REST and RPC protocols available on the sandbox
December 19th, 2008 | Published in Google Orkut
Since the orkut application platform's April rollout, developers have been able to build applications on top of orkut user data using the OpenSocial JavaScript API. Version 0.8 of the OpenSocial specification added REST and RPC protocols, which enable developers to build applications that interact with OpenSocial containers over HTTP.
Today, I'm pleased to announce the availability of REST and RPC protocols in the orkut sandbox. Currently, these APIs can fetch profile information and app data as well as update app data, and more features are planned.
(Note: The REST and RPC protocols allow for the same operations, but the RPC protocol supports submitting multiple data requests in one container request, similar to the existing JavaScript API, which results in faster and more efficient applications.)
All REST and RPC requests must be digitally signed by the issuer, which allows orkut to verify that they are coming from a trusted application. Generating these signatures requires a secret key, which is known only to you and orkut. You can request a secret key by submitting a gadget URL to https://www.google.com/gadgets/directory/verify and verifying ownership of this gadget. More information on this process and authentication in general is available in the new REST Protocol Developer's Guide.
Last but not least, a set of client libraries have been made available for PHP, Java, Ruby, and Python to simplify development using these new protocols. The libraries provide a convenient wrapper for the underlying low-level APIs and abstract away the tedious tasks of constructing the request URL, signing the request, and parsing the returned data. For more on these libraries, please see the official announcement on the OpenSocial API blog.