Qt and Web Services: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(qt.nokia.com -> qt.io) |
||
| (10 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Developing Qt::Network]] | |||
[[Category:Developing Qt::Bugs]] | |||
This page tracks current Web Service trends and the requirements of those in Qt. See also the [https://bugreports.qt.io/browse/QTBUG-13353 corresponding task in the Qt bug tracker] . | |||
** OAuth 1.0a: Authentication / authorization is done in either | |||
*** | == Areas for Improvement == | ||
* [https://bugreports.qt.io/browse/QTBUG-6229 OAuth] . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc. | |||
*OAuth comes in two versions: | |||
** OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations: | |||
*** QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad). | |||
*** kOAuth: I have not looked at that closely. | *** kOAuth: I have not looked at that closely. | ||
** OAuth 2: No signing / hashing etc. required, expects data to be sent over | ** OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt. | ||
It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn). | |||
==Completed features== | == Completed features == | ||
* | * HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST. | ||
* [ | * [https://bugreports.qt.io/browse/QTBUG-6222 HTTP multipart messages] (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved. | ||
* [https://bugreports.qt.io/browse/QTBUG-12761 JSON support] . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML. | |||
==Web Services Matrix== | == Web Services Matrix == | ||
''' | '''<span class="update to free feel outdated, possibly"></span>''' | ||
{| class=" | {| class="wikitable" | ||
! Name | |||
! Access Method | |||
! Data format | |||
! Authentication | |||
! Additional Requirements | |||
! Comment | |||
|- | |- | ||
| Facebook | | Facebook | ||
| | | REST, FQL (Facebook Query Language, their own SQL - style language) | ||
| | | XML, JSON | ||
| OAuth 2.0 for desktop apps | | OAuth 2.0 for desktop apps | ||
| | | HTTP multipart messages (for uploading photos) | ||
| | | offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)<br>there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp) | ||
offers a | |||
|- | |- | ||
| Flickr | | Flickr | ||
| | | REST, SOAP, XML - RPC | ||
| | | XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized | ||
| as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) | | as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) | ||
| | | HTTP multipart messages (for uploading photos) | ||
| | | | ||
|- | |- | ||
| Twitter | | Twitter | ||
| | | REST, ATOM (for some methods) | ||
| | | XML (plain / ATOM), JSON | ||
| OAuth (login via web page); | | OAuth (login via web page); HTTP Basic Auth (only until June 2010) | ||
| OAuth 1.0a | | OAuth 1.0a | ||
| | | some parts of the API are only available in JSON and ATOM, namely search and trends<br>Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter | ||
some parts of the | |||
|- | |- | ||
| MySpace | | MySpace | ||
| | | REST | ||
| | | XML, JSON | ||
| OAuth | | OAuth | ||
| OAuth | | OAuth | ||
| the | | the API supports OpenSocial API, which is "a common API for social applications" | ||
|- | |- | ||
| Google Maps | | Google Maps | ||
| JavaScript | | JavaScript | ||
| | | | ||
| | | | ||
| | | | ||
| no real Web service | | no real Web service API, but a JavaScript library to be used within a browser | ||
|- | |- | ||
| Google Search | | Google Search | ||
| Ajax, | | Ajax, REST | ||
| JavaScript (Ajax), | | JavaScript (Ajax), JSON (REST) | ||
| none required | | none required | ||
| | | | ||
| | | REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html<br>REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje | ||
|- | |- | ||
| Bing Search | | Bing Search | ||
| | | REST, SOAP+WSDL | ||
| | | XML (plain / SOAP) | ||
| none required | | none required | ||
| | | | ||
| | | | ||
|- | |- | ||
| Last.fm | | Last.fm | ||
| | | REST, XML - RPC, some calls as well RSS and iCal | ||
| | | XML (plain / XML-RPC) | ||
| either Web browser (Web / Desktop apps) or getting username & | | either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm | ||
| | | | ||
| | | there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master | ||
there is a Qt C+ | |||
|- | |- | ||
| Google Data | | Google Data API | ||
| | | REST (using Atom Publishing Protocol) | ||
| | | XML (Atom), JSON, RSS | ||
| for installed apps: their own ClientLogin (via | | for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth | ||
| | | HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth | ||
| | | | ||
|- | |- | ||
| Amazon Cloud Services (EC2, S3 etc.) | | Amazon Cloud Services (EC2, S3 etc.) | ||
| | | SOAP+WSDL, REST | ||
| | | XML | ||
| | | SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) | ||
| SOAP: WS-Security | |||
| | | | ||
| | |||
|- | |- | ||
| Ebay | | Ebay API | ||
| | | SOAP+WSDL, REST, HTTP GET | ||
| | | XML, JSON | ||
| | | | ||
| | | HTTP multipart messages | ||
| | | | ||
|- | |- | ||
| Wordpress | | Wordpress | ||
| | | XMLRPC | ||
| | | XML | ||
| | | | ||
| | | | ||
| | | | ||
|- | |- | ||
| StudiVZ (German Facebook clone) | | StudiVZ (German Facebook clone) | ||
| | | REST | ||
| | | XML, JSON, JavaScript, ATOM+XML | ||
| OAuth | | OAuth | ||
| OAuth | | OAuth | ||
| supports OpenSocial ; currently says | | supports OpenSocial ; currently says "OAuth not supported at the moment", I don't know if they are actually using it or not | ||
|- | |- | ||
| LinkedIn | | LinkedIn | ||
| | | REST | ||
| | | XML | ||
| OAuth 1.0a | | OAuth 1.0a | ||
| OAuth 1.0a | | OAuth 1.0a | ||
| | | | ||
|- | |- | ||
| Windows Messenger Connect | | Windows Messenger Connect | ||
| JavaScript | | JavaScript | ||
| | | | ||
| | | | ||
| OAuth | | OAuth WRAP | ||
| | |||
| | |||
|} | |} | ||
Latest revision as of 14:34, 5 March 2016
This page tracks current Web Service trends and the requirements of those in Qt. See also the corresponding task in the Qt bug tracker .
Areas for Improvement
- OAuth . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc.
- OAuth comes in two versions:
- OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
- QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
- kOAuth: I have not looked at that closely.
- OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.
- OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
Completed features
- HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
- HTTP multipart messages (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
- JSON support . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML.
Web Services Matrix
| Name | Access Method | Data format | Authentication | Additional Requirements | Comment |
|---|---|---|---|---|---|
| REST, FQL (Facebook Query Language, their own SQL - style language) | XML, JSON | OAuth 2.0 for desktop apps | HTTP multipart messages (for uploading photos) | offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language) there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp) | |
| Flickr | REST, SOAP, XML - RPC | XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized | as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) | HTTP multipart messages (for uploading photos) | |
| REST, ATOM (for some methods) | XML (plain / ATOM), JSON | OAuth (login via web page); HTTP Basic Auth (only until June 2010) | OAuth 1.0a | some parts of the API are only available in JSON and ATOM, namely search and trends Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter | |
| MySpace | REST | XML, JSON | OAuth | OAuth | the API supports OpenSocial API, which is "a common API for social applications" |
| Google Maps | JavaScript | no real Web service API, but a JavaScript library to be used within a browser | |||
| Google Search | Ajax, REST | JavaScript (Ajax), JSON (REST) | none required | REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje | |
| Bing Search | REST, SOAP+WSDL | XML (plain / SOAP) | none required | ||
| Last.fm | REST, XML - RPC, some calls as well RSS and iCal | XML (plain / XML-RPC) | either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm | there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master | |
| Google Data API | REST (using Atom Publishing Protocol) | XML (Atom), JSON, RSS | for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth | HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth | |
| Amazon Cloud Services (EC2, S3 etc.) | SOAP+WSDL, REST | XML | SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) | SOAP: WS-Security | |
| Ebay API | SOAP+WSDL, REST, HTTP GET | XML, JSON | HTTP multipart messages | ||
| Wordpress | XMLRPC | XML | |||
| StudiVZ (German Facebook clone) | REST | XML, JSON, JavaScript, ATOM+XML | OAuth | OAuth | supports OpenSocial ; currently says "OAuth not supported at the moment", I don't know if they are actually using it or not |
| REST | XML | OAuth 1.0a | OAuth 1.0a | ||
| Windows Messenger Connect | JavaScript | OAuth WRAP |