building enterprise mobile backends with open source platforms

Building Enterprise Mobile Backends with Open Source Platforms
Antonio Calanducci

In the last couple of years several Mobile Backend as a Service (MBaaS) providers are hitting the market offering varying level of services and features. While those services are great to have backends for mobile and web apps ready in minutes and often without writing any server side code, those solutions are not always suitable in the enterprise context, where security and data privacy are key requirements. Moreover, most of the MBaaS on the market, while sharing similar features, such as User Management, Photo Collections, Custom Objects, Push Notifications and Social Network integration, often don't offer capabilities of connecting to existing data. In this workshop, we introduce two open source platforms, DreamFactory and LoopBack, that permit to create custom Backends on your data center or in your own cloud hosting. This allows a company to use the same deployment and management practices that they are already using for other applications. They don?t need to trust external MBaaS providers that could have potentially access to their data. In particular, we illustrate how those platforms permit to securely expose existing data coming from different source, building CRUD REST APIs to be consumed by mobile clients and HTML5 web apps. Data sources could be relational or non-relational database or in turn other REST APIs, with the ability to create relations and associations between them. Additionally API access can be restricted with user authentication and authorization implementing Access Control Lists.After demoing the two platforms, we will provide a comparison between them.


Building Enterprise Mobile Backends with Open Source Platforms

Antonio Calanducci

Overview of mBaaS features

Enterprise requirements for mobility

DreamFactory, the open source REST API platform


Build your own mobile backend with LoopBack


About meFounder of EtnaTraining

Appcelerator Training Partner

Titanium Certified Instructor / Developer

Tecnologyst@National Institute of Nuclear Physics and contract professor@University of Catania, Italy

Consultant at World Food Programme, Rome


[email protected]

BaaS OverviewAcronym of “Backend as a Service”

APIs that offer a set of predefined services out of the box for application developers

Example of services:

Users, Files, Collections, Custom Objects, Email, Photos, Social Integrations, Analytics

Push Notifications, Locations, Geofencing (m)

mBaaS: m stands for “mobile”

Benefits of mBaaSReduce server side coding (or in some simpler cases, eliminate)

developers can focus on front-end development; faster schedules

often providers offer SDKs that wrap REST API calls and handle in/out parameters:

both HTML/JS and native (iOS, Android, Windows Phone)

No server setup hassle, ready to use

Deployed on the cloud, with built-in scalability

Popular mBaaS providersParse (acquired by Facebook)

JSON Objects, Social, Local Datastore, Custom server-side login, Push

20Gb storage/2TB transfer/1M recipients/30req/s


AuthLinks/OAuth/Data encryption

100 active users/2Gb/5M push-emails

Appcelerator Cloud Services (ACS)

20built-in services, 5M API calls per month, 20Gb, 250k API calls per day, Custom Server-side with Node.js

Commercial mBaaS for enterprise?Generally data backed on NoSQL db

Enterprise requirements:

generally uses SQL db

integrate with legacy databases

access (structured) relational data with ACLs

Biggest problems: data privacy

where data is stored? who has access to it? is data replicated? disaster recovery plans

Data lock-in

Any solution?

Build your OWN mBaaS and deploy it on-premises

(or your virtual private cloud)

DreamFactory: enter the Service PlatformProvides access to backend services through a standard REST APIs to:

local and remote SQL Services

storage services

NoSQL databases

No lock-in:

backend can be swapped while app is running or switched easily from development, test, production environments

no need to recode client apps

Cloud Lock-inThe API Jungle!


Different interfaces, security models, and!

user permissions!






DreamFactory Service Platform


Unified interface,!security model, and!user permissions!






DreamFactory: featuresOpen Source


Deployable in the Cloud or on-premises

Amazon/VMWare/Azure VMs, BitNami installer

Packages for Linux Distros (RedHat, Ubuntu, Debian)

User management, user roles and permissions, and secure password hashing

Flexible access control over applications, services, files, and database CRUD permissions

DreamFactory: featuresSupported SQL DBs:

MySQL, PostgreSQL, MSSql (Oracle soon)

Supported NoSQL DBs:

MongoDB, CouchDB, DynamoDB, Azure Tables

Storage Supported:

Amazon S3, LocalStorage, OpenStack, Azure BLOB

External WebService (SOAP/REST), OAuth supported with Portal Service

Custom server side scripts with JavaScript (V8 engine)

DreamFactory architecture

DreamFactory: client SDKNative Mobile Clients:

iOS, Android, Windows 8


AngularJS, Sencha, jQuery, PhoneGap/Cordova

Titanium SDK since version 1.5

Titanium Classic, wrapper over HTTP with Promises

DreamFactory Demo

Getting started with DreamFactoryDownload the Bitnami installer or VM images at:

or sign up for the Free Hosted Edition at:

Open you browser at:


and login to the DSP LaunchPad with your admin credentials

Create a new App, create a new Table (Schema panel), populate the table (Data panel), browse the table via API/SDK panel


DSP REST APIsCreate an User and a Role, assign the Role to the created App and assign the Database service to the Role

Login the user with:

curl -X POST -d '{"email": "[email protected]", "password": "pippo1234"}' http://localhost:8080/rest/user/session?app_name=Todo

Keep note of the returned session_id

Fetch all the records with:

curl -H "X-DreamFactory-Session-Token: 8rena0119llqjagvfdn08kh6f2" http://localhost:8080/rest/db/todo2?app_name=todo

