Qt and Web Services: Difference between revisions

From Qt Wiki
Jump to navigation Jump to search
No edit summary
 
(qt.nokia.com -> qt.io)
 
(10 intermediate revisions by 5 users not shown)
Line 1: Line 1:
=Qt and Web Services=


This page tracks current Web Service trends and the requirements of those in Qt. See also the [http://bugreports.qt.nokia.com/browse/QTBUG-13353 corresponding task in the Qt bug tracker] ''[bugreports.qt.nokia.com]'' .
[[Category:Developing Qt::Network]]
[[Category:Developing Qt::Bugs]]


==Areas for Improvement==


* [http://bugreports.qt.nokia.com/browse/QTBUG-6229 OAuth] ''[bugreports.qt.nokia.com]'' . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc. OAuth comes in two versions:
This page tracks current Web Service trends and the requirements of those in Qt. See also the [https://bugreports.qt.io/browse/QTBUG-13353 corresponding task in the Qt bug tracker] .
** OAuth 1.0a: Authentication / authorization is done in either <span class="caps">HTTP</span> headers or <span class="caps">URL</span>, no <span class="caps">SSL</span> needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
 
*** <span class="caps">QOA</span>uth: depends on <span class="caps">QCA</span> and <span class="caps">QCA</span>’s OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
== Areas for Improvement ==
 
* [https://bugreports.qt.io/browse/QTBUG-6229 OAuth] . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc.
*OAuth comes in two versions:
** OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
*** QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
*** kOAuth: I have not looked at that closely.
*** kOAuth: I have not looked at that closely.
** OAuth 2: No signing / hashing etc. required, expects data to be sent over <span class="caps">SSL</span>. As far as I can see this can be easily supported on top of Qt.<br /> It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data <span class="caps">API</span>s offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
** OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.
* [http://bugreports.qt.nokia.com/browse/QTBUG-12761 <span class="caps">JSON</span> support] ''[bugreports.qt.nokia.com]'' . Web Services usually offer their data in either <span class="caps">XML</span> or <span class="caps">JSON</span>, with <span class="caps">JSON</span> having become a lot more popular than <span class="caps">XML</span>. <span class="caps">JSON</span> can be parsed directly from <span class="caps">QML</span> (I think – could somebody confirm?), if parsing within C++ is used, there is a 3rdparty solution called [http://qjson.sourceforge.net/ QJson] ''[qjson.sourceforge.net]'' and one written by Girish called [http://blog.forwardbias.in/2011/01/qjsonparser-parse-and-stringify-json-with-qt.html qjsonparser] ''[blog.forwardbias.in]''
It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).


==Completed features==
== Completed features ==


* <span class="caps">HTTP</span> <span class="caps">DELETE</span> (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via <span class="caps">POST</span>.
* HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
* [http://bugreports.qt.nokia.com/browse/QTBUG-6222 <span class="caps">HTTP</span> multipart messages] ''[bugreports.qt.nokia.com]'' (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
* [https://bugreports.qt.io/browse/QTBUG-6222 HTTP multipart messages] (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
* [https://bugreports.qt.io/browse/QTBUG-12761 JSON support] . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML.


==Web Services Matrix==
== Web Services Matrix ==


'''(possibly outdated, feel free to update)'''
'''<span class="update to free feel outdated, possibly"></span>'''


