Professional Documents
Culture Documents
Gdata Moscow
Gdata Moscow
Gdata Moscow
Eric Bidelman
28 October, 2008
Quick poll
Why should you care?
Why should you care?
• Standard protocols
- HTTP, RESTful APIs
- Atom Publishing Protocol (XML), JSON, etc.
- OAuth
• Easy development
- most products have APIs no need to start from scratch
- open source client libraries
• Demos
- web applications, gadgets, mashups
- desktop samples
• Authentication
…because private data is more interesting
http://www.googlecodesamples.com/books/php/BooksBrowser/
Demos - Mashing up Google Calendar + Contacts
http://calendar-contacts.appspot.com/
Demos – Installed Applications
DocList Uploader
APIs: Documents List Data API
.NET client library
http://code.google.com/apis/gdata/articles/doc_list_uploader.html
Demos – Google Data Gadgets
Blogger Gadget
APIs: Blogger Data API, OAuth, OpenSocial
JavaScript client library
http://gdata-samples.googlecode.com/svn/trunk/gadgets/blogger/blogger_gadget.xml
Google Data Protocol
Protocol - Atom Syndication Format
Create
POST /calendar/feeds/default/allcalendars/full
201 Created
Retrieve
GET /calendar/feeds/default/allcalendars/full
200 OK
Update
PUT /calendar/feeds/default/allcalendars/full/{ID}
200 OK
Delete
DELETE /calendar/feeds/default/allcalendars/full/{ID}
200 OK
Protocol - HTTP Status Codes
200 OK
201 CREATED
304 NOT MODIFIED
400 BAD REQUEST
401 UNAUTHORIZED
403 FORBIDDEN
404 NOT FOUND
409 CONFLICT
500 INTERNAL SERVER ERROR
Protocol - Google Data API Extensions
Queries Y N N
• Authentication Updates Y Y N
• Alternate formats
- alt=rss, alt=json, alt=json-in-script, alt=kml (Picasa Web)
Authentication
Authentication - Overview
• Installed/desktop applications
• Username/password
• Access to a single service
• Tokens expire in ~2 weeks
• CAPTCHAs
POST /accounts/ClientLogin HTTP/1.0
Content-type: application/x-www-form-urlencoded
accountType=HOSTED_OR_GOOGLE
&Email=user@gmail.com
&Passwd=pa$$word
&service=cl
&source=Google-CalExample-v1.0
Authentication - AuthSub
• Web applications
• Authorization
- your website Google your website
• Tokens
- single-use or multiple-use (never expire)
- scoped access to data
- revoke tokens manually / programmatically
• Three ‘modes’
1. non-registered, non-secure
2. registered, non-secure
3. registered & secure (API requests are digitally signed)
https://www.google.com/accounts/AuthSubRequest
?scope=http://www.google.com/calendar/feeds
&session=1&secure=0
&next=http://www.example.com
Authentication - OAuth
• Similar to AuthSub
- single mode: ALL requests must be signed
• Web applications
• Open standard
- growing in popularity (Yahoo, MySpace, AOL)
- open source libraries available: oauth.net
- reuse authentication code from another project
Protocol demonstration
Protocol demonstration - OAuth Playground
OAuth Playground
1. Authorization to the Contacts Data API
2. GET retrieving a user’s contacts
3. POST create a new contact entry
4. PUT update the entry
5. DELETE remove the contact
http://www.googlecodesamples.com/oauth_playground/
Making life easier - Client Libraries
• Java
• .NET
• Python
• PHP
• Objective-C
• JavaScript
AJAX Search APIs
AJAX Search APIs
• Compatibility
- Firefox 1.5+, IE 6+, Safari, Opera 9+, Google Chrome
• Common loader
google.load('search', '1');
google.load('gdata', '1.x', {packages:['blogger']});
google.load('maps', '2.s');
google.load('earth', '1');
google.load('jquery', '1.2.6', {uncompressed:true});
AJAX Search APIs – Basic Example
<script src="http://www.google.com/jsapi?key=ABQIBX..."></script>
<script type="text/javascript">
google.load('search', '1', {'language' : 'ru'});
function initialize() {
var gSearch = new google.search.SearchControl();
gSearch.draw(document.getElementById('searchcontrol'));
//gSearch.execute('LOL cats'); // execute search automatically
}
google.setOnLoadCallback(initialize);
</script>
…
<div id="searchcontrol"></div>
AJAX Search APIs – Customizations
• CSS styling
google.load('search', '1', {'nocss' : true});
AJAX Search APIs – Non-JavaScript
AJAX APIs:
http://code.google.com/apis/ajax