Qt and Web Services: Difference between revisions

From Qt Wiki
Jump to navigation Jump to search
No edit summary
 
No edit summary
Line 1: Line 1:
=Qt and Web Services=
[[Category:Developing Qt::Network]]<br />[[Category:Developing Qt::Bugs]]


This page tracks current Web Service trends and the requirements of those in Qt. See also the [http://bugreports.qt.nokia.com/browse/QTBUG-13353 corresponding task in the Qt bug tracker] ''[bugreports.qt.nokia.com]'' .
[toc align_right=&quot;yes&amp;quot; depth=&quot;3&amp;quot;]


==Areas for Improvement==
= Qt and Web Services =


* [http://bugreports.qt.nokia.com/browse/QTBUG-6229 OAuth] ''[bugreports.qt.nokia.com]'' . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc. OAuth comes in two versions:
This page tracks current Web Service trends and the requirements of those in Qt. See also the &quot;corresponding task in the Qt bug tracker&amp;quot;:http://bugreports.qt.nokia.com/browse/QTBUG-13353 .
** OAuth 1.0a: Authentication / authorization is done in either <span class="caps">HTTP</span> headers or <span class="caps">URL</span>, no <span class="caps">SSL</span> needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
*** <span class="caps">QOA</span>uth: depends on <span class="caps">QCA</span> and <span class="caps">QCA</span>’s OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
*** kOAuth: I have not looked at that closely.
** OAuth 2: No signing / hashing etc. required, expects data to be sent over <span class="caps">SSL</span>. As far as I can see this can be easily supported on top of Qt.<br /> It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data <span class="caps">API</span>s offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
* [http://bugreports.qt.nokia.com/browse/QTBUG-12761 <span class="caps">JSON</span> support] ''[bugreports.qt.nokia.com]'' . Web Services usually offer their data in either <span class="caps">XML</span> or <span class="caps">JSON</span>, with <span class="caps">JSON</span> having become a lot more popular than <span class="caps">XML</span>. <span class="caps">JSON</span> can be parsed directly from <span class="caps">QML</span> (I think – could somebody confirm?), if parsing within C++ is used, there is a 3rdparty solution called [http://qjson.sourceforge.net/ QJson] ''[qjson.sourceforge.net]'' and one written by Girish called [http://blog.forwardbias.in/2011/01/qjsonparser-parse-and-stringify-json-with-qt.html qjsonparser] ''[blog.forwardbias.in]''


==Completed features==
== Areas for Improvement ==


* <span class="caps">HTTP</span> <span class="caps">DELETE</span> (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via <span class="caps">POST</span>.
* &quot;OAuth&amp;quot;:http://bugreports.qt.nokia.com/browse/QTBUG-6229 . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc.<br /> OAuth comes in two versions:
* [http://bugreports.qt.nokia.com/browse/QTBUG-6222 <span class="caps">HTTP</span> multipart messages] ''[bugreports.qt.nokia.com]'' (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
** OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
*** QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
*** kOAuth: I have not looked at that closely.
** OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.<br />It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
* &quot;JSON support&amp;quot;:http://bugreports.qt.nokia.com/browse/QTBUG-12761 . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML. JSON can be parsed directly from QML (I think - could somebody confirm?), if parsing within C++ is used, there is a 3rdparty solution called &quot;QJson&amp;quot;:http://qjson.sourceforge.net/ and one written by Girish called &quot;qjsonparser&amp;quot;:http://blog.forwardbias.in/2011/01/qjsonparser-parse-and-stringify-json-with-qt.html


==Web Services Matrix==
== Completed features ==


'''(possibly outdated, feel free to update)'''
* HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
* &quot;HTTP multipart messages&amp;quot;:http://bugreports.qt.nokia.com/browse/QTBUG-6222 (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.


