Guy FlysherIntro to Web APIs andthe Google+ APIBarcamp Phnom Penh 2011Phnom Penh, Cambodia
About me● Developer in the Emerging markets team.● Joined Google in 2007.● Previously worked on Social graphs,  Gmail and ...
The Google+ API(s)?When people say the Google+ API they can sometime mean:1. The +1 button.2. The hangouts API.3. The actu...
Agenda● Part I: What are Web APIs?   ○ Explanation and examples.   ○ How to enable Google APIs.● Part II: The Google+ Web ...
What are Web APIs● As the name implies they are APIs based on the  web.● Requests are made via HTTP requests.● Responses r...
What is JSON?● JavaScript Object Notation.● Comprised of key value pairs.● Easy for people to read.● Easy for machines to ...
JSON example{ "myLabel": "my value", "image": {   "nestedLabel": "another value"   "anotherNestedLabel": "ok, got it." }, ...
A Web API call request:GET https://www.googleapis.com/plus/v1/people/102947238809719640943?key=AIzaSyB4g0MY3zsLInJHa-qbDg0...
A Web API call response:{ "kind": "plus#person", "id": "102947238809719640943", "displayName": "Guy Flysher", "tagline": "...
(Some of) Googles web APIs    Analytics         Blogger          Books       Custom Search  Cloud SQL         Cloud storag...
Enabling access to Google APIs● Enabling access to the different Google APIs is done via the  Google API console.● Can be ...
Agenda● Part I: What are Web APIs?● Part II: The Google+ Web API● Part III: OAuth and Client Libraries● Part IV: Client Li...
Google+ Web API overviewCurrently the API allows access to three things: 1. People     ○ get     ○ search     ○ listByActi...
Google+ Web API overview - People● get  Get a persons profile (requires the persons user ID) - Returns  a "person" resourc...
People get exampleGET https://www.googleapis.com/plus/v1/people/102947238809719640943?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCW...
People get respone:{ "kind": "plus#person", "id": "102947238809719640943", "displayName": "Guy Flysher", "tagline": "A leg...
Google+ Web API overview - Activities● list  List all of the activities in the specified collection (currently only  publi...
Activities search exampleGET https://www.googleapis.com/plus/v1/activities?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCWak05hmI&ord...
Activities search responseToo big to fit in a slide...so...Play around with the API online:http://code.google.com/apis/exp...
Google+ Web API overview -Comments● list  List all of the comments for an activity - Returns a collection of  "comments" r...
Comments list exampleGET https://www.googleapis.com/plus/v1/activities/z12pgdeqosedtdqtt22cshljesigjfxs5/comments?key=AIza...
Agenda● Part I: What are Web APIs?● Part II: The Google+ Web API● Part III: OAuth● Part IV: Client Libraries
Applications acting on behalf of theuser ● Some applications need access a users product data (e.g.   Calendar meetings) ●...
The solution: OAuth● OAuth is an open standard for authorization.● Allows users to share their private resources (e.g. pho...
http://web-apis-slides.appspot.com/demo
How does it work? ● You (your application) sends the user to a special URL   asking for the permissions you want:REDIRECT ...
Confirmation page
If the user agrees...Google redirects the user to:https://mydemo.com/oauth2callback?code=4/P7q8W92a-oMsCeLvIaQm6bTrgtp7If ...
Exchange the code for OAuth2 tokensSend a post request:POST /o/oauth2/token HTTP/1.1Host: accounts.google.comcode=4/P7q8W9...
Exchange the code for OAuth2 tokensWe get back a JSON response:HTTP/1.1 200 OK{  "access_token": "1/fFAGRNJru1FTz70BzhT3Zg...
Using the OAuth tokenIn Google+ for example, we can now use the "me" identifier:GET https://www.googleapis.com/plus/v1/peo...
Agenda● Part I: What are Web APIs?● Part II: The Google+ Web API● Part III: OAuth● Part IV: Client Libraries
The great news...You dont need to do all this work: ● Prepare the HTTP API calls ● Parse the JSON response ● Prepare the O...
Using the Google+ Java client library// This sample assumes a client "plus" object has been created.Plus.People.Search sea...
Using the OAuth2 Java client library// Get the OAuth2 code.public void doGet(  HttpServletRequest req, HttpServletResponse...
Using the OAuth2 Java client library (2)// Get the OAuth2 tokens.public void doGet(  HttpServletRequest req, HttpServletRe...
Using the OAuth2 Java client library (3)...  // Save authResponse.accessToken and authResponse.refreshToken  // in a datab...
!Q&A
Learning moreGoogle+ API:https://developers.google.com/+/api/Google API client libraries:https://developers.google.com/+/d...
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011
Upcoming SlideShare
Loading in …5
×

Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011

2,034 views

Published on

Intro to Web APIs and the Google+ API by Guy Flysher Google Software Engineer at Barcamp Phnom Penh 2011, Phnom Penh, Cambodia.

Published in: Technology, News & Politics
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
2,034
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
30
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Introduction to Web APIs and the Google+ API - BarCamp Phnom Penh 2011

  1. 1. Guy FlysherIntro to Web APIs andthe Google+ APIBarcamp Phnom Penh 2011Phnom Penh, Cambodia
  2. 2. About me● Developer in the Emerging markets team.● Joined Google in 2007.● Previously worked on Social graphs, Gmail and Google Accounts.● Currently work on SMS products (Chat SMS, G+ SMS and more to come...)● G+ profile: http://gplus.to/GuyFlysher
  3. 3. The Google+ API(s)?When people say the Google+ API they can sometime mean:1. The +1 button.2. The hangouts API.3. The actual Google+ API :)
  4. 4. Agenda● Part I: What are Web APIs? ○ Explanation and examples. ○ How to enable Google APIs.● Part II: The Google+ Web API● Part III: OAuth and Web APIs● Part IV: Client Libraries
  5. 5. What are Web APIs● As the name implies they are APIs based on the web.● Requests are made via HTTP requests.● Responses return as JSON.● Can be implemented in any language that supports HTTP requests.● If the request was successful the HTTP status code is set to 200, otherwise another code will be returned along with a description of the error.
  6. 6. What is JSON?● JavaScript Object Notation.● Comprised of key value pairs.● Easy for people to read.● Easy for machines to parse.
  7. 7. JSON example{ "myLabel": "my value", "image": { "nestedLabel": "another value" "anotherNestedLabel": "ok, got it." }, "collectionOfObjects": [ { "nestedLabelAgain": "first value", }, { "nestedLabelAgain": "second value" } ]}
  8. 8. A Web API call request:GET https://www.googleapis.com/plus/v1/people/102947238809719640943?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCWak05hmI
  9. 9. A Web API call response:{ "kind": "plus#person", "id": "102947238809719640943", "displayName": "Guy Flysher", "tagline": "A legend in his own mind", "gender": "male", "aboutMe": "No matter who began or first commenced it, I'm against it!", "url": "https://plus.google.com/102947238809719640943", "image": { "url": "https://lh5.googleusercontent.com/<removed to fit slide>" }, "urls": [ { "value": "https://plus.google.com/102947238809719640943", "type": "profile" }, { "value": "https://www.googleapis.com/plus/v1/people/102947238809719640943", "type": "json" } ]}
  10. 10. (Some of) Googles web APIs Analytics Blogger Books Custom Search Cloud SQL Cloud storage Google+ Buzz Identity Toolkit Moderator Orkut Places Search for Tasks Translate Audit Shopping Page Speed Latitude URL Shortner And more!
  11. 11. Enabling access to Google APIs● Enabling access to the different Google APIs is done via the Google API console.● Can be found at: https://code.google.com/apis/console/● Also used to enable Oauth access (more on that later).● Gives you an API key (remember the example before?)● Lets do it together.
  12. 12. Agenda● Part I: What are Web APIs?● Part II: The Google+ Web API● Part III: OAuth and Client Libraries● Part IV: Client Libraries
  13. 13. Google+ Web API overviewCurrently the API allows access to three things: 1. People ○ get ○ search ○ listByActivity 2. Activities ○ list ○ get ○ search 3. Comments ○ list ○ get
