Uploaded on

Je Partage #1 - 2013 …

Je Partage #1 - 2013
Présentation sur le fonctionnement des Google APIs et les technologies Google les plus incontournables et les plus utiles dans le domaine de développement.
Par : DILMI Fethi (af_dilmi@esi.dz)

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
585
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
17
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. UnderstandingGoogle APIsBuilding application that uses Google APIsFethi DILMIActive Member at Scientific Club of ESI – CSETechnical Manager at GDG AlgiersMicrosoft Student Partner
  • 2. Whats Google APIs?
  • 3. Whats Google APIs● Google offers a variety of APIs, mostly web APIs for web developers and mobile developers.● The APIs are based on popular Google consumer products, including Google Maps, Google Earth, AdSense, Adwords, Google Apps and YouTube.
  • 4. Whats Google APIs Example:● YOU use Google+ from your web browser.● Your Android application uses Google+ through Google+ API.● i.e: Google APIs are the tools we need to build applications that can use Google Products.
  • 5. How Google APIs work behindthe scenes?
  • 6. How Google APIs work behind the scenes ?● Most of Google APIs are web-based APIs.● This kind of APIs are called RESTFUL APIs (because they are based on REST architecture).● REST is a style of software architecture that is based on HTTP protocol to retrieve data.
  • 7. How Google APIs work behind the scenes ?● Most of Google APIs are web-based APIs.● This kind of APIs are called RESTFUL APIs (because they are based on REST architecture).● REST is a style of software architecture that is based on HTTP protocol to retrieve data. Simply, in order to use Google APIs , you only need to make HTTP requests to get data ☺
  • 8. How Google APIs work behind the scenes ? Example: “Google Places API”https://maps.googleapis.com/maps/api/place/nearbysearch/xml?location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere
  • 9. Global Structure of an API HTTPrequest:
  • 10. Global Structure of an API HTTP request Each HTTP request is composed of 4 parts: – API Scope – Action – Output format – Parameters To understand these parts, well take the previous example:https://maps.googleapis.com/maps/api/place/nearbysearch/xml?location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere
  • 11. Global Structure of an API HTTP request 1- API Scope:● A scope is the main part of the HTTP request.● In our case its: https://maps.googleapis.com/maps/api/place● A scope defines the web address of the API.● For example, the scope of Google Latitude API is: https://www.googleapis.com/latitude/ NB: Some API Scopes defines an API version, just like the Latitude API
  • 12. Global Structure of an API HTTP request 2- Output formats:● There are 2 possible output formats for an API request. – JSON – XML● In the previous example, we could get the same results in JSON format:https://maps.googleapis.com/maps/api/place/nearbysearch/json ?location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere
  • 13. Global Structure of an API HTTP request 3- ACTION:● Each Google web API gives you a set of possibilities called ACTIONS.● In our example, we specified for the Google Places API the action “nearbysearch” to search places in a radius of 50Km.● We could also search a places detail.
  • 14. Global Structure of an API HTTP request 4- Parameters:● Each action has a set of parameters.● Action Parameters let you customize the results you want to get.● In our example, we could add the parameter “type=food” to search only for restaurants.
  • 15. Types of Google web APIs
  • 16. Types of Google web APIs● There are 2 kinds of Google web APIs: – Public APIs. – Private APIs.
  • 17. Types of Google web APIs 1- Public APIs● Interact with public content: Google Maps API, Google Places API ..● Need an authentication key to be able to retrieve data.
  • 18. Types of Google web APIs 2- Private APIs● Interact with user private date: Google+ API, Google Latitude API, Google Drive SDK ..● Need an authorization process before accessing to user data.
  • 19. Public APIs and Authentication:Whats THAT !!
  • 20. Authentication● Public APIs use authentication key to identify your application.● This means, in our previous example we would not be able to make a search using Google Places API without specifying an authentication key.● Each device type has a different kind of key: – Android application authentication key. – Web application authentication key. – Web Service authentication key – ..
  • 21. AuthenticationBut Why ?
