google apis

82
Understanding Google APIs Building application that uses Google APIs Fethi DILMI Active Member at Scientific Club of ESI – CSE Technical Manager at GDG Algiers Microsoft Student Partner

Upload: club-scientifique-de-lesi-cse

Post on 27-Dec-2014

598 views

Category:

Documents


2 download

DESCRIPTION

Je Partage #1 - 2013 Présentation sur le fonctionnement des Google APIs et les technologies Google les plus incontournables et les plus utiles dans le domaine de développement. Par : DILMI Fethi ([email protected])

TRANSCRIPT

Page 1: Google APIs

UnderstandingGoogle APIsBuilding application that uses Google APIs

Fethi DILMI

Active Member at Scientific Club of ESI – CSE

Technical Manager at GDG Algiers

Microsoft Student Partner

Page 2: Google APIs

What's Google APIs?

Page 3: Google APIs

What's Google APIsWhat's Google APIs

● Google offers a variety of APIs, mostly web APIs for web developers and mobile developers.

● The APIs are based on popular Google consumer products, including Google Maps, Google Earth, AdSense, Adwords, Google Apps and YouTube.

Page 4: Google APIs

Example:● YOU use Google+ from your web browser.● Your Android application uses Google+ through

Google+ API.● i.e: Google APIs are the tools we need to build

applications that can use Google Products.

What's Google APIsWhat's Google APIs

Page 5: Google APIs

How Google APIs work behind the scenes?

Page 6: Google APIs

How Google APIs work behind the scenes ?How Google APIs work behind the scenes ?

● Most of Google APIs are web-based APIs.● This kind of APIs are called RESTFUL APIs (because they

are based on REST architecture).● REST is a style of software architecture that is based on

HTTP protocol to retrieve data.

Page 7: Google APIs

How Google APIs work behind the scenes ?How Google APIs work behind the scenes ?

● Most of Google APIs are web-based APIs.● This kind of APIs are called RESTFUL APIs (because they

are based on REST architecture).● REST is a style of software architecture that is based on

HTTP protocol to retrieve data.

Simply, in order to use Google APIs , you only need to make HTTP requests to get

data ☺

Page 8: Google APIs

How Google APIs work behind the scenes ?How Google APIs work behind the scenes ?

Example: “Google Places API”

https://maps.googleapis.com/maps/api/place/nearbysearch/xml?

location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKey

Here

Page 9: Google APIs
Page 10: Google APIs

Global Structure of an API HTTPrequest:

Page 11: Google APIs

Global Structure of an API HTTP requestGlobal Structure of an API HTTP request

Each HTTP request is composed of 4 parts:– API Scope– Action– Output format– Parameters

To understand these parts, we'll take the previous example:

https://maps.googleapis.com/maps/api/place/nearbysearch/xml?

location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere

Page 12: Google APIs

Global Structure of an API HTTP requestGlobal Structure of an API HTTP request

1- API Scope:● A scope is the main part of the HTTP request.● In our case it's: https://maps.googleapis.com/maps/api/place

● A scope defines the web address of the API.● For example, the scope of Google Latitude API is:

https://www.googleapis.com/latitude/

NB: Some API Scopes defines an API version, just like the Latitude API

Page 13: Google APIs

Global Structure of an API HTTP requestGlobal Structure of an API HTTP request

2- Output formats:● There are 2 possible output formats for an API request.

– JSON – XML

● In the previous example, we could get the same results in JSON format:

https://maps.googleapis.com/maps/api/place/nearbysearch/jsonjson ?

location=36.825,2.3257&radius=50000&sensor=false&key=AddYourOwnKeyHere

Page 14: Google APIs

Global Structure of an API HTTP requestGlobal Structure of an API HTTP request

3- ACTION:● Each Google web API gives you a set of possibilities

called ACTIONS.● In our example, we specified for the Google Places API

the action “nearbysearch” to search places in a radius of 50Km.

● We could also search a place's detail.

Page 15: Google APIs

Global Structure of an API HTTP requestGlobal Structure of an API HTTP request

4- Parameters:● Each action has a set of parameters.● Action Parameters let you customize the results you

want to get.● In our example, we could add the parameter

“type=food” to search only for restaurants.

Page 16: Google APIs

Types of Google web APIs

Page 17: Google APIs

Types of Google web APIsTypes of Google web APIs

● There are 2 kinds of Google web APIs:– Public APIs.– Private APIs.

Page 18: Google APIs

Types of Google web APIsTypes of Google web APIs

1- Public APIs● Interact with public content: Google Maps API, Google

Places API ..● Need an authentication key to be able to retrieve data.

Page 19: Google APIs

Types of Google web APIsTypes of Google web APIs

2- Private APIs● Interact with user private date: Google+ API, Google

Latitude API, Google Drive SDK ..● Need an authorization process before accessing to user

data.

Page 20: Google APIs

Public APIs and Authentication:What's THAT !!

