Gmail Sidebar gadget development, getting started - api

I'm kind of new to dealing with Gmail API and I have a question regarding the development environment.
I want to create a simple application that fetches unread emails from a gmail user, sends it to a processing server of mine (RESTful web service) where I analyze the data and extract some information, then finally use the extracted information to add it to the user's Google calendar.
I was thinking of developing a sidebar gadget but I was curious about which IDE to use. Do I use the Google scripts API? Will it make my gadget portable? Which IDE to use?
I know about the Gmail API that uses oAuth access to IMAP & SMTP but how can I integrate it with the sidebar gadget? Where do I write the code? Which language?

First, you will want to read Google's Gmail gadget documentation to learn how to make them.
Basically, you can either use the Google Gadget Editor (GGE), which is a very simple IDE that runs in your browser, or you can use whatever editor you prefer for editing JavaScript and XML. You will also need a website where you can post your code. A google gadget is an XML+Javascript file that resides in some webserver and that follows the schema google dictates.
Google Apps Scripts are a different thing. They are scripts that run in a google spreadsheet and can access the user's google services (docs, gmail, and some other ones). But, they are not Gadgets. To write one, create a new spreadsheet then go to Tools->script editor.
IMAP and SMTP are another thing. They are protocols for talking to a mail server. There are imap and smtp libraries available for nearly all programming languages. But, that is not what you want if you want to implement a gadget.

One important thing to consider is that Apps Script is the only way to get full access to Gmail. You could easily automate all the processing to send the information to Calendar.

Related

Chrome Extension: how to safely restrict the content and customise the user experience?

I'm enjoying developing cross-browser web extensions, the main target being Chrome, so much that I started to think to develop one for my company. I find a chrome extension quite a cheap and efficient way to deploy internal apps. The main purpose is to host a couple of dynamic dashboards that fetch data from various APIs by using cross-domain ajax in background scripts. I finalized the app and I was also able to implement the authentication via chrome.identity and Azure AD.
However, I am struggling to find a safe way to customise the content.
I mean, when the extension is installed it requires to login to azure via the chrome.identity flow. Then I get a token that I use to query ms graph and get the user ID, name, email and basic info.
Until I get this information I want the browser action (popup) to be unavailable to the user as well as any other extension pages. After a successful login I would like to show the content on the pop up and to let the user access the pages, but here I want to customize the experience.
I know how to use the user id retrieved from the api call to customize the extension, but I think it is not safe because all the code is in the client.
If I code something like
if (user === logged) show something
it will be damn easy for a malicious user to look at the code and bypass it, or even to impersonate another user. And chrome extension cannot be obfuscated.
Any help?
Thanks

How to access Chrome's online bookmarks?

Google Chrome allows you to sign in with your Google account to sync bookmarks and settings. Those bookmarks are then stored along with my account on their servers.
I want to create another client for the bookmarks. Please note that I am not interested in reading the local bookmarks file from hard disk. Instead I want to connect with the online servers directly.
So I need to access the same API as Chrome uses for synching. Is there a way to find out how to use that API?
Whilst not using an API directly it allows you to query data from google bookmarks online (directly via REST call), and parse it yourself.
http://www.google.com/bookmarks/?output=xml&num=10000
I have included a link on how you may parse this data from the "Lite Bookmarks" chrome extension repository.
http://www.google.com/bookmarks/?output=xml&num=10000

Dropbox - any API to cli_link?

I'm using the dropboxd service under Linux, which requires you to log into their website e.g. https://www.dropbox.com/cli_link?host_id=2173bf325f94beee3b1879d2c7b49e69 to link the machine to your account.
Is there any programatic way to do this (ideally using Java)? To access the website above it seems you need to login using forms (which seems tricky to do programatically), and their basic REST API (https://www.dropbox.com/developers/core/docs) doesnt seem to cover the cli_link command.
I could write an app to do the sync using their full API, but it seems like overkill since aside from the cli_link requirement the basic dropboxd does all that I need.
The official Dropbox desktop client is unrelated to the API, though both the API and the Linux CLI require user interaction on the Dropbox web site (once per link) to authorize the linking. Also, note that automating/scraping the site itself is not allowed by the terms:
https://www.dropbox.com/terms#acceptable_use
Not really a solution for DropBox users, but in the end we just moved over to use MediaFire instead. That has a full REST API and doesnt require any manual intervention.

Instapaper Simple API : adding links without storing user password?

I'm trying to use Instapaper's Simple API (http://www.instapaper.com/api/simple).
The API terms of use (http://www.instapaper.com/api/terms) says apps should not store user id and password, and I don't want to store them either. However, it seems that the only way to add a link to a user's Instapaper via simple API is to store the username/password (if the user does have a password).
Am I missing something?
The API terms of use state that:
Apps must not store users’ passwords. Passwords may only be collected for the xAuth token acquisition and must be discarded afterward.
Only the full API uses xAuth tokens. The above sentence doesn't apply to the simple API, since it uses Basic HTTP Authentication.
You still "must make reasonable efforts to prevent passwords from being compromised, and must not disclose passwords to any other services or individuals".
If you are using a native Mac application (like Apple’s Mail client or a third-party mail client like Airmail) there isn’t an easy way to save a link to Instapaper without first opening the link in a browser and then using one of Instapaper’s browser extensions to actually save the article.
One workaround that I’ve found to expedite this task is to write a service for OS X which uses Instapaper’s API to save links.
In order to write your own service, first open Apple’s Automator application and create a new Service. Then, drag the Run Shell Script action into the application’s main workflow area.
Make sure the service receives no input, can be used by any application, and that the shell script is set to run python.

To build an App for an Internet site without its API and Schema

I was asked to build a control-system for a Ebay-like Finnish auction-site huuto.net.
The system would reopen closed auctions by a specific rules. It would be completely external from the main site, running at an external website.
The site is however unwilling to release its API and Schema. I know no way to build such a system without knowing its API.
How do you build an internet site without its API and Schema?
You could try some form of automatic browsing: mechanize
Edit:
Examples here.
I think you're asking about building a site that interacts with another site without using a well-defined API. Is that right?
You can interact with an external site without using an official API - in order to do so, you need to imitate a normal site visitor and send your requests to the site frontend (in much the same way as a web crawler does). Tools like hpricot, mechanize and curl can help you parse the content of pages and send requests, but in doing so your system may be quite brittle. Any change to the target site might mean you have to rewrite portions of your system.
It might be possible to get the data you need by screen scraping the site. You could perform the operations you want to do by POSTing data into their forms or using a WebClient type API to make your program act like a web browser but that's likely to be an extremely brittle solution.
Honestly though, without an API, there really is no good solution.
you either need access to the database or an API, otherwise no point in even trying.