  • 22. Authentication● Identify from which device your application is making API request: i.e: You cant make an API request from a web browser using an Android application authentication key.● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since were talking about a daily quota, we have to limit the number of requests/second for a single user.
  • 23. Authentication● Identify from which device your application is making API request: i.e: You cant make an API request from a web browser using an Android application authentication key.● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since were talking about a daily quota, we have to limit the number of requests/second for a single user.
  • 24. Authentication● Identify from which device your application is making API request: i.e: You cant make an API request from a web browser using an Android application authentication key.● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since were talking about a daily quota, we have to limit the number of requests/second for a single user.
  • 25. Private APIs and Authorization:Whats THAT !!
  • 26. Authorization:● Private APIs try to fetch user data.● This cannot be done without the permission of the user.● So we need a tool to demand permissions from the user in order to perform action on his/her private data.
  • 27. Authorization:● Private APIs try to fetch user data.● This cannot be done without the permission of the user.● So we need a tool to demand permissions from the user in order to perform action on his/her private data. THIS TOOL IS CALLED “OAuth2.0”
  • 28. What is OAuth2.0 ?It is trying to solve a tricky problem.
  • 29. What is OAuth2.0 ?If you, the developer, are building an application.
  • 30. What is OAuth2.0 ? And your users
  • 31. What is OAuth2.0 ?have data in another service that your application needs to function
  • 32. What is OAuth2.0 ?such as their tasks list, or their photos
  • 33. What is OAuth2.0 ? ???HOW DO YOU GO ABOUT GETTING IT?
  • 34. NO !!You could ask the user for their name and password.
  • 35. NO !!But then the user has given your application access to all their data on that service. Thats not safe. Dont do that.
  • 36. NO !!The users name and password are like keys to their digital kingdom, you should never ask for them.
  • 37. Better ☺What we really want is a special key, one that only allows access to a limited set of data in the API.
  • 38. Better ☺A special key that the User can let the App acquire and use without the use of their name and password.
  • 39. Thats OAuth2.0 ☺But for that to work, everyone has to confirm that everyone else is who they say they are.
  • 40. Thats OAuth2.0 ☺That looks simple after all this
  • 41. Thats OAuth2.0 ☺But actually, its a little more complicated than even that, because that special key (Code)
  • 42. Thats OAuth2.0 ☺can change over time to keep things secure.
  • 43. How to create Authentication andAuthorization keys ?
  • 44. How to create Authentication and Authorization keys ?● To get authentication/authorization keys, you have to register your application.● Registering your application is signing its name, type, package, and extra info.
  • 45. How to create Authentication and Authorization keys ?● To get authentication/authorization keys, you have to register your application.● Registering your application is signing its name, type, package, and extra info. Please focus on the following steps ☺
  • 46. How to create Authentication and Authorization keys ?● Connect to your Google account.● Go to: https://code.google.com/apis/console/● Click on “Create Project”
  • 47. How to create Authentication and Authorization keys ?● Now there is a list of all Google APIs, choose for example the "Google Places API", and check it up:● Register your organization like shown in the image and click submit:
  • 48. How to create Authentication and Authorization keys ?● Agree & Accept
  • 49. How to create Authentication and Authorization keys ?● You can now notice that the Google Places API is activated:● Click on "Overview", then click on "Register" in order to register your project:
  • 50. How to create Authentication and Authorization keys ?● Type a unique project ID
  • 51. How to create Authentication and Authorization keys ?● Youve created automatically an authentication key for browser applications
  • 52. How to create Authentication and Authorization keys ?● You can click on: – Create New Server Key: To create an authentication key for a server application – Create New Server Key: To create an authentication key for an Android application.● You can create many authentication keys for the same application type (example: 3 authentication keys for Android Applications)
  • 53. How to create Authentication and Authorization keys ?● And Now .. How To Create Authorization Keys ?