Page 21: Google APIs

AuthenticationAuthentication

● Public APIs use authentication key to identify your application.● This means, in our previous example we would not be able to

make a search using Google Places API without specifying an authentication key.

● Each device type has a different kind of key:– Android application authentication key.– Web application authentication key.– Web Service authentication key – ..

Page 22: Google APIs

AuthenticationAuthentication

But Why ?

Page 23: Google APIs

AuthenticationAuthentication

● Identify from which device your application is making API request: i.e: You can't make an API request from a web browser using an Android application authentication key.

● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.

● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since we're talking about a daily quota, we have to limit the number of requests/second for a single user.

Page 24: Google APIs

AuthenticationAuthentication

● Identify from which device your application is making API request: i.e: You can't make an API request from a web browser using an Android application authentication key.

● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.

● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since we're talking about a daily quota, we have to limit the number of requests/second for a single user.

Page 25: Google APIs

AuthenticationAuthentication

● Identify from which device your application is making API request: i.e: You can't make an API request from a web browser using an Android application authentication key.

● Limit the quota of requests per day: Each API has a limited number of requests per day. Since your application makes request using an authentication key, Google Servers will be able to stop your application when it exceeds its daily quota.

● Limit the number of requests per second for a single user: Your application may be used by millions of people at the same time, and since we're talking about a daily quota, we have to limit the number of requests/second for a single user.

Page 26: Google APIs

Private APIs and Authorization:What's THAT !!

Page 27: Google APIs

Authorization:Authorization:

● Private APIs try to fetch user data.● This cannot be done without the permission of the user.● So we need a tool to demand permissions from the user

in order to perform action on his/her private data.

Page 28: Google APIs

Authorization:Authorization:

● Private APIs try to fetch user data.● This cannot be done without the permission of the user.● So we need a tool to demand permissions from the user

in order to perform action on his/her private data.

THIS TOOL IS CALLED “OAuth2.0”

Page 29: Google APIs

It is trying to solve a tricky problem.

What is OAuth2.0 ?What is OAuth2.0 ?

Page 30: Google APIs

If you, the developer, are building an application.

What is OAuth2.0 ?What is OAuth2.0 ?

Page 31: Google APIs

And your users

What is OAuth2.0 ?What is OAuth2.0 ?

Page 32: Google APIs

have data in another service that your application needs to function

What is OAuth2.0 ?What is OAuth2.0 ?

Page 33: Google APIs

such as their tasks list, or their photos

What is OAuth2.0 ?What is OAuth2.0 ?

Page 34: Google APIs

HOW DO YOU GO ABOUT GETTING IT?

???

What is OAuth2.0 ?What is OAuth2.0 ?

Page 35: Google APIs

You could ask the user for their name and password.

NO !!NO !!

Page 36: Google APIs

But then the user has given your application access to all their data on that service. That's not safe. Don't do that.

NO !!NO !!

Page 37: Google APIs

The user's name and password are like keys to their digital kingdom, you should never ask for them.

NO !!NO !!

Page 38: Google APIs

What we really want is a special key, one that only allows access to a limited set of data in the API.

Better ☺Better ☺

Page 39: Google APIs

A special key that the User can let the App acquire and use without the use of their name and password.

Better ☺Better ☺

Page 40: Google APIs

But for that to work, everyone has to confirm that everyone else is who they say they are.

That's OAuth2.0 ☺That's OAuth2.0 ☺

Page 41: Google APIs

That looks simple after all this

That's OAuth2.0 ☺That's OAuth2.0 ☺

Page 42: Google APIs

But actually, it's a little more complicated than even that, because that special key (Code)

That's OAuth2.0 ☺That's OAuth2.0 ☺

Page 43: Google APIs

can change over time to keep things secure.

That's OAuth2.0 ☺That's OAuth2.0 ☺

Page 44: Google APIs

How to create Authentication andAuthorization keys ?

Page 45: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● To get authentication/authorization keys, you have to register your application.

● Registering your application is signing its name, type, package, and extra info.

Page 46: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● To get authentication/authorization keys, you have to register your application.

● Registering your application is signing its name, type, package, and extra info.

Please focus on the following steps ☺

Page 47: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● Connect to your Google account.● Go to: https://code.google.com/apis/console/ ● Click on “Create Project”

Page 48: Google APIs

● Now there is a list of all Google APIs, choose for example the "Google Places API", and check it up:

● Register your organization like shown in the image and click submit:

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

Page 49: Google APIs

● Agree & Accept

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

Page 50: Google APIs

● You can now notice that the Google Places API is activated:

● Click on "Overview", then click on "Register" in order to register your project:

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

Page 51: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● Type a unique project ID

Page 52: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● You've created automatically an authentication key for browser applications

Page 53: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● You can click on:– Create New Server Key: To create an authentication key for

a server application– Create New Server Key: To create an authentication key for

an Android application.● You can create many authentication keys for the same

application type (example: 3 authentication keys for Android Applications)

Page 54: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● And Now ..

