gdata moscow
TRANSCRIPT
Google Data APIsEric Bidelman28 October, 2008
Quick poll
Why should you care?
Why should you care?
• 15 Google Data APIs, 40+ others- Maps, AJAX APIs, OpenSocial (gadgets), Gears, and many more
• Standard protocols- HTTP, RESTful APIs- Atom Publishing Protocol (XML), JSON, etc.- OAuth
• Easy development- most products have APIs no need to start from scratch - open source client libraries
• Gain large user base- build on top of popular Google services- mashups with other web services
Wide variety of services
Wide variety of services
Today’s Agenda
• Demos- web applications, gadgets, mashups- desktop samples
• Google Data Protocol- APP, XML, REST, HTTP- under the hood: raw protocol demo
• Authentication…because private data is more interesting
• AJAX Search APIs
• Questions & Answers
LIVE Demos!
Demos - PHP YouTube vs JSON YouTube
YouTube Video Browser (PHP)APIs: YouTube Data API
PHP client library http://www.googlecodesamples.com/youtube/php/YouTubeVideoBrowser/
YouTube Video Browser (JSON)APIs: YouTube Data API
JavaScript (alt=json-in-script)http://www.googlecodesamples.com/youtube/js/YouTubeVideoBrowser/
Demos – Book Search Data API
Book Search BrowserAPIs: Book Search Data API
PHP client library, JavaScript
http://www.googlecodesamples.com/books/php/BooksBrowser/
Demos - Mashing up Google Calendar + Contacts
Calendar Event CreatorAPIs: Contacts & Calendar Data APIs, App Engine
Python client library
http://calendar-contacts.appspot.com/
Demos – Installed Applications
DocList UploaderAPIs: Documents List Data API
.NET client library
http://code.google.com/apis/gdata/articles/doc_list_uploader.html
Demos – Google Data Gadgets
Blogger GadgetAPIs: Blogger Data API, OAuth, OpenSocial
JavaScript client library
http://gdata-samples.googlecode.com/svn/trunk/gadgets/blogger/blogger_gadget.xml
Google Data Protocol
Protocol - Atom Syndication Format
Feeds and Entries
<feed xmlns='http://www.w3.org/2005/Atom'> <id>…</id><title>…</title><updated>…</updated> <entry> <id>http://picasaweb…/entry/…albumid/5141841</id> <updated>2008-05-08T04:15:41.000Z</updated> <title type='text'>App Engine Hackathon NY</title> <link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='http://picasaweb…/feed/…albumid/5141841'/> </entry> <entry>…</entry> <entry>…</entry></feed>
Protocol - HTTP Communication
Create
Retrieve
Update
Delete
GET /calendar/feeds/default/allcalendars/full200 OK
PUT /calendar/feeds/default/allcalendars/full/{ID}200 OK
DELETE /calendar/feeds/default/allcalendars/full/{ID}200 OK
POST /calendar/feeds/default/allcalendars/full201 Created
Protocol - HTTP Status Codes
200 OK 201 CREATED 304 NOT MODIFIED 400 BAD REQUEST 401 UNAUTHORIZED 403 FORBIDDEN 404 NOT FOUND 409 CONFLICT 500 INTERNAL SERVER ERROR
Protocol - Google Data API Extensions
• Extended data model<gCal:timezone>, <gd:phoneNumber>, <gml:pos><media:thumbnail>
• Batch operations
• Authentication- ClientLogin - desktop apps- AuthSub - web apps- OAuth - open standard
• Alternate formats- alt=rss, alt=json, alt=json-in-script, alt=kml (Picasa Web)
Feature Google Data
Atom RSS 2.0
Syndication Format Y Y Y
Queries Y N N
Updates Y Y N
Optimistic Concurrency
Y N N
Authentication Y N N
Authentication
Authentication - Overview
Problems: Authentication is difficult• Private resources• Security considerations
Solution: Let Google handle it!• Authorization not Authentication• Tokens not credentials• User grants/denies access to their private data
Authentication - ClientLogin
• Installed/desktop applications
• Username/password
• Access to a single service
• Tokens expire in ~2 weeks
• CAPTCHAsPOST /accounts/ClientLogin HTTP/1.0Content-type: application/x-www-form-urlencoded
accountType=HOSTED_OR_GOOGLE&[email protected]&Passwd=pa$$word&service=cl&source=Google-CalExample-v1.0
Authentication - AuthSub
• Web applications• Authorization
- your website Google your website
• Tokens- single-use or multiple-use (never expire)- scoped access to data- revoke tokens manually / programmatically
• Three ‘modes’1. non-registered, non-secure2. registered, non-secure3. registered & secure (API requests are digitally signed)
https://www.google.com/accounts/AuthSubRequest?scope=http://www.google.com/calendar/feeds&session=1&secure=0&next=http://www.example.com
Authentication - OAuth
• Similar to AuthSub - single mode: ALL requests must be signed
• Web applications
• Open standard- growing in popularity (Yahoo, MySpace, AOL)- open source libraries available: oauth.net- reuse authentication code from another project
Protocol demonstration
Protocol demonstration - OAuth Playground
OAuth Playground1. Authorization to the Contacts Data API2. GET retrieving a user’s contacts3. POST create a new contact entry4. PUT update the entry5. DELETE remove the contact
http://www.googlecodesamples.com/oauth_playground/
Making life easier - Client Libraries
• Java• .NET• Python• PHP• Objective-C• JavaScript
AJAX Search APIs
AJAX Search APIs
• Google is known for search!google.search.LocalSearch google.search.NewsSearchgoogle.search.WebSearch google.search.ImageSearchgoogle.search.VideoSearch google.search.PatentSearchgoogle.search.BlogSearch google.search.BookSearch
• Compatibility- Firefox 1.5+, IE 6+, Safari, Opera 9+, Google Chrome
• Common loadergoogle.load('search', '1');google.load('gdata', '1.x', {packages:['blogger']}); google.load('maps', '2.s');google.load('earth', '1'); google.load('jquery', '1.2.6', {uncompressed:true});
AJAX Search APIs – Basic Example
<script src="http://www.google.com/jsapi?key=ABQIBX..."></script>
<script type="text/javascript">google.load('search', '1', {'language' : 'ru'}); function initialize() { var gSearch = new google.search.SearchControl(); var options = new google.search.SearcherOptions(); options.setExpandMode( google.search.SearchControl.EXPAND_MODE_OPEN);
gSearch.addSearcher(new google.search.WebSearch(), options); gSearch.draw(document.getElementById('searchcontrol')); //gSearch.execute('LOL cats'); // execute search automatically}google.setOnLoadCallback(initialize);</script>…<div id="searchcontrol"></div>
AJAX Search APIs – Customizations
• Linear or tabbed display
var drawOpts = new google.search.DrawOptions(); drawOpts.setDrawMode( google.search.SearchControl.DRAW_MODE_TABBED);
• Choose where results are displayed var options = new google.search.SearcherOptions(); options.setRoot( document.getElementById('somewhere_else')); searchControl.addSearcher( new google.search.WebSearch(), options);
• CSS styling google.load('search', '1', {'nocss' : true});
AJAX Search APIs – Non-JavaScript
… not just JavaScript- REST, JSON- Examples in Flash, PHP, Java
curl --silent --referer http://www.example.com \"http://ajax.googleapis.com/ajax/services/search/web\?v=1.0&q=Beijing%20Olympics"
Questions & Answers
Resources
Google Data APIs: http://code.google.com/apis/gdata/
OAuth Playground and other LIVE samples: http://www.googlecodesamples.com/
AJAX APIs:http://code.google.com/apis/ajax