  • 54. How to create Authentication and Authorization keys ?● Click on “Create an OAuth 2.0 Client ID”. This dialog will show up:
  • 55. How to create Authentication and Authorization keys ?● Click on “Create an OAuth 2.0 Client ID”. This dialog will show up:
  • 56. How to create Authentication and Authorization keys ?Now please focus with me, its so important ! In the following dialog, youll be asked to specify your application type !!
  • 57. How to create Authentication and Authorization keys ? 1- Web Applications:● If you choose this type of application, youll be asked to specify your application URL. Than Google will generate a redirect URI according to what youve entered.
  • 58. How to create Authentication and Authorization keys ? 2- Server Applications:● Applications of this type run on server.● Theyre a little bit different, so I invite you to read this article to understand more: https://developers.google.com/accounts/docs/OAuth2# serviceaccount
  • 59. How to create Authentication and Authorization keys ? 3- Installed Applications:● This could be: – Android application: Youll have to specify youre application package (it must be unique) – iOS application. – Chrome extension. – A Desktop application . – etc...
  • 60. How to create Authentication and Authorization keys ?● Ill take the example of a Desktop Application
  • 61. How to create Authentication and Authorization keys ?● When you click “Create Client ID”, this dialog will show up:
  • 62. How to create Authentication and Authorization keys ?● You can create many authorization keys for many projects.● Well see how to use the “Client ID” and the “Client Secret” to make authorized API calls.
  • 63. Some demonstration:Step By Step ☺
  • 64. Google APIs Client Libraries● Its not easy to construct manually authorized HTTP requests.● Its much harder to parse the XML/JSON results in order to extract information.
  • 65. Google APIs Client Libraries● Google created some libraries to do those tasks for you: Its Google API Client Libraries.● Google API Client Libraries are available in many languages (e.g: PHP, Python, C# and .NET, Java ..)● In this Demo, well be using the Google API Client for Python.
  • 66. Lets Start !!Now that we know what OAuth 2.0 looks like. How does it work in the Google API Client for Python?
  • 67. CredentialsThe key is held in a Credentials object.
  • 68. FlowAll the steps needed to go through getting Credentials is in a Flow object.
  • 69. Storage StorageAnd finally, because keys can change over time there is a Storage object for storing and retrieving keys.
  • 70. The Model Flow Credentials StorageYou set up and run a Flow, which in the end produces Credentials, which you store in a Storage.
  • 71. From PythonLater, when you need the key, you take it out of Storage and use it.
  • 72. Step By StepSo lets look at actual code.
  • 73. Step By StepFLOW = OAuth2WebServerFlow(  client_id=<CLIENT ID HERE>,  client_secret=<CLIENT SECRET HERE>,  redirect_uri=https://.../oauth2callback,  scope=https://.../tasks,  user_agent=my-sample/1.0) First, create a Flow.
  • 74. Step By StepFLOW = OAuth2WebServerFlow(  client_id=<CLIENT ID HERE>,  client_secret=<CLIENT SECRET HERE>,  redirect_uri=https://.../oauth2callback,  scope=https://.../tasks,  user_agent=my-sample/1.0) Fill your Client ID, Client Secret and redirect URI
  • 75. Step By Stepauthorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url) We request and authorization URL
  • 76. Step By Stepauthorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url) We get redirected to the generate URL
  • 77. Step By Stepcredentials = flow.step2_exchange(self.request.params)storage = StorageByKeyName(    Credentials, user.user_id(), credentials  )storage.put(credentials) We get Credentials when the Flow finishes, which we save in a Storage.
  • 78. Step By Stepuser = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), credentials    )credentials = storage.get()http = httplib2.Http()http = credentials.authorize(http)To use Credentials we retrieve them from the Storage and apply them to an httplib2.Http() object.
  • 79. Step By Stepuser = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), credentials    )credentials = storage.get()http = httplib2.Http()http = credentials.authorize(http)Now any HTTP requests made with http will be authorized with those Credentials.
  • 80. Thanks everyone ☺
  • 81. References● “OAuth 2.0 and the Google API Client for Python”.● “Understanding Google APIs” : http://fethidilmi.blogspot.com● Google Developers portal: http://developers.google.com