How-to Import contacts from hotmail, live, gmail, yahoo

Troj picture Troj · Sep 7, 2010 · Viewed 7.3k times · Source

I wounder if soemone know which APIs I need to use if I want to create a importer, just like the one in facebook. importing users and their e-mails.

Answer

Joel Verhagen picture Joel Verhagen · Sep 7, 2010

I'll have you know right from the start, this is general knowledge about these APIs and not specified to asp.net.

I have gotten contact importing to work on my web app for all of these services and more.

Here's a break-down about each service. If you want some confirmation, you can check out this similar post.

Before I tell you anything, you'd better have a good understanding of how OAuth works and all about three-legged authentication.

Hold on! Wait a minute! What the heck is three-legged authentication? It sounds kind of awkward or twisted. Well I'll tell you here but I would really recommend reading up on OAuth and how it relates to three-legged authentication. It's pretty neat. Anyways, three-legged authentication is a way for users (i.e. people using your app) to log into external services (i.e. Google, Yahoo, Live) so that the consumer of these services (i.e. your app) can access the user's private data on said external services. How 'bout that tricolon crescendo.

The three legs are as follows:

  1. The user is redirected from your app to the external service provider with some information identifying your that your app wants play with some private information (like names and email addresses).
  2. The user logs in on that external site and is redirected back to your app with an authenticated token (think of this as a short-term password that lets your app see the user's private data).
  3. Your app uses the authenticated token to retrieve the actual data straight from the external service provider.

Wow. That's pretty circuitous don't you think? Well the reason the big names do this is so that the user doesn't have to reveal their password to you, the writer of the app. We wouldn't want user's passwords floating around in all these third-party apps, would we?

OAuth is simply an application of the broader concept of three-legged authentication.

Now on to what you actually asked.

Hotmail / Live

Hotmail is now known ad Windows Live Hotmail. So Hotmail is a subset of Live, which is controlled by Microsoft. Just thought you should know.

Live's contact API is the most annoying of all of them, in my opinion. It doesn't use OAuth, which is the widely accepted solution for three-legged authentication. It uses its own thing called Delegated Authentication. Who are they to go against the industry standard? They must think they're the biggest computing company in the world or something...

Here's the API documentation.

Gmail / Google

Google contacts API uses OAuth. The reason OAuth is so great is because its widely used, so there are a TON of libraries already written for it in a bunch of different languages (when I was doing this, I was working in PHP. Here's one I found for asp.net).

Google Contacts API is part of the larger Google Data APIs. Authentication for Google Data APIs with OAuth is outlined here. The documentation for the Google Contacts API itself is right here.

Note that in the documentation for Google Contacts API, it only mentions two methods of authenticating: AuthSub (think of it as Google's propriety version of OAuth) and ClientLogin (this isn't three-legged authentication at all. The user gives your app their username and password to log in programmagically. OAuth still works! It's what I used.

I would definitely recommend using OAuth.

Yahoo

Yahoo is the simplest of them all. They really only allow OAuth. Once you've mastered OAuth with Google Contacts API, getting it to work with Yahoo Contacts API is really really easy. The only difference between Google Contacts API and Yahoo Contacts API is a few URLs during authentication and how you parse the data you get back from the API.

Here's some linkage.