  14. 14. Google+ Web API overview - People● get Get a persons profile (requires the persons user ID) - Returns a "person" resource.● search Search all public profiles - Returns a collection of "people" resources (+ a few more details).● listByActivity List all of the people in the specified collection for a particular activity (+1/Reshare) - Returns a collection of "people" resources (+ a few more details).
  15. 15. People get exampleGET https://www.googleapis.com/plus/v1/people/102947238809719640943?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCWak05hmI
  16. 16. People get respone:{ "kind": "plus#person", "id": "102947238809719640943", "displayName": "Guy Flysher", "tagline": "A legend in his own mind", "gender": "male", "aboutMe": "No matter who began or first commenced it, I'm against it!", "url": "https://plus.google.com/102947238809719640943", "image": { "url": "https://lh5.googleusercontent.com/<removed to fit in slide>" }, "urls": [ { "value": "https://plus.google.com/102947238809719640943", "type": "profile" }, { "value": "https://www.googleapis.com/plus/v1/people/102947238809719640943", "type": "json" } ]}
  17. 17. Google+ Web API overview - Activities● list List all of the activities in the specified collection (currently only public) for a particular user - Returns a collection of "activities" resources (+ a few more details)● get Get an activity (requires the activitys ID) - Returns an "activity" resource.● search Search public activities - Returns a collection of "activities" resources (+ a few more details).
  18. 18. Activities search exampleGET https://www.googleapis.com/plus/v1/activities?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCWak05hmI&orderBy=recent&query=snooker
  19. 19. Activities search responseToo big to fit in a slide...so...Play around with the API online:http://code.google.com/apis/explorer/And the result of the example.
  20. 20. Google+ Web API overview -Comments● list List all of the comments for an activity - Returns a collection of "comments" resources (+ a few more details)● get Get a comment (requires the comments ID) - Returns a "comment" resource.
  21. 21. Comments list exampleGET https://www.googleapis.com/plus/v1/activities/z12pgdeqosedtdqtt22cshljesigjfxs5/comments?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCWak05hmI Result
  22. 22. Agenda● Part I: What are Web APIs?● Part II: The Google+ Web API● Part III: OAuth● Part IV: Client Libraries
  23. 23. Applications acting on behalf of theuser ● Some applications need access a users product data (e.g. Calendar meetings) ● Some applications need to perform actions on behalf of the user in a product (e.g. set up a meeting). ● How does the application prove to the product (in this case Google) that it is allowed to act for the user? ○ User gives the application their password? ■ This is bad, why?
  24. 24. The solution: OAuth● OAuth is an open standard for authorization.● Allows users to share their private resources (e.g. photos, videos) stored on one site with another site without having to hand out their username and password.● The user is prompted by Google to give the application the permissions it is asking for.● If the user agrees Google gives the application a "token" with which the application can act on behalf of the user.
  25. 25. http://web-apis-slides.appspot.com/demo
  26. 26. How does it work? ● You (your application) sends the user to a special URL asking for the permissions you want:REDIRECT https://accounts.google.com/o/oauth2/auth? client_id=685953454903.apps.googleusercontent.com& redirect_uri=https://mydemo.com/oauth2callback& scope=https://www.googleapis.com/auth/plus.me& response_type=code
  27. 27. Confirmation page
