advertisement

Data to Go: Mobile API Design (SXSW)

67 %
33 %
advertisement
Information about Data to Go: Mobile API Design (SXSW)
Technology

Published on March 10, 2014

Author: ecgreb

Source: slideshare.net

Description

Sildes for Data to Go: Mobile API Design @ SXSW 2014

http://schedule.sxsw.com/2014/events/event_IAP17442
advertisement

Data to Go Mobile API Design Matt Smollinger CTO & Co-Founder, Skaffl @mattsmollinger Chuck Greb Sr. Software Engineer, Mapzen @ecgreb #SXSW #DataToGo

About us Chief Technology Officer of Skaffl. com, Mobile Dev, and general geek. Mobile software craftsman, test- driven evangelist, and clean code connoisseur. Matt Smollinger CTO & Co-Founder, Skaffl @mattsmollinger Chuck Greb Sr. Software Engineer, Mapzen @ecgreb

Agenda ● Overview ● 3 Principles of (good) mobile API design ● Looking to the future

What is an API? An application programming interface (API) is a specification of how software components should interact with each other. In most cases an API is a library that includes specification for routines, data structures, object classes, and variables. http://en.wikipedia.org/wiki/Application_programming_interface

Remote Service API ● Web service ● Desktop, laptop, or mobile client ● Communication and protocol HTTP + JSON = <3

Web API Request

Mobile API Request Mobile API requests are generally slower and more prone to timeouts and other failures!

Yo ho ho and a few billion pageviews of RUM Josh Fraser, Torbit, 2012

How speed affects bounce rate (Fraser, 2012, p. 30)

How speed affects bounce rate (mobile) (Fraser, 2012, p. 34)

How speed affects user engagement (Fraser, 2012, p. 35)

How speed affects user engagement (mobile) (Fraser, 2012, p. 37)

The Three Little APIs Once upon a time...

Things users care about ● Speed ● Battery life ● Privacy

Public vs. Private APIs Is your API open to 3rd party developers?

3 Principles of Mobile API Design 1. Reduce round trips to the server 2. Control verbosity 3. Restrict access

Catomatic ● Node.js server (Express) ● iOS client ● Android client

Catomatic Node Instance: http://mostlygeeks.com:5000/ https://github.com/msmollin/sxsw_node https://github.com/msmollin/catomatic_ios https://github.com/ecgreb/catomatic

Reduce round trips to the server Principle #1

Resource constrained environment ● CPU ● memory ● bandwidth ● battery

Hardware comparison Moto X ● Snapdragon S4 Pro ● Dual-core ● 1.7 GHz ● 2GB RAM Apple iMac ● Intel Core i7 ● Quad-core + HT ● 3.4 GHz ● 8GB RAM (standard) ● Up to 32GB

Users are impatient ● Reduce network overhead ● Brevity trumps discoverability ● RESTful vs. RESTish

Mobile Performance from Radio Up Ilya Grigorik, Google, 2013

The (short) life of a web request (Grigorik, 2013, p. 20)

Watch those energy tails! (Grigorik, 2013, p. 23)

HSPA vs LTE (U.S.) (Grigorik, 2013, p. 37)

HSPA vs LTE (World) (Grigorik, 2013, p. 37)

Show me the cache ● Memory ● Disk ● Invalidation Chiu-Ki Chan Caching Strategies for Mobile Apps Philly ETE 2012 http://chiuki.github.io/mobile-caching-strategies/

- Phil Karlton "There are two hard things in computer science: cache invalidation, naming things, and off-by-1 errors."

Reduce round trips to the server Example #1 (Login)

Verify Password POST http://mostlygeeks.com:5000/api/verify_password Input { "email": "chuck@example.com", "password": "buddy" } Output { "user_id": 1 }

Profile GET http://mostlygeeks.com:5000/api/users/1 { "user_id": 1, "name": "Chuck Greb", "email": "chuck@example.com" }

Cats GET http://mostlygeeks.com:5000/cats [ { "cat_id": 1, "name": "Kaze", "age": 2, "small_photo_url": "http://example.com/images/kaze_small.jpg", "short_description": "Kaze is an energetic and playful cat." }, ... ]

Login (input) POST http://mostlygeeks.com:5000/login { "email": "chuck@example.com", "password": "buddy" }

Login (output) { "user": { "user_id": 1, "name": "Chuck Greb", "email": "chuck@example.com" }, "cats": [ { "cat_id": 1, "name": "Kaze", "age": 2 }, ... ] }

Control verbosity Principle #2

Low hanging fruit ● Remove empty data ● Remove irrelevant data ● GZIP compression

