Keeping secrets safe with YQL Storage


Just FYI, this is not a discussion on self-help to keep you from divulging your deep and dark secrets in real life. It’s about YQL and the various web secrets such as API keys, Consumer Keys and other key-secrets for personal use which you’d rather not give out to anyone visiting your web applications.

With that disclaimer, let me jump right into the scenario that I’m talking about. There are quite a few YQL Open Data Tables such as Netflix Catalog, NY Times Article search, Amazon Product Advertising table etc which require a user to register and enter an API key and/or Secret into the query. Issuing a query in YQL Console for testing purposes seems great. You can see the results and ensure that the query is working as you desire before adding it into your webpage/webapp.

This YQL query can then be run, either by issuing a HTTP GET request call from your website or by directly embedding it in your webpage as part of the Javascript. In the former case, since you own the website, there is no need to hide the Consumer-Key and Secret. In the later case, where the query is directly embedded in the client-side JS code running in the browser, you run the risk of exposing your ConsumerKey and Secret which can then to be used to run various other queries on your behalf. In this post, I show how one can hide the secrets from the user and also lock down the secrets to a single table.
» Read more…

Shorten URL’s with Bitly using YQL

Bitly is a great URL shortener which also provides a very neat API. If you’re as API driven as me and love to automate the tasks around you, you’ll be happy to note that there is a new open data table that can shorten URL’s using YQL.
» Read more…

YQL Execute Screencast & Tutorial

On 29th April ’09 we released YQL Execute out into the open. You can find the actual release blog on We also released the following screencast which gives an overview of YQL Execute.

Here’s the direct link to the YQL Execute Screencast on YDN. In the screencast, Sam Pullara gives an introduction to YQL Execute and I follow it up with a demo to show the power of this new feature.

For folks who prefer to read and follow the tutorial instead, here is the transcript of the entire demo along with the YQL queries as well as the Open Data Tables used to create the examples.

» Read more…

YQL @ Open Hack Day Bangalore

I recently had the opportunity to give a tech talk on YQL at OpenHackday ’09 in Bangalore.

Open Hack Day was an awesome event. It was very well organized and provided the ideal medium for hackers to put forth their ideas. » Read more…

YQL Social Queries (FAQ)

YQL Queries FAQ:

YQL provides tables which let you access the social profiles, connections, contacts as well as updates of a Yahoo User. The actual apis around which YQL builds can be found at A compilation of questions and answers on the various social tables provided by YQL are listed below. More specifically, this post deals with questions about how to get the necessary data (guids) which can then be used for querying the social tables. » Read more…

OAuth-ify this: 2 Legged OAuth service for YQL

Introducing OAuth-ify/OAuthProxy, a service that performs two legged OAuth calls to backend webservices. As of today it only supports YQL.


With two-legged OAuth, there are only two parties involved i.e. the consumer of the api and the service provider. It doesn’t deal with user credentials or other private data that come into the picture with three-Legged OAuth. YQL is one of the services which uses OAuth exclusively for all webservice access. (apart from the console)
» Read more…

YQL: A query language for the Web

After months in hiding, I can finally talk about the stuff I’ve been working on.

I was involved in creating YQL and was responsible for leading the query engine implementation. I am very pleased to see it being released to the public today. Check out Jonathan’s talk which gives a great overview of YQL. (Jonathan’s posted about the YQL Launch here)

YQL adds the simplicity and self describable nature of SQL to the Web. In addition to this, you can also join disparate webservices with common keys. For example Yahoo’s “guid” can be used to join many common webservices which are keyed on “guid”s.
» Read more…

Duplicate Package Finder

It’s pretty common to encounter a situation where you want the following question answered.

“Find me the java packages in classpath ‘X’ which are already present in ‘Y’”
where X = Classpath of an application;
and Y = System Classpath or some other classpath

I wrote a small command line utility which answers this question and groks the list of duplicate patterns. For WebLogic Server users, this tool finds the duplicate packages and also emits some xml which can be pasted into ‘META-INF/weblogic-application.xml’ to ensure that the version in the application always wins.
» Read more…

JavaPolis ’06 Talk online

My JavaPolis ’06 talk on “Java EE Enhancements for Real World deployments” is now online here. I’ve uploaded a PDF version of the presentation which can be found here. The talk describes key enhancements in WebLogic Server such as Application Libraries, Side-by-Side deployment and deployment plans which aid in real world deployments. Do let me know if you have any comments or questions.

JavaPolis ’06 was held in Antwerp, Belgium from Dec 11th through 15th. It had all the elements of a perfect developer conference – Beer, geeks, frites and more geeks. Our bea booth had Lafe on tap which made it a lot easier to talk about very deep and serious topics :-)
Thanks to the JavaPolis organizers for making the talk available online. It’s easily one of the best java conferences I’ve ever been too. Unconventional and original! is how I’d summarize the conference in two words.

Inbox Zero

I came across this amazing talk by Merlin Mann. A must for every person who intends to be productive with Email.