{| class="infotable line"
{| class="wikitable"
| '''Name'''
! Name
| '''Access Method'''
! Access Method  
| '''Data format'''
! Data format  
| '''Authentication'''
! Authentication  
| '''Additional Requirements'''
! Additional Requirements  
| '''Comment'''
! Comment  
|-
|-
| Facebook
| Facebook  
| <span class="caps">REST</span>, <span class="caps">FQL</span> (Facebook Query Language, their own <span class="caps">SQL</span> – style language)
| REST, FQL (Facebook Query Language, their own SQL - style language)  
| <span class="caps">XML</span>, <span class="caps">JSON</span>
| XML, JSON  
| OAuth 2.0 for desktop apps
| OAuth 2.0 for desktop apps  
| <span class="caps">HTTP</span> multipart messages (for uploading photos)
| HTTP multipart messages (for uploading photos)  
|
| offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)<br>there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp)  
offers a <span class="caps">XML</span> schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: <span class="caps">FBML</span> (their own <span class="caps">HTML</span> – style language), <span class="caps">XFBML</span> (for using <span class="caps">FBML</span> in a normal <span class="caps">HTML</span> site), <span class="caps">FBJS</span> (their own JavaScript-style language)&lt;br&gt;there is already a Qt Facebook <span class="caps">API</span> called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp)
|-
|-
| Flickr
| Flickr  
| <span class="caps">REST</span>, <span class="caps">SOAP</span>, <span class="caps">XML</span> – <span class="caps">RPC</span>
| REST, SOAP, XML - RPC  
| <span class="caps">XML</span> (<span class="caps">SOAP</span> 1.2 / plain / <span class="caps">XML</span> – <span class="caps">RPC</span>), <span class="caps">JSON</span>, <span class="caps">PHP</span> – serialized
| XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized  
| as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth)
| as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth)  
| <span class="caps">HTTP</span> multipart messages (for uploading photos)
| HTTP multipart messages (for uploading photos)  
|
|  
|-
|-
| Twitter
| Twitter  
| <span class="caps">REST</span>, <span class="caps">ATOM</span> (for some methods)
| REST, ATOM (for some methods)  
| <span class="caps">XML</span> (plain / <span class="caps">ATOM</span>), <span class="caps">JSON</span>
| XML (plain / ATOM), JSON  
| OAuth (login via web page); <span class="caps">HTTP</span> Basic Auth (only until June 2010)
| OAuth (login via web page); HTTP Basic Auth (only until June 2010)  
| OAuth 1.0a
| OAuth 1.0a  
|
| some parts of the API are only available in JSON and ATOM, namely search and trends<br>Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter  
some parts of the <span class="caps">API</span> are only available in <span class="caps">JSON</span> and <span class="caps">ATOM</span>, namely search and trends&lt;br&gt;Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter
|-
|-
| MySpace
| MySpace  
| <span class="caps">REST</span>
| REST  
| <span class="caps">XML</span>, <span class="caps">JSON</span>
| XML, JSON  
| OAuth
| OAuth  
| OAuth
| OAuth  
| the <span class="caps">API</span> supports OpenSocial <span class="caps">API</span>, which is “a common <span class="caps">API</span> for social applications”
| the API supports OpenSocial API, which is "a common API for social applications"
|-
|-
| Google Maps
| Google Maps  
| JavaScript
| JavaScript  
|
|  
|
|  
|
|  
| no real Web service <span class="caps">API</span>, but a JavaScript library to be used within a browser
| no real Web service API, but a JavaScript library to be used within a browser  
|-
|-
| Google Search
| Google Search  
| Ajax, <span class="caps">REST</span>
| Ajax, REST  
| JavaScript (Ajax), <span class="caps">JSON</span> (<span class="caps">REST</span>)
| JavaScript (Ajax), JSON (REST)  
| none required
| none required  
|
|  
|
| REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html<br>REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje  
<span class="caps">REST</span> interface is very limited, see [http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html<br> http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html&lt;br&gt;]<span class="caps">REST</span> <span class="caps">API</span> documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje
|-
|-
| Bing Search
| Bing Search  
| <span class="caps">REST</span>, <span class="caps">SOAP</span><ins><span class="caps">WSDL</span></ins>
| REST, SOAP+WSDL  
| <span class="caps">XML</span> (plain / <span class="caps">SOAP</span>)
| XML (plain / SOAP)  
| none required
| none required  
|
|  
|
|  
|-
|-
| Last.fm
| Last.fm  
| <span class="caps">REST</span>, <span class="caps">XML</span> – <span class="caps">RPC</span>, some calls as well <span class="caps">RSS</span> and iCal
| REST, XML - RPC, some calls as well RSS and iCal  
| <span class="caps">XML</span> (plain / <span class="caps">XML</span>-<span class="caps">RPC</span>)
| XML (plain / XML-RPC)  
| either Web browser (Web / Desktop apps) or getting username &amp; password from user and send that via md5 to last.fm
| either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm  
|
|  
|
| there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master  
there is a Qt C+ <span class="caps">API</span> called Liblastfm: http://github.com/mxcl/liblastfm/tree/master
|-
|-
| Google Data <span class="caps">API</span>
| Google Data API  
| <span class="caps">REST</span> (using Atom Publishing Protocol)
| REST (using Atom Publishing Protocol)  
| <span class="caps">XML</span> (Atom), <span class="caps">JSON</span>, <span class="caps">RSS</span>
| XML (Atom), JSON, RSS  
| for installed apps: their own ClientLogin (via <span class="caps">HTTPS</span>, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth
| for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth  
| <span class="caps">HTTP</span> multipart messages (not a strict requirement, for uploading photos etc.), OAuth
| HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth  
|
|  
|-
|-
| Amazon Cloud Services (EC2, S3 etc.)
| Amazon Cloud Services (EC2, S3 etc.)  
| <span class="caps">SOAP</span>+WSDL, <span class="caps">REST</span>
| SOAP+WSDL, REST  
| <span class="caps">XML</span>
| XML  
|
| SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely)  
<span class="caps">SOAP</span>: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), <span class="caps">REST</span>: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely)
| SOAP: WS-Security  
| <span class="caps">SOAP</span>: WS-Security
|  
|
|-
|-
| Ebay <span class="caps">API</span>
| Ebay API  
| <span class="caps">SOAP</span>+WSDL, <span class="caps">REST</span>, <span class="caps">HTTP</span> <span class="caps">GET</span>
| SOAP+WSDL, REST, HTTP GET  
| <span class="caps">XML</span>, <span class="caps">JSON</span>
| XML, JSON  
|
|  
| <span class="caps">HTTP</span> multipart messages
| HTTP multipart messages  
|
|  
|-
|-
| Wordpress
| Wordpress  
| <span class="caps">XMLRPC</span>
| XMLRPC  
| <span class="caps">XML</span>
| XML  
|
|  
|
|  
|
|  
|-
|-
| StudiVZ (German Facebook clone)
| StudiVZ (German Facebook clone)  
| <span class="caps">REST</span>
| REST  
| <span class="caps">XML</span>, <span class="caps">JSON</span>, JavaScript, <span class="caps">ATOM</span>+XML
| XML, JSON, JavaScript, ATOM+XML  
| OAuth
| OAuth  
| OAuth
| OAuth  
| supports OpenSocial ; currently says “OAuth not supported at the moment”, I don’t know if they are actually using it or not
| supports OpenSocial ; currently says "OAuth not supported at the moment", I don't know if they are actually using it or not  
|-
|-
| LinkedIn
| LinkedIn  
| <span class="caps">REST</span>
| REST  
| <span class="caps">XML</span>
| XML  
| OAuth 1.0a
| OAuth 1.0a  
| OAuth 1.0a
| OAuth 1.0a  
|
|  
|-
|-
| Windows Messenger Connect
| Windows Messenger Connect  
| JavaScript
| JavaScript  
|
|  
|
|  
| OAuth <span class="caps">WRAP</span>
| OAuth WRAP  
|
|  
|
|-
| DropBox
| <span class="caps">TODO</span>
|
|
|
|
|
|}
|}
===Categories:===
* [[:Category:Developing-Qt|Developing Qt]]
** [[:Category:Developing-Qt::Bugs|Bugs]]
* [[:Category:Developing-Qt::Network|Network]]

