GAE is a terrific platform, and this book takes advantage of its simplicity and uses it as the standard for communicating how to build web applications that interact with PayPal APIs. It’s very easy to get an application up and running locally for test purposes, yet the same applications that you’ve implemented can be run and scaled out on the very same infrastructure that Google uses for its own applications with virtually no additional work! A vast amount of documentation about GAE is available online, so let’s assume that you’ll take a little time to familiarize yourself by reviewing the App Engine Python Overview, which includes a “getting started” guide that walks you through installation of the Python Software Development Kit (SDK).
Assuming you’ve installed the Python SDK[1] and done little more than use Google App Engine Launcher
to create a new sample project, you’ve essentially already implemented
a
traditional “Hello, world” program that you can run on your
local machine. Launch the program by clicking the Run button, and then
click the Browse button to launch and navigate your browser so that
you successfully see “Hello world!” to make sure that everything is up
and running. Then, take a peek at the contents of app.yaml and main.py, which are reproduced in Examples
1-1 and 1-2
for convenience. At a high level, the salient points are that the name
of the application is helloworld; that MainHandler is
assigned to the root context of the web application, as indicated by
the presence of ('/', MainHandler) in the list that’s
supplied to the WSGIApplication class
constructor; and a get method is defined for
MainHandler, which allows
the web application to respond to your browser’s GET request when
you click the Browse button from the Google App Engine
Launcher.
Example 1-1. app.yaml from a stock GAE project
application: helloworld version: 1 runtime: python api_version: 1 handlers: - url: /favicon\.ico static_files: favicon.ico upload: favicon\.ico - url: .* script: main.py
Example 1-2. main.py from a stock GAE project
from google.appengine.ext import webapp
from google.appengine.ext.webapp import util
class MainHandler(webapp.RequestHandler):
def get(self):
self.response.out.write('Hello world!')
def main():
application = webapp.WSGIApplication([('/', MainHandler)],
debug=True)
util.run_wsgi_app(application)
if __name__ == '__main__':
main()At this point, if you naively click the Deploy button to try to
deploy the application to the Web, you’ll get an unfortunate error in
the logging console to the effect of, “You do not have permission to
modify this app (app_id=u'helloworld').” In other words, it’s telling
you that the application id of helloworld that’s specified in
app.yaml is already registered by someone else
and that you’ll need to try another one. It’s unfortunate that the
error message doesn’t give you a bit more information, because what
you really need to do at this point is click the Dashboard button to
log into
your GAE account and register a web application with a unique
identifier, which in turn corresponds to a unique appspot.com
subdomain. For example, a GAE web application with an application
identifier of helloworld would correspond to http://helloworld.appspot.com. You can only register a
limited number of application identifiers for free, so it’s
recommended that you create a generic identifier that you can reuse
for multiple test applications. The identifier that’ll be used
throughout this book is ppapis2e, which somewhat
corresponds to this book’s title, PayPal APIs: Up and
Running (Second Edition). You can use whatever identifier
you’d like.
You should verify that you can register an application identifier and deploy it to appspot.com before reading further. The steps you should take simply involve:
Clicking the Dashboard button in the Google App Engine Launcher
Authenticating into the dashboard with your Google account
Creating an application in the dashboard
Changing the top line of your local app.yaml file to reflect your web application’s name you’ve chosen
Clicking the Deploy button in the Google App Engine Launcher
Navigating your web browser to the corresponding URL on http://appspot.com that corresponds to the subdomain that you’ve chosen, i.e., a URL such as http://ppapis2e.appspot.com
There’s lots more that could be said about GAE, but we should review at least one more important skill that you’ll need before leaving you to the online documentation: implementing HTTP requests. In GAE parlance, this skill is filed under the URL Fetch Python API.
One thing that should be mentioned about GAE is that there are
some modules from the standard library that are not accessible because
of the sensitive nature of running applications in a shared
environment. Unfortunately, urllib, urllib2,
and httplib are some common modules that you may have
used for implementing HTTP requests that are off limits to your GAE
application; however, GAE naturally provides ways to make both
synchronous and asynchronous requests in a familiar enough manner.
Example 1-3 is an updated version of
Example 1-2 that makes use of the
urlfetch function to perform a synchronous HTTP request.
(Asynchronous requests are made in a very similar manner except that a
callback function defines what should happen once the request
completes.) Note the use of the keyword parameter
validate_certificate, which is employed
to ensure that the request is securely completed so as to avoid
potential man-in-the-middle
attacks. You should be able to deploy the application and
verify that it can indeed securely fetch the URL https://paypal.com/ before continuing.
When implementing an online commerce application, always be a bit paranoid and routinely double-check security assumptions.
Example 1-3. An updated main.py that illustrates how to use the urlfetch function to perform a secure HTTP request
from google.appengine.ext import webapp
from google.appengine.ext.webapp import util
from google.appengine.api import urlfetch
class MainHandler(webapp.RequestHandler):
def get(self):
url = "https://www.paypal.com/"
result = urlfetch.fetch(
url,
validate_certificate=True # Avoid man-in-the-middle attacks
)
if result.status_code == 200:
self.response.out.write('Successfully fetched ' + url)
else:
self.response.out.write('Could note fetch %s (%i)' % (url, result.status_code,))
def main():
application = webapp.WSGIApplication([('/', MainHandler)],
debug=True)
util.run_wsgi_app(application)
if __name__ == '__main__':
main()Hopefully, you are now comfortable enough with GAE that you can find your way around and use the online documentation to fill in basic knowledge gaps. Generally speaking, the overall flow for each application is discussed to some degree when sample code is introduced, and inline source code comments are provided wherever helpful, but a basic working knowledge of GAE is assumed moving forward.
[1] As of this writing, version 1.6.0 is the latest SDK, which supports the Python 2.5 runtime by default. The Python 2.7 runtime is a stable—but still considered experimental—feature.