Windows Live has changed often lately, but if you were using CloudSponge you probably didn’t notice.
Windows Live has changed often lately, but if you were using CloudSponge you probably didn’t notice.
The happy news that accompanies this horn-blowing is that Windows Live has recently published their Outlook.com API which uses OAuth2.0 for authentication and provides access to raw email addresses once again. We have integrated with the new API and made it the default for all our customers.
What it means?
The data we’ve collected is positive, we’ve seen a 3- to 4-times increase in successful imports and a drop to near zero failed imports. If there was ever any question, this lower abandonment rate clearly indicates that the user experience is much better and more reliable than the CSV import.
For now the news is good but if/when Windows Live changes things again it will be our problem to fix it. CloudSponge will do its best to make sure you don’t notice it.
In case you haven’t been following this story for the last 4 years, here’s a list of some of the bigger events in our Windows Live timeline:
- 2009 – CloudSponge integrates with Windows Live Contacts API, using Delegated Authentication to pull contacts from Windows Live, MSN and Hotmail address books.
- 2010 – Messenger Connect API 4.1 is released. It returns ‘email_hashes’ instead of useable email addresses. Windows Live argues that this gives users more control over their own data (i.e. their own email addresses inside someone else’s address book).
- June, 2010 – Windows Live announces they will no longer support Windows Live Contacts API or Delegated Authentication. Integrators are directed to use Live Connect Contacts API v4.1 and v5.0. Windows blogs about why their new APIs return ‘email_hashes’ instead of actual email addresses.
- June 25, 2011 – Messenger Connect v4.1 is deprecated, replaced by Messenger Connect API v5.0
- April 11, 2012 – We reach out Microsoft asking for access to privileged APIs that return raw email addresses and are told ‘no’.
- April 17, 2012 – Windows Live changes the root url for their OAuth2.0 endpoints.
- July 25, 2012 – Windows Live officially deprecates their old Contacts API. The API continues to function, but documentation is no longer available.
- August 14, 2012 – Messenger Connect v4.1 ceases working.
- March 2013 – Windows Live Contacts API actually stops serving requests. CloudSponge transitions to our backup plan: CSV upload.
- Oct 28, 2013 – Windows Live publishes documentation on their Live Connect Outlook.com API which permits access to raw email addresses (and email_hashes).
- Nov 7, 2013 – CloudSponge migrates the user consent flow to OAuth2.0 and reenables it on our site.
This is not to complain about how often and unpredictably Windows Live has changed their MO. It is to let you know that we’ve been busy and kept on top of these changes, insulating our customers from the need to react suddenly to a broken import. As useful APIs have been removed, we’ve adjusted our integration so that we can continue to offer support for Windows Live address books.
Branding
The great news is that for customers who have branded the WL import UX, you don’t need to do anything. The old Windows Live DelAuth Consumer Credentials just work with the new OAuth2.0 flows, so your users are using the better user experience and seeing your branding.
Into the Future
Our integration makes use of undocumented features. It’s very possible that these features will change again and Windows Live will stop sharing email addresses with our application. However, if that does happen, our service will fall back to using the CSV import until a better option is available.
Microsoft is clearly having an internal debate about address book ownership. My guess is that they had enough feature requests from developers and users for the feature that they have decided to open it up. Is the move to permit sharing of other people’s email addresses a signal that users don’t worry about access to things like contacts? Will other big social networks follow suit?