API Intro
G.ho.st is designed to be an open Web operating system.
You can see how users have added new applications to G.ho.st in your Virtual Computer using Go menu/All Programs/App Directory
The goals of the G.ho.st API are to allow application developers, G.ho.st and third-parties to add any web-based application
to G.ho.st with tight integration to the data and preferences inside G.ho.st.
The specific functions of the API (all subject to appropriate user consent) :
- Allow a user to launch a third-party web app visually integrated in a window on the G.ho.st Desktop
- Allow the third-party to rely on G.ho.st authentication to effect single sign-on
- Allow a file to be passed to the web app for viewing/editing and to be saved back to G.ho.st Drive
- Provide a full file system to the web app by offering full read/write access to the user's G.ho.st Drive using Webdav
- Pass user preferences like language, font, etc. from G.ho.st to the third-party app
The API is designed to be very light weight with a simple convenient approach to launching third-party apps by a URL
and passing data as parameters to that URL.
The API is entirely technology agnostic. Your web app can be AJAX, Flash or applet with any backend provided only it is
launched in a web page with a URL
We regret that at this time G.ho.st does not provide hosting for your Web app. You are free to use any
vendor such as traditional co-hosting (e.g. GoDaddy), cloud (e.g. Amazon Web ServiceS) or more specific frameworks
such as Google. In the special case that your app is compiled into a single .swf file (including solo OpenLaszlo apps) then you can simply
store it in G.ho.st Drive and make it public and use the download URL as your app URL.
GOSPL in general and the API for launching third-party apps is still in it's infancy - we appreciate your patience and feedback.
Security
Security relies mainly on the browser's own sandbox security model- third-party apps are run in a separate iframe
and as they load from
different domains they have no access to user's desktop and data except to the extent explicitly passed by G.ho.st to
web app which is only done with user's permission.
GOSPL concept
The API is a key part of the emerging GOSPL architecture - the G.ho.st web Operating System PLatform.
The overall vision is as follows:
G.ho.st provides the following services to the Web App.
- Screen real estate: G.ho.st will launch as Web app in it's own iframe (based on the size preferred by the app)
- Identity: G.ho.st will identify the user to web app. Subject to user's consent, G.ho.st may pass the G.ho.st ID and in the future other profile information to the web app.
- Session: G.ho.st will identify the logical window to the web app so that the web app can recreate the session if the user disconnects and reconnects
- Preferences: G.ho.st will tell the app the user's preferred language, font, etc.
- File system: Subject to user's consent, G.ho.st will give the app access to either a specific file or the entire user's G.ho.st Drive (using WebDAV).
In the future G.ho.st hopes to give the app access to third-party "web drive" file systems like Google Docs aggregated by G.ho.st.
- Communication: G.ho.st plans to give the web app access to desktop notification, and perhaps email, IM and third-party social networks (as G.ho.st itself now allows it's users to send messages on third party networks).
- Revenue: In the future G.ho.st may provide billing and monetization services and arrangements to split revenue
between the web app or services provider and G.ho.st who refers users to them.
Hello World third-party app in G.ho.st
You can use the G.ho.st API to add your own web-based application into G.ho.st.
To add a Web App to your G.ho.st VC you can right-click on the desktop (always choose to put it in My Web Apps as well) :
or created it directly in My Web Apps :
For your first Web App first try the following configuration :
Save and then double click on the Hello World icon. G.ho.st will open a window and inside it an iframe loaded from the URL you specified which should
show the message "Hello World" and some other text. Congratulations, you have configured your first third-party app inside G.ho.st.
OK, that test app was actually from G.ho.st, not a third-party, so you can edit the attributes of the Web App Thing and play with simple third-party URLs such as:
Now edit the URL to point at Hello World again but this time tell G.ho.st how to pass some important data to the Hello World
by using the following URL:
https://G.ho.st/developers/ghostApiHelloWorld.html?myuserid=%%GHOSTID%%&userHandle=%%GHOSTUSERHANDLE%%&myLang=%%LANG%% &myLanguage=%%LANGUAGE%%&myfont=%%FONT%%&myfontsize=%%FONTSIZE%%&myfontcolor=%%FONTCOLOR%% &id=%%GHOSTID%%:%%WINDOWID%%&myServer=%%SERVER_DOMAIN%% &usersGhostDriveWebdav=%%USERWEBDAV%%
Notice now how G.ho.st asks for permission before running the app and Hello World has received some information about the user - userid, language and a webdav url for accessing the user's files.
Your app can receive the same data in the same way (using your own preferred parameter names). You should see the following:
URL Parameters
Before G.ho.st launches a Web App URL it will look for the following wild cards, ask the user for permission,
and substitute them with appropriate data as follows. Many existing apps already support these parameters - G.ho.st
has used these same set of parameters to integrate with Zoho®, ThinkFree®, Pixlr®, Snipshot® and more.
