0
UnderstandingGoogle APIsBuilding application that uses Google APIsFethi DILMIActive Member at Scientific Club of ESI – CSE...
Whats Google APIs?
Whats Google APIs●    Google offers a variety of APIs, mostly web APIs for    web developers and mobile developers.●    Th...
Whats Google APIs    Example:●    YOU use Google+ from your web browser.●    Your Android application uses Google+ through...
How Google APIs work behindthe scenes?
How Google APIs work behind the scenes ?●    Most of Google APIs are web-based APIs.●    This kind of APIs are called REST...
How Google APIs work behind the scenes ?●    Most of Google APIs are web-based APIs.●    This kind of APIs are called REST...
How Google APIs work behind the scenes ?  Example: “Google Places API”https://maps.googleapis.com/maps/api/place/nearbysea...
Global Structure of an API HTTPrequest:
Global Structure of an API HTTP request  Each HTTP request is composed of 4 parts:   –   API Scope   –   Action   –   Outp...
Global Structure of an API HTTP request    1- API Scope:●    A scope is the main part of the HTTP request.●    In our case...
Global Structure of an API HTTP request    2- Output formats:●    There are 2 possible output formats for an API request. ...
Global Structure of an API HTTP request    3- ACTION:●    Each Google web API gives you a set of possibilities    called A...
Global Structure of an API HTTP request    4- Parameters:●    Each action has a set of parameters.●    Action Parameters l...
Types of Google web APIs
Types of Google web APIs●    There are 2 kinds of Google web APIs:    –   Public APIs.    –   Private APIs.
Types of Google web APIs    1- Public APIs●    Interact with public content: Google Maps API, Google    Places API ..●    ...
Types of Google web APIs    2- Private APIs●    Interact with user private date: Google+ API, Google    Latitude API, Goog...
Public APIs and Authentication:Whats THAT !!
Authentication●    Public APIs use authentication key to identify your application.●    This means, in our previous exampl...
AuthenticationBut Why ?
Authentication●    Identify from which device your application is making API request:    i.e: You cant make an API request...
Authentication●    Identify from which device your application is making API request:    i.e: You cant make an API request...
Authentication●    Identify from which device your application is making API request:    i.e: You cant make an API request...
Private APIs and Authorization:Whats THAT !!
Authorization:●    Private APIs try to fetch user data.●    This cannot be done without the permission of the user.●    So...
Authorization:●    Private APIs try to fetch user data.●    This cannot be done without the permission of the user.●    So...
What is OAuth2.0 ?It is trying to solve a tricky problem.
What is OAuth2.0 ?If you, the developer, are building an application.
What is OAuth2.0 ?     And your users
What is OAuth2.0 ?have data in another service that your application needs to function
What is OAuth2.0 ?such as their tasks list, or their photos
What is OAuth2.0 ?            ???HOW DO YOU GO ABOUT GETTING IT?
NO !!You could ask the user for their name and password.
NO !!But then the user has given your application access to all their data on that                   service. Thats not sa...
NO !!The users name and password are like keys to their digital kingdom, you                     should never ask for them.
Better ☺What we really want is a special key, one that only allows access to a                    limited set of data in t...
Better ☺A special key that the User can let the App acquire and use without the use                        of their name a...
Thats OAuth2.0 ☺But for that to work, everyone has to confirm that everyone else is                       who they say the...
Thats OAuth2.0 ☺That looks simple after all this
Thats OAuth2.0 ☺But actually, its a little more complicated than even that, because that                              spec...
Thats OAuth2.0 ☺can change over time to keep things secure.
How to create Authentication andAuthorization keys ?
How to create Authentication and             Authorization keys ?●    To get authentication/authorization keys, you have t...
How to create Authentication and             Authorization keys ?●    To get authentication/authorization keys, you have t...
How to create Authentication and             Authorization keys ?●    Connect to your Google account.●    Go to: https://c...
How to create Authentication and              Authorization keys ?●    Now there is a list of all Google APIs, choose for ...
How to create Authentication and              Authorization keys ?●   Agree & Accept
How to create Authentication and              Authorization keys ?●    You can now notice that the Google Places API is ac...
How to create Authentication and              Authorization keys ?●    Type a unique project ID
How to create Authentication and              Authorization keys ?●    Youve created automatically an authentication key f...
How to create Authentication and               Authorization keys ?●    You can click on:    –   Create New Server Key: To...
How to create Authentication and             Authorization keys ?●    And Now ..           How To Create         Authoriza...
How to create Authentication and              Authorization keys ?●    Click on “Create an OAuth 2.0 Client ID”. This dial...
How to create Authentication and              Authorization keys ?●    Click on “Create an OAuth 2.0 Client ID”. This dial...
How to create Authentication and        Authorization keys ?Now please focus with me, its so important ! In the following ...
