Slides of talk by Simone Dalla on use of Google API Python Client
for integrate Python application with main Google Apps, Gmail, Calendar Drive at Pycon9, Florence, Italy, April 2018.
del Reno Lavino e Samoggia (Bologna, IT) About me You can find me... @simodalla ...after dinner you can find me at Teacher of Cuban Salsa… dancing bear? not the Linux daemon for bear ;-) No, I’m dancing beard
basic concepts many Google API specific concepts Authentication and authorization • event • calendar • ... • cell • sheet • ... • file • folder • ... Access type Service Request, Response
Many API methods require authorized access, but some can use either. Some API methods that can use either behave differently, depending on whether you use simple or authorized access. authentication and authorization Simple API access (API keys) ▪ not access to any private user data ▪ use of an API key ▪ Every simple access call your application makes must include this key. Authorized API access (OAuth 2.0) ▪ can access private user data (the user that has access to the private data must grant your application access) ▪ application must be authenticated, the user must grant access for your application, the user must be authenticated in order to grant that access ▪ Scope, each API defines one or more scopes that declare a set of operations permitted. ▪ Refresh and access tokens ▪ Client ID and Client Secret, uniquely identify your application and are used to acquire token
a set of operations permitted. For example, an API might have read-only and read-write scopes. When your application requests access to user data, the request must include one or more scopes. The user needs to approve the scope of access your application is requesting. https://developers.google.com/drive/v3/web/about-auth https://developers.google.com/calendar/auth
application access, the OAuth 2.0 authorization server provides your application with refresh and access tokens. ▪ These tokens are only valid for the scopes requested. ▪ Your application uses access tokens to authorize API calls. ▪ Access tokens expire, but refresh tokens do not. ▪ Your application can use a refresh token to acquire a new access token.
your application and are used to acquire tokens • They are created for your project on the Google API Console • There are three types of client IDs, so be sure to get the correct type for your application: ◦ Web application: authorized web server application make access an API while the user interacts with the application or after the user has left the application ◦ Installed application: Mobile & Desktop apps, difference from web application is that installed apps must open the system browser and supply a local redirect URI to handle responses from Google's authorization server ◦ Service Account: server-to-server interactions, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data or G Suite domain administrators can also grant service accounts domain-wide authority to access user data on behalf of users in the domain.
request token scope s o Client ID & Client Secret scope s o scope Google Servers 2 user login 3 user consent 4 Result of 2,3 is an authorization code 5 Exchange auth code for token 6 token response 7... use token for api call MY APP
your tokens, someone could use them to access private user data! with your client secret, they could use it to consume your quota, incur charges against your Console project, and request access to user data! Photo by Kristina Flour on Unsplash
from apiclient.discovery import build service = build('api', 'api_version', http=...) build an API-specific service object that takes an API name and API version as arguments each API service provides access to one or more resources. A set of resources of the same type is called a collection. The names of these collections are specific to the API collection = service.files() every collection has a list of methods defined by the AP and calling a collection method returns an HttpRequest object. If the given API collection has a method named list that takes an argument called pageSize, create a request object request = collection.list(pageSize=2) creating a request does not actually call the API. To execute the request and get a response, call the execute() function response = request.execute() alternatively, is possible combine previous steps on a single line response = service.files().list(pageSize=2).execute()
response sent by the API server. The JSON structure is specific to the API (see the API's reference documentation...) import json print(json.dumps(response, sort_keys=True, indent=4)) { "files": [ { "id": "1sdfgsdkfhgjkdshflkjdlkfshg4dfgn04mp2g,0hLlZBA", "kind": "drive#file", "mimeType": "application/vnd.google-apps.presentation", "name": "GoogleLovePythonV2" }, { … } ], …. } for fd in response['files']: print(f"name: {fd['name']}, id: {fd['mimeType']}") response object can access like a dict response Collections, Methods Service Request, Response
import Storage SCOPES = [ 'https://www.googleapis.com/auth/drive.metadata.readonly',] credential_dir = os.path.join(os.path.expanduser('~'), '.credentials') if not os.path.exists(credential_dir): os.makedirs(credential_dir) credential_path = os.path.join(credential_dir, 'google_love_python.json') store = Storage(credential_path) credentials = store.get() if not credentials or credentials.invalid: flow = client.flow_from_clientsecrets('client_secrets.json', scopes) flow.user_agent = 'app_google_love_python' credentials = tools.run_flow(flow, store, flags) http = credentials.authorize(httplib2.Http()) service = build('drive', 'v3', http=http) result = service.files().list(pageSize=2).execute() Authorized API access with client IDs of type installed application for access to Drive API