Time Data is Money - Benjamin Franklin

Sip, don’t chug. ● Less data is faster ● Less data is less expensive

Knobs and dials ● Pagination ● Sort ● Search ● Filter

Object Expansion Specify verbosity level on per request basis ● Abstract verbosity level ● Custom media type ● Specify response fields in the request ● Collection vs. resource

Abstract verbosity level http://example.com/api/cats?verbosity=3

Custom media type Accept: application/cat.simple+json http://developer.github.com/v3/media/

Specify response fields http://example.com/api/cats?fields=[cat_id,name,age]

Collection vs. resource http://example.com/api/cats http://example.com/api/cats/1

Control verbosity Example #2 (Master/detail)

Cats (collection) GET http://mostlygeeks.com:5000/cats Output [ { "cat_id": 1, "name": "Kaze", "age": 2, "photo_url": "http://example.com/images/kaze.jpg", "short_description": "Kaze is an energetic and playful cat." }, ... ]

Cat (resource) GET http://mostlygeeks.com:5000/cats/1 Output { "cat_id": 1, "name": "Kaze", "age": 2, "small_photo_url": "http://example.com/images/kaze_small.jpg", "short_description": "Kaze is an energetic and playful cat.", "large_photo_url": "http://example.com/images/kaze_large.jpg", "long_description": "Kaze is an energetic and playful cat who likes to..." }

Restrict access Principle #3

Identify the origin of all requests ● Application version ● User account ● Device type ● Operating system ● Network (IP) address ● etc.

Deny unauthorized requests ● Invalid credentials ● Rate limit ● Unsupported operating system ● Obsolete application version ● Blacklisted IP address

Protect sensitive data ● Personal data ● Proprietary data ● Critical URL Resources

Keep it secret. Keep it safe.

Mobile-friendly security Do ● HTTPS/SSL ● Access token header ● 2-step verification Don’t ● Session ● Cookies ● CSRF tokens ● OAuth* ● HMAC* *Unless your API is public

Wait... I thought OAuth was good? ● Which implementation? ● Designed for 3-legged communication over un-encrypted connections. ● Apps can be decompiled to determine hashing algorithm if done client-side. ● Introduces significant overhead. ● OAuth2 = Security Sadness

Restrict access Example #3 (Access token)

Login POST http://mostlygeeks.com:5000/login Input { "email": "chuck@example.com", "password": "buddy" } Output { "access_token": "Y2h1Y2tAZXhhbXBsZS5jb20", "cats": [ ... ] }

Looking to the future...

The Future...

...is now ● SPDY ● Binary Transfer Formats ○ Protobuf ○ BSON ○ Thrift ● Websockets ● HTTP 2.0

How was the session? FeedbackSXSW App Session Feedback 1. Express yourself 2. Help us get better 3.Earn rewards {Daily SXSW Posters + Grand Prizes} In 1 minute

done. Matt Smollinger CTO & Co-Founder, Skaffl @mattsmollinger Chuck Greb Sr. Software Engineer, Mapzen @ecgreb #SXSW #DataToGo

#sxsw presentations

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

SXSW PanelPicker

Data to Go: Mobile API Design. You spent the last 6 months building your company’s first mobile app. You endured long hours at the office gathering ...
Read more

Schedule | sxsw.com

Data to Go: Mobile API Design. ... please go here: https://sup.sxsw.com ... This workshop introduces a set of 3 principles for mobile API design that will ...
Read more

Schedule | sxsw.com

API design is an important component of developer experience. ... Data to Go: Mobile API Design ... please go here: https://sup.sxsw.com/schedule/IAP17442 ...
Read more

Schedule | sxsw.com

Digital design is becoming more fluid and less tethered ... Data to Go: Mobile API Design ... please go here: https://sup.sxsw.com/schedule ...
Read more

Schedule | sxsw.com

... please go here: https://sup.sxsw.com/schedule/IAP22681 So ... This is THE meet up of SXSW where mobile ad ... Data to Go: Mobile API Design Workshop ...
Read more

SXSW Panel Picker: Vote for these 13 ... - Technical.ly Philly

Technical.ly Philly. Philly; Baltimore; ... supporting these 13 talks from Philly tech scene members in SXSW’s Panel ... Data to Go: Mobile API Design: ...
Read more

Mobile Api | LinkedIn

View 152 Mobile Api posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn. ... Mobile and API events in 2016
Read more

AT&T Developer Program

Data; Data Science; design; Developer; ... jQuery Mobile; Location; Low Energy; LTE; M2M; M2X; M2X Data Service; marketing; messaging; messaging api ...
Read more