How to create Authentication and             Authorization keys ?    1- Web Applications:●    If you choose this type of a...
How to create Authentication and              Authorization keys ?    2- Server Applications:●    Applications of this typ...
How to create Authentication and                Authorization keys ?    3- Installed Applications:●    This could be:    –...
How to create Authentication and              Authorization keys ?●    Ill take the example of a Desktop Application
How to create Authentication and              Authorization keys ?●    When you click “Create Client ID”, this dialog will...
How to create Authentication and             Authorization keys ?●    You can create many authorization keys for many    p...
Some demonstration:Step By Step ☺
Google APIs Client Libraries●    Its not easy to construct manually authorized HTTP    requests.●    Its much harder to pa...
Google APIs Client Libraries●    Google created some libraries to do those tasks for you:    Its Google API Client Librari...
Lets Start !!Now that we know what OAuth 2.0 looks like. How does it work in the                  Google API Client for Py...
CredentialsThe key is held in a Credentials object.
FlowAll the steps needed to go through getting Credentials is in a Flow                              object.
Storage                                StorageAnd finally, because keys can change over time there is a Storage object    ...
The Model           Flow              Credentials            StorageYou set up and run a Flow, which in the end produces C...
From PythonLater, when you need the key, you take it out of Storage and use it.
Step By StepSo lets look at actual code.
Step By StepFLOW = OAuth2WebServerFlow(  client_id=<CLIENT ID HERE>,  client_secret=<CLIENT SECRET HERE>,  redirect_uri=ht...
Step By StepFLOW = OAuth2WebServerFlow(  client_id=<CLIENT ID HERE>,  client_secret=<CLIENT SECRET HERE>,  redirect_uri=ht...
Step By Stepauthorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url)               We request and author...
Step By Stepauthorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url)             We get redirected to th...
Step By Stepcredentials = flow.step2_exchange(self.request.params)storage = StorageByKeyName(    Credentials, user.user_id...
Step By Stepuser = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), credentials    ...
Step By Stepuser = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), credentials    ...
Thanks everyone ☺
References●    “OAuth 2.0 and the Google API Client for Python”.●    “Understanding Google APIs” :    http://fethidilmi.bl...
Understanding Google API
Upcoming SlideShare
Loading in...5
×

Understanding Google API

3,207

Published on

Understand How Google APIs work, and how to use them in your application

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,207
On Slideshare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
26
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Understanding Google API"

  1. 1. UnderstandingGoogle APIsBuilding application that uses Google APIsFethi DILMIActive Member at Scientific Club of ESI – CSETechnical Manager at GDG AlgiersMicrosoft Student Partner
  2. 2. Whats Google APIs?
  3. 3. Whats Google APIs● Google offers a variety of APIs, mostly web APIs for web developers and mobile developers.● The APIs are based on popular Google consumer products, including Google Maps, Google Earth, AdSense, Adwords, Google Apps and YouTube.
  4. 4. Whats Google APIs Example:● YOU use Google+ from your web browser.● Your Android application uses Google+ through Google+ API.● i.e: Google APIs are the tools we need to build applications that can use Google Products.
  5. 5. How Google APIs work behindthe scenes?
  6. 6. How Google APIs work behind the scenes ?● Most of Google APIs are web-based APIs.● This kind of APIs are called RESTFUL APIs (because they are based on REST architecture).● REST is a style of software architecture that is based on HTTP protocol to retrieve data.
  7. 7. How Google APIs work behind the scenes ?● Most of Google APIs are web-based APIs.● This kind of APIs are called RESTFUL APIs (because they are based on REST architecture).● REST is a style of software architecture that is based on HTTP protocol to retrieve data. Simply, in order to use Google APIs , you only need to make HTTP requests to get data ☺
  8. 8. How Google APIs work behind the scenes ? Example: “Google Places API”https://maps.googleapis.com/maps/api/place/nearbysearch/xml?location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere
  9. 9. Global Structure of an API HTTPrequest:
  10. 10. Global Structure of an API HTTP request Each HTTP request is composed of 4 parts: – API Scope – Action – Output format – Parameters To understand these parts, well take the previous example:https://maps.googleapis.com/maps/api/place/nearbysearch/xml?location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere
  11. 11. Global Structure of an API HTTP request 1- API Scope:● A scope is the main part of the HTTP request.● In our case its: https://maps.googleapis.com/maps/api/place● A scope defines the web address of the API.● For example, the scope of Google Latitude API is: https://www.googleapis.com/latitude/ NB: Some API Scopes defines an API version, just like the Latitude API
  12. 12. Global Structure of an API HTTP request 2- Output formats:● There are 2 possible output formats for an API request. – JSON – XML● In the previous example, we could get the same results in JSON format:https://maps.googleapis.com/maps/api/place/nearbysearch/json ?location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere
  13. 13. Global Structure of an API HTTP request 3- ACTION:● Each Google web API gives you a set of possibilities called ACTIONS.● In our example, we specified for the Google Places API the action “nearbysearch” to search places in a radius of 50Km.● We could also search a places detail.
