - ClientLogin

• Installed/desktop applications
• Username/password
• Access to a single service
• Tokens expire in ~2 weeks
• CAPTCHAs
POST /accounts/ClientLogin HTTP/1.0
Content-type: application/x-www-form-urlencoded

accountType=HOSTED_OR_GOOGLE
&Email=user@gmail.com
&Passwd=pa$$word
&service=cl
&source=Google-CalExample-v1.0
 Authentication - AuthSub

• Web applications
• Authorization
- your website  Google  your website
• Tokens
- single-use or multiple-use (never expire)
- scoped access to data
- revoke tokens manually / programmatically
• Three ‘modes’
1. non-registered, non-secure
2. registered, non-secure
3. registered & secure (API requests are digitally signed)
https://www.google.com/accounts/AuthSubRequest
?scope=http://www.google.com/calendar/feeds
&session=1&secure=0
&next=http://www.example.com
 Authentication - OAuth

• Similar to AuthSub
- single mode: ALL requests must be signed

• Web applications

• Open standard
- growing in popularity (Yahoo, MySpace, AOL)
- open source libraries available: oauth.net
- reuse authentication code from another project
Protocol demonstration
 Protocol demonstration - OAuth Playground

OAuth Playground
1. Authorization to the Contacts Data API
2. GET retrieving a user’s contacts
3. POST create a new contact entry
4. PUT update the entry
5. DELETE remove the contact

http://www.googlecodesamples.com/oauth_playground/
 Making life easier - Client Libraries

• Java
• .NET
• Python
• PHP
• Objective-C
• JavaScript
AJAX Search APIs
 AJAX Search APIs

• Google is known for search!

google.search.LocalSearch google.search.NewsSearch
google.search.WebSearch google.search.ImageSearch
google.search.VideoSearch google.search.PatentSearch
google.search.BlogSearch google.search.BookSearch

• Compatibility
- Firefox 1.5+, IE 6+, Safari, Opera 9+, Google Chrome

• Common loader
google.load('search', '1');
google.load('gdata', '1.x', {packages:['blogger']});
google.load('maps', '2.s');
google.load('earth', '1');
google.load('jquery', '1.2.6', {uncompressed:true});
 AJAX Search APIs – Basic Example

<script src="http://www.google.com/jsapi?key=ABQIBX..."></script>

<script type="text/javascript">
google.load('search', '1', {'language' : 'ru'});

function initialize() {
var gSearch = new google.search.SearchControl();

var options = new google.search.SearcherOptions();

options.setExpandMode(
google.search.SearchControl.EXPAND_MODE_OPEN);

gSearch.addSearcher(new google.search.WebSearch(), options);

gSearch.draw(document.getElementById('searchcontrol'));
//gSearch.execute('LOL cats'); // execute search automatically
}
google.setOnLoadCallback(initialize);
</script>
…
<div id="searchcontrol"></div>
 AJAX Search APIs – Customizations

• Linear or tabbed display

var drawOpts = new google.search.DrawOptions();
drawOpts.setDrawMode(
google.search.SearchControl.DRAW_MODE_TABBED);

• Choose where results are displayed

var options = new google.search.SearcherOptions();
options.setRoot(
document.getElementById('somewhere_else'));
searchControl.addSearcher(
new google.search.WebSearch(), options);

• CSS styling
google.load('search', '1', {'nocss' : true});
 AJAX Search APIs – Non-JavaScript

… not just JavaScript

- REST, JSON
- Examples in Flash, PHP, Java

curl --silent --referer http://www.example.com \

"http://ajax.googleapis.com/ajax/services/search/web\
?v=1.0&q=Beijing%20Olympics"
Questions & Answers
 Resources

Google Data APIs:

http://code.google.com/apis/gdata/

OAuth Playground and other LIVE samples:

http://www.googlecodesamples.com/

AJAX APIs:
http://code.google.com/apis/ajax