Gmail needs an API
Yesterday I spent some time investigating Google Wave. A very interesting new product from Google. Not only that but an interesting protocol.
If you think about it, Google has mostly only used other protocols for communication in the past, now it’s creating it’s own. They clearly want to create a completely new protocol that will effectively be the future of these old primitive protocols.
For this to catch on, it will either have to run directly along side smtp and xmmp or layer on top of them.
We’re going to need a way to pass requests over http to smtp or pop3/imap, and what better way to do it than with gmail?
Sure, but there’s no API…
It’s argued that all you need to do is roll your own “api” or library class to use smtp and imap server provided by Google Mail (gmail) to send and receive emails.
The problem with this is that you’re forced to hand the app your username and password. Naturally this raises security concerns.
Of course this isn’t a big problem if you only use your own username and password and manage to store it on your server security.
The problem comes when others want to use their gmail accounts with your web app. They have not choice but to hand over their username and password. What can possibly go wrong?
- Their username and password gives you FULL access to their account, including account actions such as changing passwords.
My proposal would be for an API that allowed you to interface with gmail, in particular to send emails (which has the biggest scope here).
To access the API you could generate an API Key from within gmail that would allow you to interface with gmail, but limited to mailing functions, rather than account settings.
An alternative to this is similar to the “GoogleCode.com Password”, used by project members when checking out or committing source code changes, or when using command-line tools to upload files to the project “Downloads” tab.
If you could set a “Google Mail SMTP Password” or similar, which would only permit you to access the gmail SMTP server, but not gmail itself, this would also allow you to overcome the security issues mentioned above.
However, this alternative wouldn’t help towards integration with Google Wave as much as an api would.
In summary, to resolve the security issue an API is an option, but for Google Wave integration too, it’s essentially a must.
I hope someone at Google reads this and agrees with me, for that matter, I hope you or anyone reading this agrees with me.
Related posts:
- How not to use PHPMailer I came across PHPMailer usage the other day on a...
- Google AdSense won’t let me in! Back in 2004, I signed up my old site “hm2k.org”...
- Setting up a FreeBSD socks proxy server for use with mIRC I’m getting fed up with my current IRC BNC software....
- How I hacked my schools website – a look into the past When I was about 16 I hacked my schools website,...
- Tracking an IP address In my job I have to manage lots of machines...
Chris said,
November 13, 2009 @ 4:11 pm
Its a great idea, but do you think this could open gmail up to becoming the spam capital of the interwebs?
It seems from looking how quickly it exploded on Twitter that an API that allows you to post is a spammer dream.
hm2k said,
November 14, 2009 @ 1:26 pm
That sounds similar to security through obscurity.
If spammers want to spam, they will do by any means, heck they already do and they don’t need an API to do it, they make their own.
Further more Google is very good at handling spam, I’m sure this wouldn’t be a deal breaker.
You’d have to signup before you could use the API anyway.
We can’t let the fear of spam stop progress can we…
Top 10 host said,
January 2, 2010 @ 9:28 am
great idea,