Developer's Guide: Protocol

The Contacts Data API allows client applications to view and update a user's contacts. Contacts are stored in the user's Google Account; most Google services have access to the contact list.

Your client application can use the Contacts Data API to create new contacts, edit or delete existing contacts, and query for contacts that match particular criteria.

In addition to providing some background on the capabilities of the Contacts Data API, this document provides examples of how to interact with contacts using XML and HTTP. After reading this document, you may wish to learn more about interacting with the API using our client libraries by reading the programming-language-specific sections of this developer's guide.

Contents

Audience

This document is intended for programmers who want to write client applications that can interact with Google's contact lists using HTTP and XML.

This document assumes that you understand the general ideas behind the Google Data APIs protocol.

If you're using a UNIX system and you want to try the examples in this document without writing any code, you may find the UNIX command-line utilities curl or wget useful; for more information, see the manual pages for those utilities.

For Contacts Data API reference information, see the Protocol reference guide.

Getting started

Creating a Google Account

You may want to sign up for a Google Account for testing purposes. Contacts are associated with Google Accounts, so if you already have a Google Account, you're all set.

Note: To view your contacts without using the Contacts Data API, you can log in to Gmail and click the Contacts link.

Authenticating

All Contacts Data API feeds are private. Thus, your client needs to authenticate before accessing a contacts feed. It can authenticate using either of two approaches: ClientLogin username/password authentication or AuthSub proxy authentication.

For more information about authentication with Google Data APIs in general, see the authentication documentation.

AuthSub proxy authentication

AuthSub proxy authentication is used by web applications that need to authenticate their users to Google Accounts. The website operator and the client code don't have access to the username and password for the user; instead, the client obtains special AuthSub tokens that allow the client to act on a particular user's behalf. For more detailed information, see the AuthSub documentation.

Note: You must register your application domain with Google before you can use AuthSub with the Contacts Data API. However, you don't need to use the "Registered with enhanced security" option.

When a user first visits your application, they have not yet been authenticated. In this case, you need to display some information and a link directing the user to a Google page to authenticate your request for access to their contacts.

The following query parameters are included in the AuthSubRequest URL:

next

The URL of the page that Google should redirect the user to after authentication.

scope

Indicates that the application is requesting a token to access contacts feeds. The scope string to use is http://www.google.com/m8/feeds/ (URL-encoded, of course).

secure

Indicates whether the client is requesting a secure token.

session

Indicates whether the token returned can be exchanged for a multi-use (session) token.

If you aren't requesting a secure token, the AuthSubRequest URL might look like this:

https://www.google.com/accounts/AuthSubRequest?scope=http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F&session=1&secure=0&next=http%3A%2F%2Fwww.example.com%2Fwelcome.html

The user follows the link to Google's site and authenticates to their Google Account.

After the user authenticates, the AuthSub system redirects them to the URL you specified in the next query parameter of the AuthSubRequest URL. The AuthSub system appends an authentication token to that URL, as the value of the token query parameter. For example:

http://www.example.com/welcome.html?token=yourAuthToken

This token value represents a single-use AuthSub token. In this example, since session=1 was specified, this token can be exchanged for an AuthSub session token by calling the AuthSubSessionToken service with the single-use token in an Authorization header like this:

GET /accounts/AuthSubSessionToken HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="yourAuthToken"
User-Agent: Java/1.5.0_06
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

The AuthSubSessionToken service response includes a Token header that contains the session token and an Expiration header that indicates how long the token will remain valid.

Your application can then use the session token value in the Authorization header of subsequent interactions with contacts.

Here's an example of an HTTP request, containing a non-secure token, that you might send to request a contacts feed:

GET /m8/feeds/contacts/liz%40gmail.com/base HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="yourSessionToken"
User-Agent: Java/1.5.0_06
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

ClientLogin username/password authentication

Use ClientLogin authentication if your client is a standalone, single-user "installed" client (such as a desktop application). To request an authentication token using the ClientLogin mechanism, send a POST request to the following URL:

https://www.google.com/accounts/ClientLogin

The POST body should contain a set of query parameters that look like parameters passed by an HTML form, using the application/x-www-form-urlencoded content type. These parameters are:

accountType

Type of account to be authenticated. The default is GOOGLE; if you want to support Google Apps users, use HOSTED_OR_GOOGLE.

Email

The user's email address.

Passwd

The user's password.

service

The service name for contacts feeds is cp. (For other service names, see the service name list.)

source

Identifies your client application. Should take the form companyName-applicationName-versionID. The examples use the name exampleCo-exampleApp-1.

For more information about the parameters, see the Authentication for Installed Applications document.

If the authentication request fails, then the server returns an HTTP 403 Forbidden status code.

