Orkut Application Platform

Off-Site Applications: Protocol

The protocol used by off-site applications is called "the JSON-RPC protocol", or the "3LO protocol", because it consists of RPC requests and responses encoded as JSON objects, employing 3-legged OAuth as the authentication standard. Our implementation is based on the OpenSocial 0.8 RPC Protocol.

Using a Client Library

We highly recommend that you use one of the many available client libraries instead of trying to implement the protocol directly. For example, we have the Orkut Client Library that implements this protocol in the Java language. If you intend to use that library, we recommend reading the Client Library Developer Guide.

Implementing Directly

Here are the important pieces of information you need to know to use the protocol directly:

OAuth signature method: use HMAC-SHA1
OAuth consumer key use the consumer key you obtained when you registered your application. It will typically be a domain name like xyz.example.com.
OAuth consumer secret: also provided to you upon registration.
Request URL: https://www.google.com/accounts/OAuthGetRequestToken
Authorization URL: https://www.google.com/accounts/OAuthAuthorizeToken
Access URL: https://www.google.com/accounts/OAuthGetAccessToken
OAuth Scope: http://orkut.gmodules.com/social
Server URL: http://www.orkut.com/social/rpc

One of the most practical ways to experiment with API calls over OAuth is using the OAuth Playground. Here is an example of how to use it with Orkut in order to make a simple person fetch request:

  1. Open the OAuth Playground.
  2. On Item 1, do not select Orkut from the list, as it is out of date. Instead, input the following scope directly: http://orkut.gmodules.com/social.
  3. On Item 2, change the OAuth signature method to HMAC-SHA1.
  4. Fill in your consumer key and secret on the appropriate boxes.
  5. On Item 3, click Request Token. Notice that the token and token secret boxes are filled automatically.
  6. On Item 4, click Authorize. This will cause you to be redirected to the Google authentication page to authorize the token.
  7. On Item 5, click Access Token to obtain the final (access) token.
  8. You are now authenticated. Let's try a sample API call.
  9. On Item 6, change the method from GET to POST.
  10. Enter the following URI: http://www.orkut.com/social/rpc
  11. Click the enter post data link.
  12. Select application/json as the Content-Type.
  13. Enter the body of the post as given below.
  14. Click Execute

Here is the body of the POST request:

  "method" : "people.get",
  "id" : "myself",
  "params" : {
    "userId" : "@me",
    "groupId" : "@self"

If the preceding steps executed correctly, you will probably see output similar to this one in the response box:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Date: Wed, 18 May 2011 18:46:31 GMT
Expires: Wed, 18 May 2011 18:46:31 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked


Notice that the body of the response is a JSON string. For more information about the syntax of requests and responses, refer to the OpenSocial 0.8 RPC Protocol Specification, which is the basis for Orkut's implementation.

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.