{| class="infotable line"
== Web Services Matrix ==
| '''Name'''
| '''Access Method'''
| '''Data format'''
| '''Authentication'''
| '''Additional Requirements'''
| '''Comment'''
|-
| Facebook
| <span class="caps">REST</span>, <span class="caps">FQL</span> (Facebook Query Language, their own <span class="caps">SQL</span> – style language)
| <span class="caps">XML</span>, <span class="caps">JSON</span>
| OAuth 2.0 for desktop apps
| <span class="caps">HTTP</span> multipart messages (for uploading photos)
|
offers a <span class="caps">XML</span> schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: <span class="caps">FBML</span> (their own <span class="caps">HTML</span> – style language), <span class="caps">XFBML</span> (for using <span class="caps">FBML</span> in a normal <span class="caps">HTML</span> site), <span class="caps">FBJS</span> (their own JavaScript-style language)&lt;br&gt;there is already a Qt Facebook <span class="caps">API</span> called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp)
|-
| Flickr
| <span class="caps">REST</span>, <span class="caps">SOAP</span>, <span class="caps">XML</span> – <span class="caps">RPC</span>
| <span class="caps">XML</span> (<span class="caps">SOAP</span> 1.2 / plain / <span class="caps">XML</span> – <span class="caps">RPC</span>), <span class="caps">JSON</span>, <span class="caps">PHP</span> – serialized
| as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth)
| <span class="caps">HTTP</span> multipart messages (for uploading photos)
|
|-
| Twitter
| <span class="caps">REST</span>, <span class="caps">ATOM</span> (for some methods)
| <span class="caps">XML</span> (plain / <span class="caps">ATOM</span>), <span class="caps">JSON</span>
| OAuth (login via web page); <span class="caps">HTTP</span> Basic Auth (only until June 2010)
| OAuth 1.0a
|
some parts of the <span class="caps">API</span> are only available in <span class="caps">JSON</span> and <span class="caps">ATOM</span>, namely search and trends&lt;br&gt;Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter
|-
| MySpace
| <span class="caps">REST</span>
| <span class="caps">XML</span>, <span class="caps">JSON</span>
| OAuth
| OAuth
| the <span class="caps">API</span> supports OpenSocial <span class="caps">API</span>, which is “a common <span class="caps">API</span> for social applications”
|-
| Google Maps
| JavaScript
|
|
|
| no real Web service <span class="caps">API</span>, but a JavaScript library to be used within a browser
|-
| Google Search
| Ajax, <span class="caps">REST</span>
| JavaScript (Ajax), <span class="caps">JSON</span> (<span class="caps">REST</span>)
| none required
|
|
<span class="caps">REST</span> interface is very limited, see [http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html<br> http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html&lt;br&gt;]<span class="caps">REST</span> <span class="caps">API</span> documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje
|-
| Bing Search
| <span class="caps">REST</span>, <span class="caps">SOAP</span><ins><span class="caps">WSDL</span></ins>
| <span class="caps">XML</span> (plain / <span class="caps">SOAP</span>)
| none required
|
|
|-
| Last.fm
| <span class="caps">REST</span>, <span class="caps">XML</span> – <span class="caps">RPC</span>, some calls as well <span class="caps">RSS</span> and iCal
| <span class="caps">XML</span> (plain / <span class="caps">XML</span>-<span class="caps">RPC</span>)
| either Web browser (Web / Desktop apps) or getting username &amp; password from user and send that via md5 to last.fm
|
|
there is a Qt C+ <span class="caps">API</span> called Liblastfm: http://github.com/mxcl/liblastfm/tree/master
|-
| Google Data <span class="caps">API</span>
| <span class="caps">REST</span> (using Atom Publishing Protocol)
| <span class="caps">XML</span> (Atom), <span class="caps">JSON</span>, <span class="caps">RSS</span>
| for installed apps: their own ClientLogin (via <span class="caps">HTTPS</span>, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth
| <span class="caps">HTTP</span> multipart messages (not a strict requirement, for uploading photos etc.), OAuth
|
|-
| Amazon Cloud Services (EC2, S3 etc.)
| <span class="caps">SOAP</span>+WSDL, <span class="caps">REST</span>
| <span class="caps">XML</span>
|
<span class="caps">SOAP</span>: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), <span class="caps">REST</span>: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely)
| <span class="caps">SOAP</span>: WS-Security
|
|-
| Ebay <span class="caps">API</span>
| <span class="caps">SOAP</span>+WSDL, <span class="caps">REST</span>, <span class="caps">HTTP</span> <span class="caps">GET</span>
| <span class="caps">XML</span>, <span class="caps">JSON</span>
|
| <span class="caps">HTTP</span> multipart messages
|
|-
| Wordpress
| <span class="caps">XMLRPC</span>
| <span class="caps">XML</span>
|
|
|
|-
| StudiVZ (German Facebook clone)
| <span class="caps">REST</span>
| <span class="caps">XML</span>, <span class="caps">JSON</span>, JavaScript, <span class="caps">ATOM</span>+XML
| OAuth
| OAuth
| supports OpenSocial ; currently says “OAuth not supported at the moment”, I don’t know if they are actually using it or not
|-
| LinkedIn
| <span class="caps">REST</span>
| <span class="caps">XML</span>
| OAuth 1.0a
| OAuth 1.0a
|
|-
| Windows Messenger Connect
| JavaScript
|
|
| OAuth <span class="caps">WRAP</span>
|
|
|-
| DropBox
| <span class="caps">TODO</span>
|
|
|
|
|
|}


===Categories:===
'''<span class="update to free feel outdated, possibly"></span>'''