  14. 14. Global Structure of an API HTTP request 4- Parameters:● Each action has a set of parameters.● Action Parameters let you customize the results you want to get.● In our example, we could add the parameter “type=food” to search only for restaurants.
  15. 15. Types of Google web APIs
  16. 16. Types of Google web APIs● There are 2 kinds of Google web APIs: – Public APIs. – Private APIs.
  17. 17. Types of Google web APIs 1- Public APIs● Interact with public content: Google Maps API, Google Places API ..● Need an authentication key to be able to retrieve data.
  18. 18. Types of Google web APIs 2- Private APIs● Interact with user private date: Google+ API, Google Latitude API, Google Drive SDK ..● Need an authorization process before accessing to user data.
  19. 19. Public APIs and Authentication:Whats THAT !!
  20. 20. Authentication● Public APIs use authentication key to identify your application.● This means, in our previous example we would not be able to make a search using Google Places API without specifying an authentication key.● Each device type has a different kind of key: – Android application authentication key. – Web application authentication key. – Web Service authentication key – ..
  21. 21. AuthenticationBut Why ?
  22. 22. Authentication● Identify from which device your application is making API request: i.e: You cant make an API request from a web browser using an Android application authentication key.● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since were talking about a daily quota, we have to limit the number of requests/second for a single user.
  23. 23. Authentication● Identify from which device your application is making API request: i.e: You cant make an API request from a web browser using an Android application authentication key.● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since were talking about a daily quota, we have to limit the number of requests/second for a single user.
  24. 24. Authentication● Identify from which device your application is making API request: i.e: You cant make an API request from a web browser using an Android application authentication key.● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since were talking about a daily quota, we have to limit the number of requests/second for a single user.
  25. 25. Private APIs and Authorization:Whats THAT !!
  26. 26. Authorization:● Private APIs try to fetch user data.● This cannot be done without the permission of the user.● So we need a tool to demand permissions from the user in order to perform action on his/her private data.
  27. 27. Authorization:● Private APIs try to fetch user data.● This cannot be done without the permission of the user.● So we need a tool to demand permissions from the user in order to perform action on his/her private data. THIS TOOL IS CALLED “OAuth2.0”
  28. 28. What is OAuth2.0 ?It is trying to solve a tricky problem.
  29. 29. What is OAuth2.0 ?If you, the developer, are building an application.
  30. 30. What is OAuth2.0 ? And your users
  31. 31. What is OAuth2.0 ?have data in another service that your application needs to function
  32. 32. What is OAuth2.0 ?such as their tasks list, or their photos
  33. 33. What is OAuth2.0 ? ???HOW DO YOU GO ABOUT GETTING IT?
  34. 34. NO !!You could ask the user for their name and password.
  35. 35. NO !!But then the user has given your application access to all their data on that service. Thats not safe. Dont do that.
  36. 36. NO !!The users name and password are like keys to their digital kingdom, you should never ask for them.
  37. 37. Better ☺What we really want is a special key, one that only allows access to a limited set of data in the API.
  38. 38. Better ☺A special key that the User can let the App acquire and use without the use of their name and password.
  39. 39. Thats OAuth2.0 ☺But for that to work, everyone has to confirm that everyone else is who they say they are.
  40. 40. Thats OAuth2.0 ☺That looks simple after all this
  41. 41. Thats OAuth2.0 ☺But actually, its a little more complicated than even that, because that special key (Code)
  42. 42. Thats OAuth2.0 ☺can change over time to keep things secure.
  43. 43. How to create Authentication andAuthorization keys ?
  44. 44. How to create Authentication and Authorization keys ?● To get authentication/authorization keys, you have to register your application.● Registering your application is signing its name, type, package, and extra info.
  45. 45. How to create Authentication and Authorization keys ?● To get authentication/authorization keys, you have to register your application.● Registering your application is signing its name, type, package, and extra info. Please focus on the following steps ☺
  46. 46. How to create Authentication and Authorization keys ?● Connect to your Google account.● Go to: https://code.google.com/apis/console/● Click on “Create Project”
  47. 47. How to create Authentication and Authorization keys ?● Now there is a list of all Google APIs, choose for example the "Google Places API", and check it up:● Register your organization like shown in the image and click submit:
  48. 48. How to create Authentication and Authorization keys ?● Agree & Accept
  49. 49. How to create Authentication and Authorization keys ?● You can now notice that the Google Places API is activated:● Click on "Overview", then click on "Register" in order to register your project:
  50. 50. How to create Authentication and Authorization keys ?● Type a unique project ID
  51. 51. How to create Authentication and Authorization keys ?● Youve created automatically an authentication key for browser applications
  52. 52. How to create Authentication and Authorization keys ?● You can click on: – Create New Server Key: To create an authentication key for a server application – Create New Server Key: To create an authentication key for an Android application.● You can create many authentication keys for the same application type (example: 3 authentication keys for Android Applications)
  53. 53. How to create Authentication and Authorization keys ?● And Now .. How To Create Authorization Keys ?
