Qt and Web Services

From Qt Wiki
Revision as of 16:42, 14 January 2015 by Maintenance script (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Qt and Web Services

This page tracks current Web Service trends and the requirements of those in Qt. See also the corresponding task in the Qt bug tracker [bugreports.qt.nokia.com] .

Areas for Improvement

  • OAuth [bugreports.qt.nokia.com] . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc. OAuth comes in two versions:
    • OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
      • QOAuth: depends on QCA and QCA’s OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
      • kOAuth: I have not looked at that closely.
    • OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.
      It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).
  • JSON support [bugreports.qt.nokia.com] . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML. JSON can be parsed directly from QML (I think – could somebody confirm?), if parsing within C++ is used, there is a 3rdparty solution called QJson [qjson.sourceforge.net] and one written by Girish called qjsonparser [blog.forwardbias.in]

Completed features

  • HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
  • HTTP multipart messages [bugreports.qt.nokia.com] (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.

Web Services Matrix

(possibly outdated, feel free to update)

Name Access Method Data format Authentication Additional Requirements Comment
Facebook REST, FQL (Facebook Query Language, their own SQL – style language) XML, JSON OAuth 2.0 for desktop apps HTTP multipart messages (for uploading photos)

offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML – style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)<br>there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp)

Flickr REST, SOAP, XMLRPC XML (SOAP 1.2 / plain / XMLRPC), JSON, PHP – serialized as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) HTTP multipart messages (for uploading photos)
Twitter REST, ATOM (for some methods) XML (plain / ATOM), JSON OAuth (login via web page); HTTP Basic Auth (only until June 2010) OAuth 1.0a

some parts of the API are only available in JSON and ATOM, namely search and trends<br>Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter

MySpace REST XML, JSON OAuth OAuth the API supports OpenSocial API, which is “a common API for social applications”
Google Maps JavaScript no real Web service API, but a JavaScript library to be used within a browser
Google Search Ajax, REST JavaScript (Ajax), JSON (REST) none required

REST interface is very limited, see
http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html<br>
REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje

Bing Search REST, SOAPWSDL XML (plain / SOAP) none required
Last.fm REST, XMLRPC, some calls as well RSS and iCal XML (plain / XML-RPC) either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm

there is a Qt C+ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master

Google Data API REST (using Atom Publishing Protocol) XML (Atom), JSON, RSS for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth
Amazon Cloud Services (EC2, S3 etc.) SOAP+WSDL, REST XML

SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely)

SOAP: WS-Security
Ebay API SOAP+WSDL, REST, HTTP GET XML, JSON HTTP multipart messages
Wordpress XMLRPC XML
StudiVZ (German Facebook clone) REST XML, JSON, JavaScript, ATOM+XML OAuth OAuth supports OpenSocial ; currently says “OAuth not supported at the moment”, I don’t know if they are actually using it or not
LinkedIn REST XML OAuth 1.0a OAuth 1.0a
Windows Messenger Connect JavaScript OAuth WRAP
DropBox TODO

Categories: