OAuth Coming to All Google Data APIs

John Musser, April 28th, 2008

Standardization, or lack thereof, around identity, authentication and authorization for open web APIs is one of the greatest challenges to mashup application developers today. So it’s quite notable that Google not only just quietly added OAuth support to their Google Contacts API but also stated that “This is our first step towards OAuth enabling all Google Data APIs.” With over a dozen GData APIs to date and more on the way, this is a significant endorsement of this relatively new standard.

OAuth, which we covered last fall, is an API access delegation protocol that has been described as your valet key for the web:

Like the feature on many cars today where you give the parking attendant a special key to your car that gives him some, but not all, access to your vehicle. On the Web you now have your own keys to dozens of sites but how to best handle the mashup-style case of site A wants you to grant them access to get some data from site B? Ideally you don’t want to give site A your password to site B. OAuth aims to simplify this problem: “It allows you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User).”

This marks at least the second API from one of the major providers to now support OAuth: earlier this year, the innovative Yahoo Fire Eagle API integrated OAuth support.

Both comments and pings are currently closed.

2 Responses to “OAuth Coming to All Google Data APIs”

April 28th, 2008
at 12:24 pm
Comment by: Josh

If anyone is interested in seeing an OAuth supported API in action, we recently did a screencast that shows the user flow. You can view it at http://www.viddler.com/explore/beenverified/videos/23/

May 1st, 2008
at 1:26 am
Comment by: Photobucket Releases Public API

[...] The Photobucket web service is a RESTful API that also happens to be the second API covered this week that supports OAuth (the earlier one being Google’s implementation in the Google Contacts API). [...]

Follow the PW team on Twitter

ProgrammableWeb
APIs, mashups and code. Because the world's your programmable oyster.

John Musser
Founder, ProgrammableWeb

Adam DuVander
Executive Editor, ProgrammableWeb. Author, Map Scripting 101. Lover, APIs.