How To Create Authorization Keys ?

Page 55: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● Click on “Create an OAuth 2.0 Client ID”. This dialog will show up:

Page 56: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● Click on “Create an OAuth 2.0 Client ID”. This dialog will show up:

Page 57: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

Now please focus with me, it's so important ! In the following dialog, you'll be asked to specify your

application type !!

Page 58: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

1- Web Applications: ● If you choose this type of application, you'll be asked to

specify your application URL. Than Google will generate a redirect URI according to what you've entered.

Page 59: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

2- Server Applications: ● Applications of this type run on server. ● They're a little bit different, so I invite you to read this

article to understand more: https://developers.google.com/accounts/docs/OAuth2#serviceaccount

Page 60: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

3- Installed Applications:● This could be:

– Android application: You'll have to specify you're application package (it must be unique)

– iOS application.– Chrome extension. – A Desktop application .– etc...

Page 61: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● I'll take the example of a Desktop Application

Page 62: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● When you click “Create Client ID”, this dialog will show up:

Page 63: Google APIs

How to create Authentication and Authorization keys ?

How to create Authentication and Authorization keys ?

● You can create many authorization keys for many projects.

● We'll see how to use the “Client ID” and the “Client Secret” to make authorized API calls.

Page 64: Google APIs

Some demonstration:Step By Step ☺

Page 65: Google APIs

Google APIs Client LibrariesGoogle APIs Client Libraries

● It's not easy to construct manually authorized HTTP requests.

● It's much harder to parse the XML/JSON results in order to extract information.

Page 66: Google APIs

Google APIs Client LibrariesGoogle APIs Client Libraries

● Google created some libraries to do those tasks for you: It's Google API Client Libraries.

● Google API Client Libraries are available in many languages (e.g: PHP, Python, C# and .NET, Java ..)

● In this Demo, we'll be using the Google API Client for Python.

Page 67: Google APIs

Now that we know what OAuth 2.0 looks like. How does it work in the Google API Client for Python?

Let's Start !!Let's Start !!

Page 68: Google APIs

The key is held in a Credentials object.

CredentialsCredentials

Page 69: Google APIs

All the steps needed to go through getting Credentials is in a Flow object.

FlowFlow

Page 70: Google APIs

Storage

And finally, because keys can change over time there is a Storage object for storing and retrieving keys.

StorageStorage

Page 71: Google APIs

Flow Credentials Storage

You set up and run a Flow, which in the end produces Credentials, which you store in a Storage.

The ModelThe Model

Page 72: Google APIs

Later, when you need the key, you take it out of Storage and use it.

From PythonFrom Python

Page 73: Google APIs

So let's look at actual code.

Step By StepStep By Step

Page 74: Google APIs

First, create a Flow.

FLOW = OAuth2WebServerFlow(  client_id='<CLIENT ID HERE>',  client_secret='<CLIENT SECRET HERE>',  redirect_uri='https://.../oauth2callback',  scope='https://.../tasks',  user_agent='my-sample/1.0')

Step By StepStep By Step

Page 75: Google APIs

Fill your Client ID, Client Secret and redirect URI

FLOW = OAuth2WebServerFlow(  client_id='<CLIENT ID HERE>',  client_secret='<CLIENT SECRET HERE>',  redirect_uri='https://.../oauth2callback',  scope='https://.../tasks',  user_agent='my-sample/1.0')

Step By StepStep By Step

Page 76: Google APIs

We request and authorization URL

authorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url)

Step By StepStep By Step

Page 77: Google APIs

We get redirected to the generate URL

authorize_url = FLOW.step1_get_authorize_url()self.redirect(authorize_url)

Step By StepStep By Step

Page 78: Google APIs

We get Credentials when the Flow finishes, which we save in a Storage.

credentials = flow.step2_exchange(self.request.params)storage = StorageByKeyName(    Credentials, user.user_id(), 'credentials'  )storage.put(credentials)

Step By StepStep By Step

Page 79: Google APIs

To use Credentials we retrieve them from the Storage and apply them to an httplib2.Http() object.

user = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), 'credentials'    )credentials = storage.get()

http = httplib2.Http()http = credentials.authorize(http)

Step By StepStep By Step

Page 80: Google APIs

user = users.get_current_user()storage = StorageByKeyName(        Credentials, user.user_id(), 'credentials'    )credentials = storage.get()

http = httplib2.Http()http = credentials.authorize(http)

Now any HTTP requests made with http will be authorized with those Credentials.

Step By StepStep By Step

Page 81: Google APIs

Thanks everyone ☺

Page 82: Google APIs

ReferencesReferences

● “OAuth 2.0 and the Google API Client for Python”.● “Understanding Google APIs” :

http://fethidilmi.blogspot.com ● Google Developers portal:

http://developers.google.com