  54. 54. How to create Authentication and Authorization keys ?● Click on “Create an OAuth 2.0 Client ID”. This dialog will show up:
  55. 55. How to create Authentication and Authorization keys ?● Click on “Create an OAuth 2.0 Client ID”. This dialog will show up:
  56. 56. How to create Authentication and Authorization keys ?Now please focus with me, its so important ! In the following dialog, youll be asked to specify your application type !!
  57. 57. How to create Authentication and Authorization keys ? 1- Web Applications:● If you choose this type of application, youll be asked to specify your application URL. Than Google will generate a redirect URI according to what youve entered.
  58. 58. How to create Authentication and Authorization keys ? 2- Server Applications:● Applications of this type run on server.● Theyre a little bit different, so I invite you to read this article to understand more: https://developers.google.com/accounts/docs/OAuth2# serviceaccount
  59. 59. How to create Authentication and Authorization keys ? 3- Installed Applications:● This could be: – Android application: Youll have to specify youre application package (it must be unique) – iOS application. – Chrome extension. – A Desktop application . – etc...
  60. 60. How to create Authentication and Authorization keys ?● Ill take the example of a Desktop Application
  61. 61. How to create Authentication and Authorization keys ?● When you click “Create Client ID”, this dialog will show up:
  62. 62. How to create Authentication and Authorization keys ?● You can create many authorization keys for many projects.● Well see how to use the “Client ID” and the “Client Secret” to make authorized API calls.
  63. 63. Some demonstration:Step By Step ☺
  64. 64. Google APIs Client Libraries● Its not easy to construct manually authorized HTTP requests.● Its much harder to parse the XML/JSON results in order to extract information.
  65. 65. Google APIs Client Libraries● Google created some libraries to do those tasks for you: Its Google API Client Libraries.● Google API Client Libraries are available in many languages (e.g: PHP, Python, C# and .NET, Java ..)● In this Demo, well be using the Google API Client for Python.
  66. 66. Lets Start !!Now that we know what OAuth 2.0 looks like. How does it work in the Google API Client for Python?
  67. 67. CredentialsThe key is held in a Credentials object.
  68. 68. FlowAll the steps needed to go through getting Credentials is in a Flow object.
  69. 69. Storage StorageAnd finally, because keys can change over time there is a Storage object for storing and retrieving keys.
  70. 70. The Model Flow Credentials StorageYou set up and run a Flow, which in the end produces Credentials, which you store in a Storage.
  71. 71. From PythonLater, when you need the key, you take it out of Storage and use it.
  72. 72. Step By StepSo lets look at actual code.
  73. 73. Step By StepFLOW = OAuth2WebServerFlow(  client_id=<CLIENT ID HERE>,  client_secret=<CLIENT SECRET HERE>,  redirect_uri=https://.../oauth2callback,  scope=https://.../tasks,  user_agent=my-sample/1.0) First, create a Flow.
  74. 74. Step By StepFLOW = OAuth2WebServerFlow(  client_id=<CLIENT ID HERE>,  client_secret=<CLIENT SECRET HERE>,  redirect_uri=https://.../oauth2callback,  scope=https://.../tasks,  user_agent=my-sample/1.0) Fill your Client ID, Client Secret and redirect URI
  75. 75. Step By Stepauthorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url) We request and authorization URL
  76. 76. Step By Stepauthorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url) We get redirected to the generate URL
  77. 77. Step By Stepcredentials = flow.step2_exchange(self.request.params)storage = StorageByKeyName(    Credentials, user.user_id(), credentials  )storage.put(credentials) We get Credentials when the Flow finishes, which we save in a Storage.
  78. 78. Step By Stepuser = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), credentials    )credentials = storage.get()http = httplib2.Http()http = credentials.authorize(http)To use Credentials we retrieve them from the Storage and apply them to an httplib2.Http() object.
  79. 79. Step By Stepuser = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), credentials    )credentials = storage.get()http = httplib2.Http()http = credentials.authorize(http)Now any HTTP requests made with http will be authorized with those Credentials.
  80. 80. Thanks everyone ☺
  81. 81. References● “OAuth 2.0 and the Google API Client for Python”.● “Understanding Google APIs” : http://fethidilmi.blogspot.com● Google Developers portal: http://developers.google.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×