FAQ about the Google Buzz API browser.
The Google Buzz team launched the Google Buzz API today. Using the Google Buzz API browser, you can find out what information it publishes.
About the Google Buzz API and the Google Buzz API browser
What is the Google Buzz API?
It's a new service provided by Google that lets computer programs get information from Google Buzz. What kind of information does the Google Buzz API provide?
Please see the Google Buzz developer documentation, which describes all the different kinds of requests that the API will answer. What is the Google Buzz API Browser?
The Google Buzz API Browser is a tool to let you ask the Google Buzz API for information and see the replies. Is it designed to exploit vulnerabilities in the Google Buzz API?
No. The Google Buzz API Browser makes normal requests to the Google Buzz API, exactly as recommended and documented in the Google Buzz developer documentation. Why did you create it?
I'm a Google Buzz user. When I heard about the new API, I was curious to know what information it exposes about me. I realized that there wasn't an easy way for regular users of Google Buzz to see what the API publishes about them, and that other users might also want to know that too. Did the Google Buzz team ask you to do this?
No. I work at Google, but I'm not on the Google Buzz team.
Using the Google Buzz API browser
How do I use it?
In Simple mode, there is a single search box, and the reply from the Google Buzz server is shown below it. Some information is omitted from the display, to make it easier to read.
In the search box, you can enter any keywords, including names or usernames. Because Google Buzz searches content from other services, you can also try usernames on those other services (such as Twitter usernames).
In Detailed mode, there are two boxes you can type into, similar to the two boxes in most web browsers. The box on the left is a location box; it shows what was just requested. The box on the right is the search box. In this mode, the entire reply from the Google Buzz server is shown.
In the location box, you can enter any Google Profile name, or enter any API path (the part of the URL that comes after "https://www.googleapis.com/buzz/v1"). For Gmail users, the Google Profile name is the Gmail username. For other Google Accounts, the user can choose their own Google Profile name. Who can see the information that it shows me?
Anyone. The Google Buzz API browser does not use your password or identity or any special privileges to get the information that it shows you. So, anything you see in the results is available to the public through the Google Buzz API. What's the difference between the blue and red links?
The replies from the Google Buzz server contain links that you can click to explore further. The blue links point to regular web pages, on various Google products and elsewhere. The red links make further API requests, and will load up more information in the Google Buzz API browser. Just like the Back and Forward buttons in your regular web browser, the ◀ and ▶ buttons to the left of the location box will step back and forward in the history of API replies that you've viewed. If I see "(empty)", does that mean my information is private?
It means that the Google Buzz API has nothing to show to an unconnected member of the public. However, applications or websites that you have authorized may have access to more of your Google Buzz information than you see in the Google Buzz API browser. Also, there may be other ways, aside from the Google Buzz API, to obtain information about your Google Buzz account.
How it works
Do you log requests to the Google Buzz API browser?
When you load the page, your browser requests the page from my web server, and that request is logged. But after that, whatever you enter in the location box or search box is not logged by my server. In fact, it never reaches my server; the API requests go directly from your browser to Google Buzz. Does your server see the information that is displayed to me?
No. That information is coming directly from Google Buzz to your browser. The Google Buzz API browser is a JavaScript program; it runs in your browser and communicates only with Google Buzz, not with my server. How do you know that the information it shows is available to anyone?
Most requests to the Google Buzz API require an access token, which corresponds to a Google Account and allows a program to act with the privileges of that account. For the Google Buzz API browser, I created a dummy Google Account that has no friends and no connections to anything. The Google Buzz API browser then uses an access token representing this user to ask for information. Can I see the source code?
Certainly! Just look at the source of the page. It's all there, and it's open source under the Apache License, version 2.0.
Your thoughts? More questions?
Please use the comment area below to post your feedback and questions. I'll try to keep this post updated with answers to common questions.