If it succeeds, then the server returns an HTTP 200 OK status code, plus three long alphanumeric codes in the body of the response: SID, LSID, and Auth. The Auth value is the authorization token that you'll send with each of your subsequent contacts-feed requests, so keep a copy of that value. You can ignore the SID and LSID values.

Since all requests to private feeds require authentication, you have to set the Authorization header in all subsequent interactions with contacts feeds, using the following format:

Authorization: GoogleLogin auth=yourAuthToken

Where yourAuthToken is the Auth string returned by the ClientLogin request.

For more information about ClientLogin authentication, including sample requests and responses, see the Account Authentication for Installed Applications documentation.

Note: Use the same token for all requests in a given session; don't acquire a new token for each contacts request.

Feed URL

The feed URL is in one of the following forms:

http://www.google.com/m8/feeds/contacts/userEmail/base

http://www.google.com/m8/feeds/contacts/default/base

Note: You can also substitute default for the user's email address, which tells the server to return the contacts for the user whose credentials accompany the request.

Note: Only the authenticated user's email address can be specified in the URL.

Creating contacts

After authenticating, you can publish new contact entries.

First, create an XML representation of the contact to publish. This XML needs to be in the form of an Atom <entry> element, which might look like this:

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom'
    xmlns:gd='http://schemas.google.com/g/2005'>
  <atom:category scheme='http://schemas.google.com/g/2005#kind'
    term='http://schemas.google.com/contact/2008#contact' />
  <atom:title type='text'>Elizabeth Bennet</atom:title>
  <atom:content type='text'>Notes</atom:content>
  <gd:email rel='http://schemas.google.com/g/2005#work'
    address='liz@gmail.com' />
  <gd:email rel='http://schemas.google.com/g/2005#home'
    address='liz@example.org' />
  <gd:phoneNumber rel='http://schemas.google.com/g/2005#work'
    primary='true'>
    (206)555-1212
  </gd:phoneNumber>
  <gd:phoneNumber rel='http://schemas.google.com/g/2005#home'>
    (206)555-1213
  </gd:phoneNumber>
  <gd:im address='liz@gmail.com'
    protocol='http://schemas.google.com/g/2005#GOOGLE_TALK'
    rel='http://schemas.google.com/g/2005#home' />
  <gd:postalAddress rel='http://schemas.google.com/g/2005#work'
    primary='true'>
    1600 Amphitheatre Pkwy Mountain View
  </gd:postalAddress>
</atom:entry>

To publish this entry, send it to the contact-list post URL as follows. First, place your Atom <entry> element in the body of a new POST request, using the application/atom+xml content type. Then send it to the post URL. For example, to add a contact to the contact list belonging to liz@gmail.com, post the new entry to the following URL:

http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base

The Google server creates a contact using the entry you sent, then returns an HTTP 201 CREATED status code, along with a copy of the new contact in the form of an <entry> element. The entry returned is the same one you sent, but it also contains various elements added by the server, such as an <id> element.

Note: When there is already an entry with the same email address (after lowercasing and trimming), then the contact is not created, and Google returns a 409 Conflict status code.

If your request fails for some reason, Google may return a different status code. For information about the status codes, see the Google Data API protocol reference document.

Retrieving contacts

Retrieving all contacts

To retrieve the user's contacts, send an HTTP GET request to the contacts feed URL. Google then returns a feed containing the appropriate contact entries. For example, to get a list of contacts for liz@gmail.com, send the following HTTP request:

GET http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base

Contacts then returns an HTTP 200 OK status code and a standard Atom 1.0 feed containing the contacts.

Note: The feed may not contain all of the user's contacts, because there's a default limit on the number of results returned. For more information, see the max-results query parameter in Retrieving contacts using query parameters.

The following is an example of a contacts feed with only one entry.

<feed xmlns='http://www.w3.org/2005/Atom'
    xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/'
    xmlns:gd='http://schemas.google.com/g/2005'>
  <id>http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base</id>
  <updated>2008-03-05T12:36:38.836Z</updated>
  <category scheme='http://schemas.google.com/g/2005#kind'
    term='http://schemas.google.com/contact/2008#contact' />
  <title type='text'>Contacts</title>
  <link rel='http://schemas.google.com/g/2005#feed'
    type='application/atom+xml'
    href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base' />
  <link rel='http://schemas.google.com/g/2005#post'
    type='application/atom+xml'
    href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base' />
  <link rel='self' type='application/atom+xml'
    href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base?max-results=25' />
  <author>
    <name>Elizabeth Bennet</name>
    <email>liz@gmail.com</email>
  </author>
  <generator version='1.0' uri='http://www.google.com/m8/feeds/contacts'>
    Contacts
  </generator>
  <openSearch:totalResults>1</openSearch:totalResults>
  <openSearch:startIndex>1</openSearch:startIndex>
  <openSearch:itemsPerPage>25</openSearch:itemsPerPage>
  <entry>
    <id>
      http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/c9012de
    </id>
    <updated>2008-03-05T12:36:38.835Z</updated>
    <category scheme='http://schemas.google.com/g/2005#kind'
      term='http://schemas.google.com/contact/2008#contact' />
    <title type='text'>Fitzgerald</title>
    <link rel='self' type='application/atom+xml'
      href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/c9012de' />
    <link rel='edit' type='application/atom+xml'
      href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/c9012de/1204720598835000' />
    <gd:phoneNumber rel='http://schemas.google.com/g/2005#home'
      primary='true'>
      456
    </gd:phoneNumber>
  </entry>
</feed>

Retrieving contacts using query parameters

The Contacts Data API lets you request a set of contacts that match specified criteria, such as requesting contacts updated after a given date.