Identity
| Parameter | Meaning | User permissions |
| %%GHOSTUSERHANDLE%% |
A unique identifier of the G.ho.st user (encrypted G.ho.st id) |
None |
| %%GHOSTID%% |
G.ho.st user id (without the @G.ho.st) |
Required (this reveals user's email) |
| %%WINDOWID%% |
Unique number for this app instance (e.g. '1001' - is globally unique when combined with %%GHOSTID%%
Use this to save state and recover when user next logs in |
None |
File system
| Parameter | Meaning | User permissions |
| %%USERWEBDAV%% |
G.ho.st will pass a Webdav URL which gives full read/write access to user's G.ho.st Drive for 30 minutes |
User must give permission for full access to G.ho.st Drive |
User preferences
| Parameter | Meaning | User permissions |
| %%LANG%% |
User's language preference e.g. 'en' or 'pt-br'. For a language not supported default to English. |
N/A |
| %%LANGUAGE%% |
User's language preference e.g. 'english' or 'portuguese-brazilian' (%%LANG%% is recommended instead) |
N/A |
| %%FONT%% |
User's font choice e.g. 'Arial' |
N/A |
| %%FONTSIZE%% |
User's font size choice (in pt) e.g. '12' |
N/A |
| %%FONTCOLOR%% |
User's font size - decimal integer equivalent to 0xRRGGBB (e.g. '0' is black '65535' is brightest blue) |
N/A |
File editing (Coming soon)
| Parameter | Meaning | User permissions |
| %%FILEREADURL%% |
Signed URL for editor app to GET file from |
User permission required |
| %%FILESAVEURL%% |
Signed URL for editor to save file by POSTing to using multi-part POST |
User permission required |
| %%FILENAME%% |
Name of file - for editor to use as title - will be UTF8 |
N/A |
| %%ESCFILENAME%% |
Same as %%FILENAME%% with extra level of URL escaping (certain editors require for history reasons) |
N/A |
| %%EXT%% |
DOS file extension (lower case) e.g. jpg, xls, docx etc. |
N/A |
Examples
- Pixlr: http://www.pixlr.com/express/?redirect=false&referrer=G.ho.st& loc=%%LANG%%&image=%%FILEREADURL%%&method=POST&target=%%FILESAVEURL%%&credentials=true&title=%%FILENAME%%
- Zoho Writer: http://export.writer.zoho.com/remotedoc.im?apikey=e0c3c5659aa7fd839c829784eb79fd4b& output=editor&format=doc&id=111111&saveurl=%%FILESAVEURL%%&url=%%FILEREADURL%%& filename=%%FILENAME%%&format=xls&lang=%%LANG%%
Submitting to App Directory
First make sure your Web App Thing is in My Web Apps and is well documented - try to fill out all attributes appropriately.
Then simply open the App Directory from Go menu/All Programs, select a suitable category and click Submit app (Advanced).
Well behaved web apps
Your Web app will be well behaved if it follows the following rule
- Stay in the iframe - never create any hyperlinks that TARGET _TOP or _BLANK; Don't try to access anything in the DOM
higher than the iframe the web app is loaded from as it will cause an error. Avoid pop-ups.
- Comply with user's preferences and especially language
- Save state regularly and reconstruct the session as accurately as possible (including the specific GUI state where possible)
whenever your app is opened again with the same
%%GHOSTID%% and %%WINDOWID%% combination (e.g. use %%GHOSTID%%:%%WINDOWID%% as a key for storing/restoring session state.
Roadmap
We are thinking about the following enhancements but have no timetable yet - everything will depend on the uptake and feedack
for the API so far:
- Using OpenID with G.ho.st as a provider for SSO
- Allowing notification back from app to user desktop (at least an indication that the corresponding task bar item
should flash to indicate an incoming message or other event which requires user's attention)
- Open directory of web apps with user rating, reviews etc.
- REST APIs for accessing other data in the desktop such as Things, tags, My Logins,...
Revenue
Currently G.ho.st is happy to refer traffic to your web app free of charge and G.ho.st thanks you for making the
G.ho.st experience richer. If your app has no revenue we plan to continue this arrangement.
If your app is commercial and is bringing in revenue
(e.g. from advertising, subscription, e-commerce) then in the future G.ho.st may look for a split of
gross profit (i.e. of revenue less direct hosting costs) in return for referring traffic - as is common in the industry.
We may also consider offering billing services and other services to help you monetize.
Community
Please discuss at http://forums.g.ho.st/viewforum.php?f=12. If you plan to use the API please notify G.ho.st at
Copyright 2009 Ghost Inc. (G.ho.st). All Rights Reserved. Use of API is subject to terms of service which may change from time to time
|
