Qt and Web Services

From Qt Wiki
Revision as of 14:34, 5 March 2016 by JKSH (talk | contribs) (qt.nokia.com -> qt.io)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


This page tracks current Web Service trends and the requirements of those in Qt. See also the corresponding task in the Qt bug tracker .

Areas for Improvement

  • OAuth . Needed for logging in to e.g. Twitter, Facebook, Foursquare etc.
  • OAuth comes in two versions:
    • OAuth 1.0a: Authentication / authorization is done in either HTTP headers or URL, no SSL needed, but quite some signing / nonce creating etc. logic. There are two major 3rd party implementations:
      • QOAuth: depends on QCA and QCA's OpenSSL plugin and spins its own event loop to fake synchronous requests (which is bad).
      • kOAuth: I have not looked at that closely.
    • OAuth 2: No signing / hashing etc. required, expects data to be sent over SSL. As far as I can see this can be easily supported on top of Qt.

It seems like OAuth 2 is really taking over (Facebook, Foursquare, Google Data APIs offer it already); sites using OAuth 1.0a: (Twitter, LinkedIn).

Completed features

  • HTTP DELETE (done for 4.6). Can be used for some web services; however not a hard requirement, usually services allow to fake it or use it via POST.
  • HTTP multipart messages (done for 4.8). Needed for Flickr / Facebook etc. image upload; in general used very often where uploading binary data is involved.
  • JSON support . Web Services usually offer their data in either XML or JSON, with JSON having become a lot more popular than XML.

Web Services Matrix

Name Access Method Data format Authentication Additional Requirements Comment
Facebook REST, FQL (Facebook Query Language, their own SQL - style language) XML, JSON OAuth 2.0 for desktop apps HTTP multipart messages (for uploading photos) offers a XML schema at http://api.facebook.com/1.0/facebook.xsd code generation possible, cool! for developing Facebook applications, there is: FBML (their own HTML - style language), XFBML (for using FBML in a normal HTML site), FBJS (their own JavaScript-style language)
there is already a Qt Facebook API called Fantasma at http://wiki.developers.facebook.com/index.php/User:C++ (seems to be quite old, uses QHttp)
Flickr REST, SOAP, XML - RPC XML (SOAP 1.2 / plain / XML - RPC), JSON, PHP - serialized as with facebook, some md5 required and launching a browser window for authorization (similar to OAuth) HTTP multipart messages (for uploading photos)
Twitter REST, ATOM (for some methods) XML (plain / ATOM), JSON OAuth (login via web page); HTTP Basic Auth (only until June 2010) OAuth 1.0a some parts of the API are only available in JSON and ATOM, namely search and trends
Authentication described at http://apiwiki.twitter.com/Sign-in-with-Twitter
MySpace REST XML, JSON OAuth OAuth the API supports OpenSocial API, which is "a common API for social applications"
Google Maps JavaScript no real Web service API, but a JavaScript library to be used within a browser
Google Search Ajax, REST JavaScript (Ajax), JSON (REST) none required REST interface is very limited, see http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html
REST API documented at http://code.google.com/apis/ajaxsearch/documentation/#fonje
Bing Search REST, SOAP+WSDL XML (plain / SOAP) none required
Last.fm REST, XML - RPC, some calls as well RSS and iCal XML (plain / XML-RPC) either Web browser (Web / Desktop apps) or getting username & password from user and send that via md5 to last.fm there is a Qt C++ API called Liblastfm: http://github.com/mxcl/liblastfm/tree/master
Google Data API REST (using Atom Publishing Protocol) XML (Atom), JSON, RSS for installed apps: their own ClientLogin (via HTTPS, but then sending the 2-year-expiry auth key in plaintext!), for web apps: either an AuthSub mechanism (directing the user to a google web page) or OAuth HTTP multipart messages (not a strict requirement, for uploading photos etc.), OAuth
Amazon Cloud Services (EC2, S3 etc.) SOAP+WSDL, REST XML SOAP: WS-Security (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-soap-api.html#using-soap-api-authentication), REST: own security scheme based on SHA1/SHA256 (http://docs.amazonwebservices.com/AWSEC2/2009-08-15/DeveloperGuide/index.html?using-query-api.html#query-authentication , I saw no password there, strangely) SOAP: WS-Security
Ebay API SOAP+WSDL, REST, HTTP GET XML, JSON HTTP multipart messages
Wordpress XMLRPC XML
StudiVZ (German Facebook clone) REST XML, JSON, JavaScript, ATOM+XML OAuth OAuth supports OpenSocial ; currently says "OAuth not supported at the moment", I don't know if they are actually using it or not
LinkedIn REST XML OAuth 1.0a OAuth 1.0a
Windows Messenger Connect JavaScript OAuth WRAP