Embed Size (px)
DESCRIPTION
douban api in hackathon 2011 Beijing
Citation preview
What is Douban
• Community• Book• Movie• Music• FM• AlphaTown
Explore Life, Express Youself, Share Life
via http://douban.com/about
Why Douban
• 50M+ Registered Users• 600+ Cities• 250,000+ Groups• 30000+ Sites• 1000+ Cinemas
Douban APIs
• Miniblog/Shuo• OpenID• Books/Movies/Music• Photos• Reviews• Collections• Notes• Events• Recommendations• Tags• Dou-mail
via http://www.douban.com/service/apidoc/reference
Powered by Douban API
• Douban FM• Douban Movie• Douban Bookcart• AlphaTown
Powered by Douban API
• Third-party Apps
via http://douban.com/service/gallery
Douban Open Platform
• OpenID
• API
Douban OpenID
• 3rd-party sites and applications can let visitors sign in using their douban id
Inside Douban API
• using OAuth 2.0 to access douban APIs• The core concepts are simple:– Your application asks for a particular scope of access– Douban displays an OAuth page to users, asking for
consent to authorize access to your application– If the user approves, your application will get a shortlived
access token that you can use to validate requests for the user's data and a long-lived refresh token.
Inside Douban API
• Today Douban supports three flows of OAuth 2.0– The client-side flow for JavaScript applications
running in a browser– The server-side flow for web applications with
servers that can securely store persistent information
– The native application flow for desktop and mobile applications
Apply Douban Apikey
go to https://www.douban.com/service/auth2/apikey/apply
then douban will return a apikey and secret:
• apikey="047e255f2309478c0d7a701d691bd6a4"• secret="0253348fa4d10541
Modify Apikey Properties
go tohttps://www.douban.com/service/auth2/apikey/
Client Side Flow
1. get access token GET https://www.douban.com/service/auth2/auth? client_id=047e255f2309478c0d7a701d691bd6a4& redirect_uri=http://www.douban.com/&\ response_type=token& scope=shuo_basic_r,shuo_basic_w
2. use access_token access api curl "https://api.douban.com/people/@me" \ -H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764"
Server Side Flow
2 steps to obtain access_token
Server Side Flow
1.get authorization codeGET https://www.douban.com/service/auth2/auth?client_id=047e255f2309478c0d7a701d691bd6a4&redirect_uri=http://book.douban.com&response_type=code&scope=shuo_basic_r,shuo_b
Server Side Flow
2. get access_token using the code that first step returned
curl "https://www.douban.com/service/auth" \-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764" \-d "client_id=047e255f2309478c0d7a701d691bd6a4&client_secret=0253348fa4d10541&redirect_uri=http://book.douban.com&grant_type=authorization_code&code=12345"
Server Side Flow
3. use access_token access APIscurl "https://api.douban.com/people/@me" \-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764
Native-application Flow
The same as server side flow
Q&A
thanks