Add some records with:

curl -X POST -H "X-DreamFactory-Session-Token: 8rena0119llqjagvfdn08kh6f2" -d '{"title":"new todo", "location": "somewhere", "completed": false}' http://localhost:8080/rest/db/todo2?app_name=todo

Access your existing SQL DBCreate a new service of type Remote SQL DB

API name is the REST endpoint

Set the Username and Password to your DB

Set the connection string to the DB:


Add the new created services to the previous created Role

Access your DB through REST APIs:

curl -H "X-DreamFactory-Session-Token: gpapq4itp198g6c38sk3gvr9j3" ‘http://localhost:8080/rest/etna/wp_posts?app_name=Todo&limit=1&post_type=feedback'

Titanium DreamFactorySimple wrapper over DSP REST APIs available here:

Use JS Promises to avoid callback hell

Provided as a Common.JS module:

include dreamfactory.js and Promises.js

A simple GET request looks like this:


Trainees appSimple Titanium Alloy App that fetches Trainees that attend to EtnaTraining classes on Titanium

DSP used to access the www.etnatraining.itWordPress backend

Source code available at:


DreamFactory featuresApp hosting for HTML5 apps

Lookup keys

Connect to existing users in SQL or NoSQL

Server Side Filters

Fine grained table permissions based on user, role, application

Server side events

events can trigger custom scripts on select, update, insert, delete, describe



LoopBack Open Source API framework powered by Node.js

Made by StrongLoop

Developers of a commercial version of Node.js with clustering and monitoring support

contributors to Node.js and several npm packages

Allows to create REST APIs on top of enterprise data

Provides built-in services to handle:

Push Notifications, Geolocation, Offline replication and synchronization, File Storage

LoopBack ModelsREST APIs are based on Models

defined based on existing schema (both relational and no relational)

open model (free form)

can be discovered automatically

can be synchronized if developer change model definition

can be defined in code with JavaScript APIs (both in the client and in the server, isomorphic JS) and/or in JSON file with LDL (LoopBack Definition Language)

LoopBack ConnectorsAllows models to talk to different data sources. Available connectors:

MySQL, PostgreSQL, Oracle, MSSql



NoSQL Db (MongoSQL)

LoopBack Architecture

LoopBack featuresModel relations support

define hasMany, belongsTo, hasAndBelongsToMany relationships

User authentication and authorization for models:

oAuth user and registration models

Fine grained Role-based access control list

offline support and data replication (new!)

custom remote method definition with events

Getting started with LoopbackInstall with npm:

npm install -g strong-cli

Create a LoopBack project

slc lb project mybackend

Create a model interactively

cd mybackend

slc lb model todo -i

slc lb model anything (free form model)

Run your loopback app:

node app

Browse your REST API at:


Let’s play with the REST APIsOur todos model is available at:


Create some todo model instances:

curl -X POST -H "Content-Type:application/json" -d '{"title": "Buy the milk", "location": "Amsterdam", "completed": false}' http://localhost:3000/api/todos

Retrieve all the completed todos:

GET to http://localhost:3000/api/todos?filter[where][completed]=true

curl 'http://localhost:3000/api/todos?filter%5Bwhere%5D5Bcompleted%5D=true'

Make the model instances persistentCreate a datasource:

slc lb datasource mylocaldb --connector mysql

Install the loopback-connector-mysql

npm install loopback-connector-mysql

Edit the datasources.json:


Change models.json and set:

"dataSource": "mylocaldb"

PS: You have to had previously created the todo table into the db

Model discovery from SQL dbLoopback provides methods to create model from existing data:

Create first the datasource in datasources.json:


Call the method discoverSchema() or discoverAndBuildModels() on the defined datasources:

run discovery.js:



node discovery.js >> wp_posts.json

add the discovered models to models.json

Some query example with filtersLimit the number of entries


Select only given fields:


Select only fields with a given value:


Page 35: Building Enterprise Mobile Backends with Open Source Platforms

Model synchronization with SQL dbWe have seen how to access pre-existing data on SQL DBs

But we can also define new models and Loopback can create or update DB schema for us:

Define the datasource

Define the new schema(you can also in code)

call the ds.automigrate() method

WARNING: if the schema alreadyexists in the DB, it will be droppedand all data lost

Model synchronization with SQL dbWe can also alter the model without destroying existing data, if we change our Model:

Define the datasource

Define the new schema(this can also be done in code)

call the ds.autoupdate() method

Loopback will calculate thedifferences between the new modeland table schema definition

Loopback SDKsNative Mobile SDKs:

iOS (Objective-C), Android (Java)

Browser SDKs:

Angular.JS (isomorphic LoopBack)


Titanium SDK?

Option 1: Use the REST API

Option 2: Alloy Wrapper (in progress) made by Aaron Saunders:

DreamFactory vs LoopBack

DreamFactory LoopBack

No code required CLI helps, but definitively required

Super easy to use Learning curve can be quite steep

customization is limited (server side scripts/events)

great customization of your REST API: it’s a platform and

you build an appClassical Horizontal scaling if

you deploy on the Cloud (OpenShift)

easy to scale and monitor with StrongLoop cluster support and


Currently not supported, but soon available

Provide specific mobile services: cross-platfom push

notification, geolocation

ReferencesDreamFactory homepage

DreamFactory Documentation

Loopback home page:

Loopback documentation

Thank you!