Google's New Gmail API Could Reinvent Email

If you're a developer, email probably isn't the most exciting technology today, but Google just made it a lot more interesting thanks to the new Gmail API it announced Wednesday at the Google I/O developer conference.

Using the Gmail API, developers can now access and manipulate Gmail much like they would a database, performing CRUD (create, read, update, delete) operations on email messages as well as attachments, drafts, threads and labels. The API supports the same advanced search operators that Gmail's web-based interface offers, giving developers the ability to find and filter messages and threads by specific criteria. Additionally, a history API method allows applications to sync with Gmail without having to track changes internally.

The Gmail API is RESTful, uses OAuth 2.0 for authorization and can return responses in JSON, XML and Google Protobuf formats. Developers are limited to 1 million quota units per day and 10 queries per second per user. In addition, there are usage limits associated with individual API methods. In an effort to spur adoption, Google has created quick-start guides for Java, Python and .NET.

A company called Streak, which offers a Gmail-based CRM solution, appears to be one of the earliest developers to use the Gmail API. It employed the new API to build a snooze function that allows Gmail users to archive a message until a scheduled time, at which point it is moved back into the user's inbox for attention. According to Streak co-founder Aleem Mawani, himself a former product manager at Google, "The API is really nice to use and makes interacting with Gmail way easier relative to IMAP."

More Than Just a New Platform

As The Wall Street Journal's Alistair Barr and Rolfe Winkler observe, the Gmail API "is a first step toward turning Gmail into a platform for developers who want to leverage the contents of users' email for productivity and other applications. A travel app, for example, could scan your email inbox for booking confirmations and automatically compile them into an itinerary. An expense app can dig through your inbox for receipts and automatically file them to your cloud-based account."

They note that with more 66 of the top universities, 5 million businesses and more than 400 million users, Gmail is "one of the world's largest online services."

That impressive audience makes Gmail incredibly attractive as a platform, but it would be a mistake to think of Gmail as just another platform. If Google can realize its vision for Gmail, application developers will not only have a large new distribution channel to tap into, they'll have the opportunity to reinvent how hundreds of millions of people use email.

At the core of that is one of the Gmail API's most important features: fine-grained access control. When users authorize an application that utilizes the Gmail API, developers can request access based on one of four authorization scopes. Full access grants an application full access to a Gmail account; modify access gives an application the ability to perform read and write operations but not permanent deletions; read-only access allows applications to retrieve content only; and compose access enables applications to send messages and perform create, write update and delete operations on drafts only.

With the addition of fine-grained access control, developers can more easily create and, more importantly, market new kinds of email-centric applications that perform specific functions. For instance, a developer could build an application that automatically sends a follow-up message to sales prospects after a certain period of time if an outgoing email never received a response. Or a developer could create new kinds of visualization and analytics applications that help Gmail users better understand their email activity.

While it has technically been possible to build these kinds of applications using IMAP, a TCP-based email protocol that has been around since the 1980s, IMAP-based applications require full access to a user's email account regardless of whether it's really needed or not. With the new Gmail API, developers can request only the level of access their applications need, and users will have a clear understanding of the access they're granting at the time they authorize applications. With OAuth, users also have the comfort of being able to revoke an application's access without having to reset their passwords.

Will this be enough to reduce the privacy and security concerns that many users are likely to have when it comes to giving third-party applications access to their email accounts? Time will tell, but if Google is able to grow a meaningfully large and vibrant Gmail application ecosystem with its API-based approach, the Gmail API could prove to be one of Google's most important launches in recent memory, and it could make email one of the next big things on the Internet for the second time in its relatively short life.

Be sure to read the next Email article: Inbox Launches Revolutionary Email Platform