import Storage SCOPES = [https://www.googleapis.com/auth/calendar',] credential_dir = os.path.join(os.path.expanduser('~'), '.credentials') if not os.path.exists(credential_dir): os.makedirs(credential_dir) credential_path = os.path.join(credential_dir, 'google_love_python.json') store = Storage(credential_path) credentials = store.get() if not credentials or credentials.invalid: flow = client.flow_from_clientsecrets('client_secrets.json', scopes) flow.user_agent = 'app_google_love_python' credentials = tools.run_flow(flow, store, flags) http = credentials.authorize(httplib2.Http()) service = build(calendar, 'v3', http=http) result = service.events().list(calendarId="primary").execute() Authorized API access with client IDs of type installed application for access to Calendar API
'client_secret.json', scopes=[SCOPES], state=state) flow.redirect_uri = flask.url_for('oauth2callback', _external=True) authorization_response = flask.request.url flow.fetch_token(authorization_response=authorization_response) credentials = flow.credentials flask.session['credentials'] = {...} ... service = build('calendar', 'v3', credentials=credentials) Authorized API access with client IDs of type web application for access to Calendar API
CRUD operations Freebusy free/busy information for a set of calendars Read operation Permissions CRUD operations Colors color definitions for calendars and events Read Settings Read
and system capabilities Read operation Changes changes for a user or Team Drive. Read operation Comments file's comments CRUD operations Files CRUD operations, Upload, Export and emptyTrash, generateIds operations Revisions CRUD operations Teamdrives Create and Delete, List’s user, Get and Update Metadata operations Permissions CRUD operations Reply reply to a comment on a file. CRUD operations
operation Spreadsheet.Values Read, Append, Update, BatchXXX operations DeveloperMetada Developer metadata associated with a location or object in a spreadsheet. Developer metadata may be used to associate arbitrary data with various parts of a spreadsheet and will remain associated at those locations as they move around and the spreadsheet is edited Read, Search operations
history of all changes to the given mailbox Read operation Users.Labels CRUD operations User.Settings, User.Settings.Filters, User. Settings.ForwardingAddres, User.Settings.sendAs Many operations Threads Read and Query, Insert, Modify Labes, Trash, Untrash Users.Messages Read and Query, Insert, Modify Labes, Send, Trash, Un trash, Import, BatchDelete, BatchModify Users.Messages.Attachment Read operation
Analytics API Look other ~140 at: https://developers.google.com/api-client-library/python/apis/ YouTube Data and YouTube Analytics API Task API **(not Keep)
library site https://developers.google.com/api-client-library/python/ • read the “get started” https://developers.google.com/api-client-library/python/start/get_started • follow the quickstart for Calendar API https://developers.google.com/calendar/quickstart/python • watch the official videos: https://www.youtube.com/watch?v=DYAwYxVs2TI (The Setup: Creating new apps using Google APIs) https://www.youtube.com/watch?v=tNo9IoZMelI (Creating events in Google Calendar https://www.youtube.com/watch?v=Qd64idiKZWw (Modifying events with the Google Calendar API) • follow the related links for the above videos (“show more”) • read, code and test the example at blog http://wescpy.blogspot.it/ • CODE, CODE, CODE!
Google API site • read and study basic concept of specific Google API (section Guide) • read the references of specific Google API References • view and test the specific Python examples (section Samples) • view the specific API PyDoc • CODE, CODE, CODE! https://developers.google.com/resources/api-librar ies/documentation/calendar/v3/python/latest/ https://developers.google.com/calend ar/v3/reference/ https://developers.google.com/calendar/concepts/
API Explorer https://developers.google.com/apis-explorer/ • Python Google API Client Libraries https://developers.google.com/api-client-library/python/ • Google Developer YouTube Channel https://www.youtube.com/user/GoogleDevelopers • Google Calendar API https://developers.google.com/calendar/ • Google Drive API https://developers.google.com/drive/ • Google Sheet API https://developers.google.com/sheets/ • Other specific Google API page...
a command line tool for Google G Suite Administrators to manage domain and user settings quickly and easily at: https://github.com/jay0lee/GAM Very powerful and use of Google API Python Client Another talk?!?!?
simodalla
pyama86
inouehi
kj455
hanetsuki
syumai
utgwkk
hironytic
prof18
oskmr
mizdra
quramy
ivargrimstad
garrettdimon
keithpitt
bkeepers
kevinliebholz
mraible
mongodb
revolveconf
sonatard
smashingmag
62gerente
jacobian
aleyda
![[v2] == ?? once upon a time... Photo by Stephen](https://files.speakerdeck.com/presentations/48c4467052fb49f4bf336aa7e609bb42/slide_2.jpg){kind=link}
![[v1] < [v2] ??](https://files.speakerdeck.com/presentations/48c4467052fb49f4bf336aa7e609bb42/slide_3.jpg){kind=link}
![SCOPES = [https://www.googleapis.com/auth/calendar',] ... state = flask.session['state'] flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(](https://files.speakerdeck.com/presentations/48c4467052fb49f4bf336aa7e609bb42/slide_20.jpg){kind=link}
![Thank you very much for your time [email protected] @simodalla http://speakerdeck.com/simodalla](https://files.speakerdeck.com/presentations/48c4467052fb49f4bf336aa7e609bb42/slide_30.jpg){kind=link}