App URL migration tool available

Tuesday, June 23, 2009 at 8:11 PM

Posted by Shishir Birmiwal, Software Engineer

We're glad to announce the availability of the app URL migration tool. There are instances when you need to change the URL for your app XML file - this tool will help you do this without affecting existing users of your app.

In order to use the tool, here are some requirements -

1. You must have claimed ownership of the existing app.

To claim ownership of an app, visit http://www.google.com/gadgets/directory/verify

2. You be logged in with the account with which you claimed ownership.

3. The existing app must be a featured app on Orkut.

4. The new application URL must NOT have been used as an app on ANY google container -- including orkut, iGoogle, etc.

Note: This is very important, otherwise the migrate request will fail. It is recommended that you create an absolutely new and unique URL when migrating. Unfortunately, this also means that you cannot test the new app URL on sandbox before issuing a migrate request.

Steps to use the tool -

1. Visit http://sandbox.orkut.com/AppUrlMigrate.aspx

2. Type in your existing app url and the new URL to migrate to.

3. Check the exisiting and new app URLs. (see attached screen shot)

4. Double check - (you really don't want a typo in the new URL).

5. Hit the submit button.

6. A migration confirmation message will appear.

7. The migration changes will propagate through caches and will be live in 24 hours.

Caution: If you use the same existing app URL on any other google property, this migration request will have an effect on the other property.

Announcing view parameters from OS templates

Monday, May 25, 2009 at 12:44 AM

Posted by Apurv Gupta, Software Engineer

We're glad to announce support for view parameters in osx:NavigateToApp. Using view parameters you can customize your canvas page view based on what the user clicked on the profile view.

Here's how you can use view parameters from OS templates in profile view.
<osx:NavigateToApp params="{a:b}">Goto Canvas</osx:NavigateToApp>

You can get the view params in canvas page as before.
var prefs = gadgets.views.getParams();
if (prefs['a'] = 'b') {....

This is currently available on sandbox.orkut.com and will be available on orkut.com in a few weeks. Since this is an important feature, we are extending the deadline for existing apps on profile view to make the switch to templates to 15th June, 2009. After that date, all apps not using templates will be removed from profile view.

Profile views are back!

Friday, May 1, 2009 at 6:34 AM

Posted by Rahul Kulkarni, Product Manager

We're happy to announce that applications that use server-side templates and data pipelining now show up in the profile view on orkut. Data pipelining allows you to specify the data that you want to use in your application, while templates let you describe how to render the app. If you haven't already, you can get started creating your profile views with templates and data pipelining using this tutorial.

As you may remember, we had temporarily disabled profile views for OpenSocial applications on orkut to help prevent the phishing attacks occurring in a small subset of applications. The addition of template values, which are HTML-escaped by design, will help reduce applications' vulnerability to issues like XSS moving forward. Enabling data pipelining and templates also reduces the number of round trips between orkut and your server, making your application render faster.

For all of you with applications that currently show up in profile view without templates, you'll have until May 31st to make the switch. After that date, all apps not using templates will be removed from profile view.

We know that it's not easy to make changes to your applications and would like to thank you for the patience and support that you've shown. We're confident that these changes will improve the apps experience for orkut users.

Server protocol signing changes

Monday, April 6, 2009 at 10:03 PM

Posted by Vijaya Machavolu, orkut team

For developers using the REST and RPC endpoints to access the social data on orkut, we'd like to announce the following alterations we've made to the underlying implementation:

• We now require the content-type header of the requests to be application/json instead of application/x-www-form-urlencoded

• We have added a new method for signing the request using body hashes.

For more details, please see the post on the OpenSocial blog.

As always, if you have any questions or just want to chat about the platform, the developer forum is always available.

Using templates and data pipelining for app profile view

Friday, March 6, 2009 at 2:48 AM

Posted by Vijaya Machavolu, orkut team

We're excited to announce the availability of server-side OS templates and data pipelining on the orkut sandbox. Data pipelining allows you to specify the data you want to use in your app, while templates let you describe how to render the app - all using a markup language (that's right, no JavaScript!). Using data pipelining and templates will reduce the number of round trips between the container and your server, making your app render faster. Moreover, template values are HTML-escaped thus plugging many XSS vulnerabilities automatically.

Since the profile view of an app doesn't require interactivity, server-side OS templates and data pipelining are a good fit for this view. We will soon be rendering apps that use these templates in the profile page. Our goal is to eventually allow only server-side OS templates in the profile view and at that point, all other active content including JavaScript and Flash will be stripped out when displaying the profile view of an app. We are confident that by leveraging these features, you will generate more usage for your apps, with reduced latency and make them safer for users.

These new features are currently available on the orkut sandbox, so you can start developing with them today. For more information (including examples), please see the OpenSocial Templates Developer's Guide , the OpenSocial Templates tutorial and the Data Pipelining tutorial. We know that OS templates are currently missing some capabilities that are required to build good profile views. At the top of our list are support for os:NavigateToView and ability to interpret JSON appdata. We'll be adding them soon.

Do check them out and give us your feedback.

Get the picture!

Tuesday, February 10, 2009 at 10:55 AM

Posted by Jason Cooper, orkut team

Late last week, we added API support for fetching albums and photos via apps running in the sandbox. Now your applications can request and display the viewer's public albums, enabling you to create an even richer, personalized experience for users.

To help you get started, we have published a tutorial which describes the new API calls available and how to use them. An API reference is also available on the OpenSocial wiki.

Since the Albums API is only available on the sandbox for now, please hold off on submitting your apps to the directory if they depend on this API. We will publish a new post when the Albums API is generally available.

Learn more about how Google is using OpenSocial and other technologies to make the web social at Google I/O, Google's annual developer conference, coming up in May. Early registration is now open.

OpenSocial Applications on orkut profiles

Thursday, February 5, 2009 at 5:01 PM

Posted by Vijaya Machavolu, orkut team

The orkut team is aware that a small subset of OpenSocial applications are being used to spread phishing attacks to orkut users. In order to ensure that we maintain our rigorous security standards, we have temporarily removed all applications from users' profile pages.

The functionality of these applications will not be affected. We're working on bringing these applications back to users' profile pages as quickly as possible, and applications will begin to reappear as this process continues.

Users can still access applications from the left nav bar and open them in canvas view. Applications will also continue to have access to the same API, allowing them to send messages and post updates to activity streams. We have found these to be the main drivers of application usage and believe that applications should continue to enjoy the same popularity.

This is the first step we're taking to help make applications safer and faster for our users. We'll be sure to keep you posted about these changes, so please stay tuned for updates. To learn more about building safe applications for orkut, please check out this blog post or visit the developer forum.