Qt and Web Services
Qt and Web Services
This page tracks current Web Service trends and the requirements of those in Qt. See also the corresponding task in the Qt bug tracker [bugreports.qt.nokia.com] .
Areas for Improvement
- OAuth [bugreports.qt.nokia.com] . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc. OAuth comes in two versions:
- OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
- QOAuth: depends on QCA and QCA’s OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
- kOAuth: I have not looked at that closely.
- OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.
It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
- OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
- JSON support [bugreports.qt.nokia.com] . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML. JSON can be parsed directly from QML (I think – could somebody confirm?), if parsing within C++ is used, there is a 3rdparty solution called QJson [qjson.sourceforge.net] and one written by Girish called qjsonparser [blog.forwardbias.in]
Completed features
- HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
- HTTP multipart messages [bugreports.qt.nokia.com] (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
Web Services Matrix
(possibly outdated, feel free to update)
Name | Access Method | Data format | Authentication | Additional Requirements | Comment | |
REST, FQL (Facebook Query Language, their own SQL – style language) | XML, JSON | OAuth 2.0 for desktop apps | HTTP multipart messages (for uploading photos) |
offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML – style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)<br>there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp) | ||
Flickr | REST, SOAP, XML – RPC | XML (SOAP 1.2 / plain / XML – RPC), JSON, PHP – serialized | as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) | HTTP multipart messages (for uploading photos) | ||
REST, ATOM (for some methods) | XML (plain / ATOM), JSON | OAuth (login via web page); HTTP Basic Auth (only until June 2010) | OAuth 1.0a |
some parts of the API are only available in JSON and ATOM, namely search and trends<br>Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter | ||
MySpace | REST | XML, JSON | OAuth | OAuth | the API supports OpenSocial API, which is “a common API for social applications” | |
Google Maps | JavaScript | no real Web service API, but a JavaScript library to be used within a browser | ||||
Google Search | Ajax, REST | JavaScript (Ajax), JSON (REST) | none required |
REST interface is very limited, see | ||
Bing Search | REST, SOAPWSDL | XML (plain / SOAP) | none required | |||
Last.fm | REST, XML – RPC, some calls as well RSS and iCal | XML (plain / XML-RPC) | either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm |
there is a Qt C+ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master | ||
Google Data API | REST (using Atom Publishing Protocol) | XML (Atom), JSON, RSS | for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth | HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth | ||
Amazon Cloud Services (EC2, S3 etc.) | SOAP+WSDL, REST | XML |
SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) |
SOAP: WS-Security | ||
Ebay API | SOAP+WSDL, REST, HTTP GET | XML, JSON | HTTP multipart messages | |||
Wordpress | XMLRPC | XML | ||||
StudiVZ (German Facebook clone) | REST | XML, JSON, JavaScript, ATOM+XML | OAuth | OAuth | supports OpenSocial ; currently says “OAuth not supported at the moment”, I don’t know if they are actually using it or not | |
REST | XML | OAuth 1.0a | OAuth 1.0a | |||
Windows Messenger Connect | JavaScript | OAuth WRAP | ||||
DropBox | TODO |