How to implement RESTful API on an App Engine server with webapp ( +Facebook authentication ) ?

Question

so my idea is pretty simple. But I don't know where to start.

develop a simple RESTful API on my app engine server using the simple webapp framework.

there will be two kinds of clients:
1. Normal pc users access the facebook application, and this will directly place API calls to my app engine server. ( Please note, that the facebook application itself is hosted on the same app engine server)

1. Iphone users access my app engine server by going though Facebook connect. The user is then free to make the API calls.

So how i checked the App3 Project at http://code.google.com/p/app3/, then didn't really have authentication in place.

Any suggestions/ideas?

I have a rough idea of how the flow works

Assumption: I have the datastore all set up with user data.

For normal PC users accessing my FB app: --> authenticate in FB ->I save their userid + facebook_session_key in with gmemsess -> I use both data to authenticate with the user data in my datastore --> that user is now free to CRUD on my server.

For iphone users, it's the same flow. But with Facebook Connect.

the CRUD should look something like: if the user wants to check his/her stats, the API call would be something like: /rest/getstats

Is anyone actually doing something like that? I'd appreciate everyone's insights. A simple, hassle free solution would be awesome!

Answer 1

Well, this might not be exactly what you've been looking for, but here's my try:

To do simple REST on app engine, you can try Jim Fulton's excellent library, bobo (here's a link to the REST section of the documentation). Bobo is a well-tested, simple package that contains only one fily, bobo.py, so it perfectly fits a minimalistic application's need. You can simply put it on top of webapp.

Note that the decorators shown in the documentation need to be converted to python2.5-style to work, so

@bobo.resource('/rest/getstats', 'GET')
def get_stats(self, request):
    "Get user's stats"

would become

def get_stats(self, request):
    "Get user's stats"
get_stats = bobo.resource('/rest/getstats', 'GET')(get_stats)

and such. This should be an easy approach to REST.

As for the authentication, you could pipe repoze.who into the WSGI pipeline. There are a some very simple repoze.who plugins for the facebook API out there in the wild (unfortunately none of them on pypi), I wrote a very simple one myself for a simple Facebook application a while ago. You can check it out here, along with a brief wiki and some dependency graphs that might help keep your app lightweight and memory-efficient. (Note on the dependency graphs there: some of the Zope libraries has been simplified since then; for Facebook authentication to work, you only need zope.interface.)

Maybe I didn't really give you anything specific (or useful), but these are just a few links you can take a look at, they might come in handy.