From their press release:

Online travel itinerary and trip planning service TripIt (www.tripit.com) today announced the availability of a new API (Application Programming Interface) for developers to create software applications that integrate with TripIt travel itineraries. The TripIt API is the travel industry’s first open API for sharing travel itinerary information between travel websites, travel suppliers, travel agents and related travel services. TripIt is an open travel platform that already supports bookings from more than 350 travel-related sites and works with partners including LinkedIn, Microsoft Windows Live and Sabre VirtuallyThere. With the new TripIt API, any developer can now build an application that integrates with TripIt, including the first ones from Expens’d, FlightTrack and Where I’ve Been. Developers can access the TripIt API at www.tripit.com/developer.

…

This first version of the TripIt API enables applications to read, add or delete trip plans in TripIt, while allowing TripIt travelers to control how applications access and use their data. More details at www.tripit.com/developer.

The REST API uses standard OAuth authentication to allow applications to safely access the Netflix service on a subscriber’s behalf without requesting his user name or password. A simpler subset of OAuth can be used to access REST API resources that do not require subscriber authorization, such as the catalog.

At the time, it wasn’t necessarily clear what this meant, or where we would see OAuth get used.

A few months later, it’s clear that OAuth is under the hood in “activation” transactions on the TiVo, the Xbox and the Samsung Blu-ray player.

And today, in David Pogue’s NYTimes column announcing the winners of the fourth annual Pogie Awards, Netflix’s innovative service was given top billing:

NETFLIX AS A SOFTWARE FEATURE “There’s a reason we didn’t call the company ‘DVDs by Mail,’ ” Netflix’s chief executive, Reed Hastings, often says. And sure enough: no DVDs are involved in Netflix’s latest assault on the American home theater. With Netflix Instant Viewing, there are no time limits, no copy protection, no waiting for movie files to download; the movie simply streams from the Internet as you watch.

You’re not billed by the movie; in fact, you’re not billed at all. Unlimited streaming movies are free with any DVD-by-mail plan over $9.

Originally, you had to watch on your computer (Windows, and now Mac). But who wants to watch movies sitting at a desk?

Bit by bit, Netflix has been bringing this feature to your TV by cleverly piggybacking on other companies’ set-top boxes. Netflix Instant Viewing is now a feature of the TiVo, XBox 360, and Blu-ray players from LG and Samsung. Or you can get Roku’s $100 Netflix Player box, which does the job beautifully all by itself.

The 12,000 available movies generally aren’t recent ones. But there’s a lot to be said for instant gratification, especially when it’s free.

It’s worth recognizing that this experience was crafted using open technologies like OAuth and ATOM. And for the end user, the experience is as seamless and smooth as one would hope, or more likely, expect.

Cheers, Netflix!

Iron Money’s API allows developers to build tools that leverage the financial data they upload to Iron Money. The API gives developers read, write, and delete access to all of the data they store in Iron Money. The API features OAuth for authorization and OpenID support will be coming sometime in the next few months.

Documentation is available as well as a PHP-based client library for interacting with the service.

If you want to sign up and give it a try, free registration is now open (as Chasen said, OpenID is coming soon).

According to the proposed new features list for WordPress 2.7, OAuth should be coming to WordPress core.

This follows a tweet from Matt Mullenweg indicating his desire to add support for the protocol a month ago.

We develop using simple, proven, open standards and have built a RESTful API including oAuth, XML, JSON – available for all who want to engage. With the API you can access the entire SoundCloud service from your favorite tools and languages. We have tried to make it as simple as possible while still keeping things secure and powerful.

To get an invite into SoundCloud, developers can sign up here.

If you’re one of the lucky folks that’s been able to upgrade your iPhone (and activate it) to the 2.0 firmware, I encourage you to give the Pownce application a try, if only to see a real world example of OAuth in action (that link will open in iTunes).

Here’s how it goes in pictures:

And the actual flow:

1. Launch the Pownce app. You’ll be prompted to login in at Pownce.com
2. Pownce.app launches Pownce.com via an initial OAuth request; here you signin to your Pownce account using your username or password (if Pownce supported OpenID, you could signin with OpenID as well).
3. Once successfully signed in to your account, you can grant the Pownce iPhone app permission to access your account.
4. Once you click Okay, which is basically a pownce:// protocol link that will fire up Pownce.app to complete the transaction.

There are three important aspects of this:

• First, you’re not entering your username and password into the Pownce application — you’re only entering it into the website. This might not seem like a great distinction, but if a non-Pownce developed iPhone application wanted to access or post to your Pownce account, this flow could be reused, and you’d never need to expose your credentials to that third party app;
• Second, it creates room for the adoption of OpenID — or something other single sign-on solution — to be implemented at Pownce later on, since OAuth doesn’t specify how you do authentication.
• Third, if the iPhone is lost or stolen, the owner of the phone could visit Pownce.com and disable access to their account via the Pownce iPhone app — and not need to change their password and disrupt all the other services or applications that might already have been granted access.

Personally, as I’ve fired up an increasing number of native apps on the iPhone 2.0 software, I’ve been increasingly frustrated and annoyed at how many of them want my username and password, and how few of them support this kind of delegated authorization flow.

If you consider that there are already a few Twitter-based applications available, and none of them support OAuth (Twitter still has yet to implement OAuth), in order to even test these apps out, you have to give away your credentials over and over again. Worse, you can guarantee that a third-party will destroy your credentials once you’ve handed them over, even if you uninstall the application.

These are a few reasons to consider OAuth for iPhone application development and authorization. Better yet, Jon Crosby’s Objective-C library can even give you a head start!

Hat tip to Colin Devroe for the suggestion.

API documentation is available for using OAuth for end-user authentication (authorization).

we are pleased to announce the release of an OCaml binding to the API. You can find it on our developer downloads page.

As part of our API design we decided to use OAuth, so you can allow applications to access your data without giving away your Skydeck username and password. We are also pleased to announce the release of ooauth, an OCaml implementation of OAuth.

Ooauth implements both the consumer and service provider parts of OAuth (we use it in our server and in the API binding above), so you can use it to implement your own API or to consume the many APIs that use OAuth, such as the Google Data APIs. It is also available on the developer downloads page.

I just wanted to officially announce the release of OAuth for Spring Security. I’ve had a working implementation now for quite some time, but I wanted to delay the official release until Spring Security 2.0 was released.

My hope is that this new library will make OAuth more accessible to the Java development community, a large percentage of which is already using Spring and Spring Security. I suspect that this will also make OAuth accessible to users of Grails (which is also built on Spring).

Geoffrey McCaleb has summarized the benefits:

What does that mean? Think of oauth as OpenID for data. Currently, if you wish to setup full bookmark syncing with your del.icio.us account, you need to provide us with your credentials. Hey, we are not going to skip town with that data or sell them to spammers, but how do YOU know that we aren’t?

In steps oauth. Our first target integration is with the excellent Ma.gnolia service. In fact, we owe a lot to our implementation to both Todd Sieling at Ma.gnolia (for getting us excited about oauth), and Andy Smith for providing a nice tidy library which was easy to extend for our use.

What does that mean for you? Well now you can sync your bookmarks with your Ma.gnolia account, and as other services around the web roll out oauth support, we will be able to hook into them rather quickly. We like easy things that bring great benefit, if only life was like that.