  28. 28. If the user agrees...Google redirects the user to:https://mydemo.com/oauth2callback?code=4/P7q8W92a-oMsCeLvIaQm6bTrgtp7If the user doesnt agree, Google redirects to the same URLwith no code parameter (but with an error parameter).
  29. 29. Exchange the code for OAuth2 tokensSend a post request:POST /o/oauth2/token HTTP/1.1Host: accounts.google.comcode=4/P7q8W92a-oMsCeLvIaQm6bTrgtp7&client_id=685953454903.apps.googleusercontent.com&client_secret=Au4-Kcj1TPv0ycmNbjNV_esF&redirect_uri=https://www.example.com/back&grant_type=authorization_code
  30. 30. Exchange the code for OAuth2 tokensWe get back a JSON response:HTTP/1.1 200 OK{ "access_token": "1/fFAGRNJru1FTz70BzhT3Zg", "expires_in": 3920, "refresh_token":"1/6BMfW9j53gdGImsixUH6kU5RsR4zwI9lUVX-tqf8JXQ"}
  31. 31. Using the OAuth tokenIn Google+ for example, we can now use the "me" identifier:GET https://www.googleapis.com/plus/v1/people/me?key=AIzaSyB4g0MY3zsLInJHa-qbDg0rbyCWak05hmI&access_token=1/fFAGRNJru1FTz70BzhT3ZgThis will return the profile of the user this token was issues for.
  32. 32. Agenda● Part I: What are Web APIs?● Part II: The Google+ Web API● Part III: OAuth● Part IV: Client Libraries
  33. 33. The great news...You dont need to do all this work: ● Prepare the HTTP API calls ● Parse the JSON response ● Prepare the OAuth2 requests (including refreshing the access token).Google has client libraries for using the Google+ API (as well as theother APIs) for: ● .Net ● GWT ● Java ● Objective C (Iphone) ● PHP ● Python ● Ruby
  34. 34. Using the Google+ Java client library// This sample assumes a client "plus" object has been created.Plus.People.Search searchPeople = plus.people().search();searchPeople.setQuery("Jenny");searchPeople.setMaxResults(5L);PeopleFeed peopleFeed = searchPeople.execute();List<Person> people = peopleFeed.getItems();// Go over all the results...
  35. 35. Using the OAuth2 Java client library// Get the OAuth2 code.public void doGet( HttpServletRequest req, HttpServletResponse resp) { // Generate the URL to which we will direct users. String authorizeUrl = new GoogleAuthorizationRequestUrl( 685953454903.apps.googleusercontent.com, // App ID https://mydemo.com/oauth2callbackurl, // Redirect URL https://www.googleapis.com/auth/plus.me) // Scope .build(); // Redirect the user so that they can allow us access. resp.sendRedirect(authorizeUrl); return;}
  36. 36. Using the OAuth2 Java client library (2)// Get the OAuth2 tokens.public void doGet( HttpServletRequest req, HttpServletResponse resp) { String oauth2Code = req.getParameter("code"); if (oauth2Code == null) { /* User did not allow us access */ } // Exchange the code for an access and refresh tokens. GoogleAuthorizationCodeGrant authRequest = new GoogleAuthorizationCodeGrant(TRANSPORT, JSON_FACTORY, CLIENT_ID, CLIENT_SECRET, oauth2Code, CALLBACK_URL); authRequest.useBasicAuthorization = false; AccessTokenResponse authResponse = authRequest.execute(); ...
  37. 37. Using the OAuth2 Java client library (3)... // Save authResponse.accessToken and authResponse.refreshToken // in a database somewhere to be used for this user whenever // we need it. // If the access token has expired, get a new one. GoogleAccessProtectedResource access = new GoogleAccessProtectedResource(authResponse.accessToken, TRANSPORT, JSON_FACTORY, CLIENT_ID, CLIENT_SECRET, authResponse.refreshToken); access.refreshToken(); // access.getAccessToken() will contain the new token.
  38. 38. !Q&A
  39. 39. Learning moreGoogle+ API:https://developers.google.com/+/api/Google API client libraries:https://developers.google.com/+/downloadsThe Plus Java client library docs:http://goo.gl/ojaLMOAuth 2 in Java:http://code.google.com/p/google-api-java-client/wiki/OAuth2Draft10

×