Latest revision as of 14:34, 5 March 2016


This page tracks current Web Service trends and the requirements of those in Qt. See also the corresponding task in the Qt bug tracker .

Areas for Improvement

  • OAuth . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc.
  • OAuth comes in two versions:
    • OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
      • QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
      • kOAuth: I have not looked at that closely.
    • OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.

It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).

Completed features

  • HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
  • HTTP multipart messages (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
  • JSON support . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML.

Web Services Matrix

Name Access Method Data format Authentication Additional Requirements Comment
Facebook REST, FQL (Facebook Query Language, their own SQL - style language) XML, JSON OAuth 2.0 for desktop apps HTTP multipart messages (for uploading photos) offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)
there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp)
Flickr REST, SOAP, XML - RPC XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) HTTP multipart messages (for uploading photos)
Twitter REST, ATOM (for some methods) XML (plain / ATOM), JSON OAuth (login via web page); HTTP Basic Auth (only until June 2010) OAuth 1.0a some parts of the API are only available in JSON and ATOM, namely search and trends
Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter
MySpace REST XML, JSON OAuth OAuth the API supports OpenSocial API, which is "a common API for social applications"
Google Maps JavaScript no real Web service API, but a JavaScript library to be used within a browser
Google Search Ajax, REST JavaScript (Ajax), JSON (REST) none required REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html
REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje
Bing Search REST, SOAP+WSDL XML (plain / SOAP) none required
Last.fm REST, XML - RPC, some calls as well RSS and iCal XML (plain / XML-RPC) either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master
Google Data API REST (using Atom Publishing Protocol) XML (Atom), JSON, RSS for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth
Amazon Cloud Services (EC2, S3 etc.) SOAP+WSDL, REST XML SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) SOAP: WS-Security
Ebay API SOAP+WSDL, REST, HTTP GET XML, JSON HTTP multipart messages
Wordpress XMLRPC XML
StudiVZ (German Facebook clone) REST XML, JSON, JavaScript, ATOM+XML OAuth OAuth supports OpenSocial ; currently says "OAuth not supported at the moment", I don't know if they are actually using it or not
LinkedIn REST XML OAuth 1.0a OAuth 1.0a
Windows Messenger Connect JavaScript OAuth WRAP