* [[:Category:Developing-Qt|Developing Qt]]
| '''Name''' | '''Access Method''' | '''Data format''' | '''Authentication''' | '''Additional Requirements''' | '''Comment''' |<br />| Facebook | REST, FQL (Facebook Query Language, their own SQL - style language) | XML, JSON | OAuth 2.0 for desktop apps | HTTP multipart messages (for uploading photos) | offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)&lt;br&amp;gt;there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp) |<br />| Flickr | REST, SOAP, XML - RPC | XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized | as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) | HTTP multipart messages (for uploading photos) | |<br />| Twitter | REST, ATOM (for some methods) | XML (plain / ATOM), JSON | OAuth (login via web page); HTTP Basic Auth (only until June 2010) | OAuth 1.0a | some parts of the API are only available in JSON and ATOM, namely search and trends&amp;lt;br&amp;gt;Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter |<br />| MySpace | REST | XML, JSON | OAuth | OAuth | the API supports OpenSocial API, which is &quot;a common API for social applications&amp;quot; |<br />| Google Maps | JavaScript | | | | no real Web service API, but a JavaScript library to be used within a browser |<br />| Google Search | Ajax, REST | JavaScript (Ajax), JSON (REST) | none required | | REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html&amp;lt;br&amp;gt;REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje |<br />| Bing Search | REST, SOAP+WSDL | XML (plain / SOAP) | none required | | |<br />| Last.fm | REST, XML - RPC, some calls as well RSS and iCal | XML (plain / XML-RPC) | either Web browser (Web / Desktop apps) or getting username &amp; password from user and send that via md5 to last.fm | | there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master |<br />| Google Data API | REST (using Atom Publishing Protocol) | XML (Atom), JSON, RSS | for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth | HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth | |<br />| Amazon Cloud Services (EC2, S3 etc.) | SOAP+WSDL, REST | XML | SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) | SOAP: WS-Security | |<br />| Ebay API | SOAP+WSDL, REST, HTTP GET | XML, JSON | | HTTP multipart messages | |<br />| Wordpress | XMLRPC | XML | | | |<br />| StudiVZ (German Facebook clone) | REST | XML, JSON, JavaScript, ATOM+XML | OAuth | OAuth | supports OpenSocial ; currently says &quot;OAuth not supported at the moment&amp;quot;, I don't know if they are actually using it or not |<br />| LinkedIn | REST | XML | OAuth 1.0a | OAuth 1.0a | |<br />| Windows Messenger Connect | JavaScript | | | OAuth WRAP | | |
** [[:Category:Developing-Qt::Bugs|Bugs]]
* [[:Category:Developing-Qt::Network|Network]]

Revision as of 14:46, 23 February 2015


[toc align_right="yes&quot; depth="3&quot;]

Qt and Web Services

This page tracks current Web Service trends and the requirements of those in Qt. See also the "corresponding task in the Qt bug tracker&quot;:http://bugreports.qt.nokia.com/browse/QTBUG-13353 .

Areas for Improvement

  • "OAuth&quot;:http://bugreports.qt.nokia.com/browse/QTBUG-6229 . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc.
    OAuth comes in two versions:
    • OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
      • QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
      • kOAuth: I have not looked at that closely.
    • OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.
      It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
  • "JSON support&quot;:http://bugreports.qt.nokia.com/browse/QTBUG-12761 . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML. JSON can be parsed directly from QML (I think - could somebody confirm?), if parsing within C++ is used, there is a 3rdparty solution called "QJson&quot;:http://qjson.sourceforge.net/ and one written by Girish called "qjsonparser&quot;:http://blog.forwardbias.in/2011/01/qjsonparser-parse-and-stringify-json-with-qt.html

Completed features

  • HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
  • "HTTP multipart messages&quot;:http://bugreports.qt.nokia.com/browse/QTBUG-6222 (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.

Web Services Matrix

| Name | Access Method | Data format | Authentication | Additional Requirements | Comment |
| Facebook | REST, FQL (Facebook Query Language, their own SQL - style language) | XML, JSON | OAuth 2.0 for desktop apps | HTTP multipart messages (for uploading photos) | offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)<br&gt;there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp) |
| Flickr | REST, SOAP, XML - RPC | XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized | as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) | HTTP multipart messages (for uploading photos) | |
| Twitter | REST, ATOM (for some methods) | XML (plain / ATOM), JSON | OAuth (login via web page); HTTP Basic Auth (only until June 2010) | OAuth 1.0a | some parts of the API are only available in JSON and ATOM, namely search and trends&lt;br&gt;Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter |
| MySpace | REST | XML, JSON | OAuth | OAuth | the API supports OpenSocial API, which is "a common API for social applications&quot; |
| Google Maps | JavaScript | | | | no real Web service API, but a JavaScript library to be used within a browser |
| Google Search | Ajax, REST | JavaScript (Ajax), JSON (REST) | none required | | REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html&lt;br&gt;REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje |
| Bing Search | REST, SOAP+WSDL | XML (plain / SOAP) | none required | | |
| Last.fm | REST, XML - RPC, some calls as well RSS and iCal | XML (plain / XML-RPC) | either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm | | there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master |
| Google Data API | REST (using Atom Publishing Protocol) | XML (Atom), JSON, RSS | for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth | HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth | |
| Amazon Cloud Services (EC2, S3 etc.) | SOAP+WSDL, REST | XML | SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) | SOAP: WS-Security | |
| Ebay API | SOAP+WSDL, REST, HTTP GET | XML, JSON | | HTTP multipart messages | |
| Wordpress | XMLRPC | XML | | | |
| StudiVZ (German Facebook clone) | REST | XML, JSON, JavaScript, ATOM+XML | OAuth | OAuth | supports OpenSocial ; currently says "OAuth not supported at the moment&quot;, I don't know if they are actually using it or not |
| LinkedIn | REST | XML | OAuth 1.0a | OAuth 1.0a | |
| Windows Messenger Connect | JavaScript | | | OAuth WRAP | | |