Talking to the BigQuery API - Google BigQuery Analytics

Database Reference

In-Depth Information

all of the data is considered sensitive, so it must be sent encrypted. In the

past, people cited performance reasons for avoiding HTTPS. Now, most

people believe that the security gained (prevention against

man-in-the-middle attacks, authentication of both client and server, and so

on) is worth the 1 or 2 percent performance hit.

Host

The hostname for all BigQuery requests is www.googleapis.com . Most,

if not all, Google APIs use the same domain. They are not hosted at

google.com for security reasons. If BigQuery was hosted at google.com

and there was a cross-site-scripting (XSS) vulnerability in some Google web

product (Picasa, for example), then an attacker could gain access to your

data in BigQuery, or any other Google API. Although XSS vulnerabilities

in Google sites are rare, it is safer to remove them as a possible risk. By

hosting APIs on a domain that does not have any web properties,

www.googleapis.com should be immune from XSS attacks.

API Selector

The API selector is how the Google API front-end servers can route your

calls to the right API. There are two parts of the API selector: name and

version. For BigQuery, the API name is, somewhat obviously, bigquery .

The BigQuery beta version introduced at Google IO in 2010 was version

v1 , but ever since it was launched publicly, the version has been v2 . In

the future, the active version number may change if breaking changes are

introduced.

The BigQuery team's philosophy on changes tends to be that API additions

can be made without a version number revision. For example, the ability to

run queries in dry run mode was added via an additional flag passed into

the query. Because there was no breaking change—it would only affect users

who explicitly used the flag—there was no need to change the version. Other

Google APIs have different criteria for increasing the version number.

One thing to note about the API version is that when it does change, the old

version is usually left running for a significant period of time—usually six

months to a year. Users of the old version may not use new features, but they

should continue to use the old feature sets without problems. This is why

the version number is included in the path, rather than just using something

Search WWH ::

Custom Search

Home