For example, to send a date-range query, add the updated-min parameter to the request URL. To get all the contact entries updated after March 16, 2007, send an HTTP request to the contact's feed URL:

GET http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base?updated-min=2007-03-16T00:00:00

When you send that GET request, the server returns an HTTP 200 OK status code and a feed containing any contacts that were created or updated after the date specified.

The Contacts Data API supports the following query parameters:

alt

The type of feed to return, such as atom (the default) or rss.

max-results

The maximum number of entries to return. If you want to receive all of the contacts, rather than only the default maximum, you can specify a very large number for max-results.

start-index

The 1-based index of the first result to be retrieved (for paging).

updated-min

The lower bound on entry update dates.

orderby

Sorting criterion. The only supported value is lastmodified.

showdeleted

Include deleted contacts in the returned contacts feed. Deleted contacts are shown as entries that contain nothing but an <atom:id> element and a <gd:deleted> element. (Google retains placeholders for deleted contacts for 30 days after deletion; during that time, you can request the placeholders using the showdeleted query parameter.)

sortorder

Sorting order direction. Can be either ascending or descending.

Note: To track incremental changes to a contact list, do the following: When you send a request for a feed, keep track of the value of the feed's <updated> element. Then you can later retrieve only the contacts that have changed since the previous request by setting updated-min to that <updated> value, and setting showdeleted to true.

For more information about query parameters, see the Contacts Data API Reference Guide and the Google Data APIs Reference Guide.

Note: By default, the entries in a feed are not ordered.

Retrieving a single contact

To retrieve a specific contact, send an HTTP GET request to the self link of this contact. The server returns a contact entry. For example, to get a contact with self link set to http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/12345, send the following HTTP request:

GET http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/12345

The server then returns an HTTP 200 OK status code and an entry containing the contact.

Updating contacts

To update an existing contact, first you retrieve the entry you want to update, then you modify it, and then you send a PUT request, with the updated entry in the message body, to the contact's edit URL. Use the application/atom+xml content type. Be sure that the <id> value in the entry you PUT exactly matches the <id> of the existing entry.

Note: The contact's name is stored in the <atom:title> element.

The edit URL ends with a version number, in order to detect conflicts of updates from different sources; for more information, see the versioning section of the Google Data APIs reference guide.

The edit URL is highlighted in the following entry:

<entry>
  <id>http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/8411573</id>
  <updated>2008-02-28T18:47:02.303Z</updated>
  <category scheme='http://schemas.google.com/g/2005#kind'
    term='http://schemas.google.com/contact/2008#contact' />
  <title type='text'>Fitzgerald</title>
  <content type='text'>Notes</content>
  <link rel='self' type='application/atom+xml'
    href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/8411573' />
  <link rel='edit' type='application/atom+xml'
      href='http://www.google.com/m8/feeds/contacts/liz%40gmail.com/base/8411573/1204224422303000' />
  <gd:phoneNumber rel='http://schemas.google.com/g/2005#other'
    primary='true'>456-123-2133</gd:phoneNumber>
</entry>

IMPORTANT: To ensure forward compatibility, be sure that when you PUT an updated entry you preserve all the XML that was present when you retrieved the entry from the server. Otherwise, when we implement new stuff and include <new-awesome-feature> elements in the feed, your client won't return them and your users will miss out. The Google Data API client libraries all handle this correctly, so if you're using one of the libraries you're all set.

Troubleshooting Tip: Some firewalls block HTTP PUT messages. To get around this, you can include a X-HTTP-Method-Override: PUT header in a POST request. For details, see the Google Data API protocol basics document.

Deleting contacts

To delete a contact, send a DELETE request to the contact's edit URL. This is the same URL used to update contacts. (Google retains placeholders for deleted contacts for 30 days after deletion; during that time, you can request the placeholders using the showdeleted query parameter.)

Troubleshooting Tip: Some firewalls block HTTP DELETE messages. To get around this, you can include a X-HTTP-Method-Override: DELETE header in a POST request. For details, see the Google Data API protocol basics document.

Note: To update existing contacts, see Updating contacts; don't update by deleting contacts and then re-adding them.

Back to top