building mobile friendly apis for connected apps | torey lomenda

of 41 /41

Author: mobcon

Post on 14-Jul-2015




1 download

Embed Size (px)


  • Mobile Friendly APIsConsiderations for Connected Mobile AppsTorey LomendaChief Technologist, Object Partners (OPI)

  • Mobile Friendly APIsAbout OPIFounded in 1996Java, Groovy, Mobile, Web, Open Source~ 100 EmployeesTwin Cities, OmahaChicago, DenverAverage Tenure over 5 Years

  • Mobile Friendly APIsLiving in a Mobile World

  • Mobile Friendly APIsWhat Users ExpectResponsive, connected apps...All The TimeRealityMobile ConstraintsNetwork Latency Runs on BatteryCPU

  • Mobile Friendly APIsMobile Apps Need

    Access to Online Data & ServicesRemembering Constraints

  • Mobile Friendly APIsFrom Web Apps to Mobile AppsEvolution of Connected Apps

  • Mobile Friendly APIsFocus on Web

  • Mobile Friendly APIsFocus on Interoperability

  • Mobile Friendly APIsFocus on Mobile (Web)

  • Mobile Friendly APIsAnother ChallengeThe move to Micro-services

  • Mobile Friendly APIsMartin Fowler Article (

  • Mobile Friendly APIsA Friendly APIUser PerspectiveDoesn't get in the way of a great UX

    Developer PerspectiveIs intuitive, a pleasure to integrate into codebase

  • Mobile Friendly APIsThe Rise of the Friendly Interface

  • Mobile Friendly APIsConnecting Apps Shouldn't Be Painful

  • Mobile Friendly APIsMobile APIStandardsSimple & FastCompletenessBest PracticesExtrasMobile API Considerations

  • Mobile Friendly APIs: StandardsWhatever Happened to SOA?

  • HTTP Request (Headers/Body)SOAP Envelope (WS-Basic)WS-SecurityWS-* StackXML PayloadInteroperabilityXML for data exchange

    HTTP for network protocol

    What could be better?Mobile Friendly APIs: StandardsDATA

  • From SOAP to REST



    ticker=GOOG{"price":534.5}Mobile Friendly APIs: Standards

  • RESTlike NOT RESTfulThe Essential PartsJSONPOST/GET RequestsAction & ParametersThe Other PartsPUT/DELETEHATEOS & HALengine of application state relational links Mobile Friendly APIs: Simple & Fast

  • RESTlike is Just FinePOST player/createPOST player/delete/$idPOST player/update/$id

    Mobile Friendly APIs: Simple & Fast

  • JSON is your FriendStay Consistent


    Only What is Needed

    Mobile Friendly APIs: Simple & Fast"player": {"name": "Torey Lomenda","number": "14","position": "center","funFacts":[...],"seasonStats": [...]}"team": {"name": "Lakeville Panthers""roster": [{"player_name": "Torey Lomenda","player_number": "14","player_position": "center",}]}NOT CONSISTENT

  • Mobile Friendly APIs: CompletenessAPI Granularity

    Design APIs by Screen

    Consider an API Gateway for Mobile

  • Mobile Friendly APIs: CompletenessAPI GranularityLazy APIs put the burden on the mobile app

    Minimize use of Network Completeness (avoid roundtrips)

  • Minimizing Use of NetworkHTTP Latency ~1 second for each request over 3G

    Battery drain as each network request requires power

    Mobile Friendly APIs: Completeness

  • API: Pure REST Approach213

  • API: Friendlier ApproachMobile Friendly APIs: Completeness123

  • Mobile Friendly APIs: Best PracticeDon't ForgetSlim It Down (gzip compression)Heavy Lifting on the serveraggregationserver-side caching strategies

  • Mobile Friendly APIs: Best PracticeAPI ErrorsManage errors on server-side

    Human-readable (ie: friendly) messages

  • Caching and Offline AccessHTTP Headers (Cache Control)Cache-Control: specify how to cache the datamax-age:

    ETag: "15f0fff99ed5aae4edffdd6496d7131f" Entity TagIf-None-Match: "15f0fff99ed5aae4edffdd6496d7131f"

    Last-modified: If-Modified: Mobile Friendly APIs: Best Practice

  • Intermittent Connectivity: Maintain StatePicking up where you left off.Keeping APIs statelessMobile-side: send current state from device through APIAPI-side: Merging & Conflict Resolution

    Mobile Friendly APIs: Best Practice

  • Mobile Friendly APIs: Best PracticeSecuring Your APIsBasic Auth/SSL

    Token-based approaches like OATH

    SSL Pinning (client checks server's certificate against a known copy of the certificate)

  • Batching Requests[{"method":"POST", "relative_url":"me/feed", "body":"message=Test status update&link="},{"method":"GET","relative_url":"me/feed?limit=1"}][{ "code": 200, "headers": [...], "body":"{...}" }, { "code": 200, "headers": [...], "body": "{...}}]Mobile Friendly APIs: Best PracticeReturn batch responses

  • Mobile Friendly APIs: Best PracticeBackground/Async ProcessingMaking multiple requests for a screen Don't hold up the UI

    HAL JSON ( Fetch linked data asynchronously

  • Neutral Testing of APIUseful Tools to Test APIs:RESTClientRunscopeMobile Friendly APIs: Best Practice

  • Mobile Friendly APIs: Best PracticeAPI VersioningIndicate Version to ClientVersion via URL (major version only)HTTP accepts-headerVersion in JSON DocumentJSON Formatblank-out fields no longer useddeprecated fieldsbackward compatible on minor version, breaking changes on major version

  • API Documentation Swagger Mashery I/O Docs

    Mobile Friendly APIs: Best Practice

  • Mobile Friendly APIs: ExtrasWhat's In a Protocol?(TCP/IP is Fabric of Internet Not HTTP)

  • Mobile Friendly APIs: ExtrasCustom Key/Value Pair (KVP)Taking message-passing efficiency to the next levelNot as friendly but fast. Consumption of messagesSerializing/Deserializing

  • Mobile Friendly APIs: ExtrasMQTT (Message Queue Telemetry Transport)What is ItLow overhead protocol with bandwidth and CPU limitations in mindpublish/subscribe message passingCan use JSON over MQTT

    Use CasesIn-app push notificationInternet of Things (device to device)Facebook Messenger App (Chat)

  • Mobile Friendly APIsReferencesFred Brunel- CTO WhereCloud


    Micro-services is about scaling components of a distributed system by their individual needs

    Can lead to a chatty appAPI A Programming Interface is a contract that defineswhat can and cannot be done when integrating with another system/component.

    Mobile API An API that integrates with system/components online over the Internet.

    Needs to be:- Simple- Fast- Complete- Secure (standards)De-normalize at the right levelAvoid roundtrippingDe-normalize at the right levelAvoid roundtrippingDe-normalize at the right levelAvoid roundtrippingAggregate on the Back-end via GatewayExample: Netflix Design APIs by:Thinking ScreensEntities to DisplayEntity ModelServices around the entitiesSetting Caching Policies in iOS and Android to enable Offline ModeEntity Tags are useful reference ids to documents/media downloaded and cached on deviceEntity tags as MD5 hashes are great for offline data syncingexample: Determining if you have up to date documents

    SSL Pinning is a way to build trust between API Consumer and the API ServerBe sure to cancel outgoing requests if you navigate away from the screen or activity