Building Mobile Friendly APIs For Connected Apps | Torey Lomenda

Mobile Friendly APIsConsiderations for Connected Mobile AppsTorey LomendaChief Technologist, Object Partners (OPI)

Mobile Friendly APIsAbout OPIFounded in 1996Java, Groovy, Mobile, Web, Open Source~ 100 EmployeesTwin Cities, OmahaChicago, DenverAverage Tenure over 5 Years

Mobile Friendly APIsLiving in a Mobile World

Mobile Friendly APIsWhat Users ExpectResponsive, connected apps...All The TimeRealityMobile ConstraintsNetwork Latency Runs on BatteryCPU

Mobile Friendly APIsMobile Apps Need

Access to Online Data & ServicesRemembering Constraints

Mobile Friendly APIsFrom Web Apps to Mobile AppsEvolution of Connected Apps

Mobile Friendly APIsFocus on Web

Mobile Friendly APIsFocus on Interoperability

Mobile Friendly APIsFocus on Mobile (Web)

Mobile Friendly APIsAnother ChallengeThe move to Micro-services

Mobile Friendly APIsMartin Fowler Article (http://martinfowler.com/articles/microservices.html)

Mobile Friendly APIsA Friendly APIUser PerspectiveDoesn't get in the way of a great UX

Developer PerspectiveIs intuitive, a pleasure to integrate into codebase

Mobile Friendly APIsThe Rise of the Friendly Interface

Mobile Friendly APIsConnecting Apps Shouldn't Be Painful

Mobile Friendly APIsMobile APIStandardsSimple & FastCompletenessBest PracticesExtrasMobile API Considerations

Mobile Friendly APIs: StandardsWhatever Happened to SOA?

HTTP Request (Headers/Body)SOAP Envelope (WS-Basic)WS-SecurityWS-* StackXML PayloadInteroperabilityXML for data exchange

HTTP for network protocol

What could be better?Mobile Friendly APIs: StandardsDATA

From SOAP to REST

GOOG

534.5

ticker=GOOG{"price":534.5}Mobile Friendly APIs: Standards

RESTlike NOT RESTfulThe Essential PartsJSONPOST/GET RequestsAction & ParametersThe Other PartsPUT/DELETEHATEOS & HALengine of application state relational links Mobile Friendly APIs: Simple & Fast

RESTlike is Just FinePOST player/createPOST player/delete/$idPOST player/update/$id

Mobile Friendly APIs: Simple & Fast

JSON is your FriendStay Consistent

Completeness

Only What is Needed

Mobile Friendly APIs: Simple & Fast"player": {"name": "Torey Lomenda","number": "14","position": "center","funFacts":[...],"seasonStats": [...]}"team": {"name": "Lakeville Panthers""roster": [{"player_name": "Torey Lomenda","player_number": "14","player_position": "center",}]}NOT CONSISTENT

Mobile Friendly APIs: CompletenessAPI Granularity

Design APIs by Screen

Consider an API Gateway for Mobile

Mobile Friendly APIs: CompletenessAPI GranularityLazy APIs put the burden on the mobile app

Minimize use of Network Completeness (avoid roundtrips)

Minimizing Use of NetworkHTTP Latency ~1 second for each request over 3G

Battery drain as each network request requires power

Mobile Friendly APIs: Completeness

API: Pure REST Approach213

API: Friendlier ApproachMobile Friendly APIs: Completeness123

Mobile Friendly APIs: Best PracticeDon't ForgetSlim It Down (gzip compression)Heavy Lifting on the serveraggregationserver-side caching strategies

Mobile Friendly APIs: Best PracticeAPI ErrorsManage errors on server-side

Human-readable (ie: friendly) messages

Caching and Offline AccessHTTP Headers (Cache Control)Cache-Control: specify how to cache the datamax-age:

ETag: "15f0fff99ed5aae4edffdd6496d7131f" Entity TagIf-None-Match: "15f0fff99ed5aae4edffdd6496d7131f"

Last-modified: If-Modified: Mobile Friendly APIs: Best Practice

Intermittent Connectivity: Maintain StatePicking up where you left off.Keeping APIs statelessMobile-side: send current state from device through APIAPI-side: Merging & Conflict Resolution

Mobile Friendly APIs: Best Practice

Mobile Friendly APIs: Best PracticeSecuring Your APIsBasic Auth/SSL

Token-based approaches like OATH

SSL Pinning (client checks server's certificate against a known copy of the certificate)

Batching Requests[{"method":"POST", "relative_url":"me/feed", "body":"message=Test status update&link="},{"method":"GET","relative_url":"me/feed?limit=1"}][{ "code": 200, "headers": [...], "body":"{...}" }, { "code": 200, "headers": [...], "body": "{...}}]Mobile Friendly APIs: Best PracticeReturn batch responses

Mobile Friendly APIs: Best PracticeBackground/Async ProcessingMaking multiple requests for a screen Don't hold up the UI

HAL JSON (http://stateless.co/hal_specification.html) Fetch linked data asynchronously

Neutral Testing of APIUseful Tools to Test APIs:RESTClientRunscopeMobile Friendly APIs: Best Practice

Mobile Friendly APIs: Best PracticeAPI VersioningIndicate Version to ClientVersion via URL (major version only)HTTP accepts-headerVersion in JSON DocumentJSON Formatblank-out fields no longer useddeprecated fieldsbackward compatible on minor version, breaking changes on major version

API Documentation Swaggerhttps://helloreverb.com/developers/swagger Mashery I/O Docshttp://www.mashery.com/product/io-docs

Mobile Friendly APIs: Best Practice

Mobile Friendly APIs: ExtrasWhat's In a Protocol?(TCP/IP is Fabric of Internet Not HTTP)

Mobile Friendly APIs: ExtrasCustom Key/Value Pair (KVP)Taking message-passing efficiency to the next levelNot as friendly but fast. Consumption of messagesSerializing/Deserializing

Mobile Friendly APIs: ExtrasMQTT (Message Queue Telemetry Transport)What is ItLow overhead protocol with bandwidth and CPU limitations in mindpublish/subscribe message passingCan use JSON over MQTT

Use CasesIn-app push notificationInternet of Things (device to device)Facebook Messenger App (Chat)

Mobile Friendly APIsReferencesFred Brunel- CTO WhereCloudhttps://speakerdeck.com/fbrunel/mobile-api-design-techniques

Articlehttp://natashatherobot.com/best-practices-mobile-friendly-apis/

Micro-services is about scaling components of a distributed system by their individual needs

Can lead to a chatty appAPI A Programming Interface is a contract that defineswhat can and cannot be done when integrating with another system/component.

Mobile API An API that integrates with system/components online over the Internet.

Needs to be:- Simple- Fast- Complete- Secure (standards)De-normalize at the right levelAvoid roundtrippingDe-normalize at the right levelAvoid roundtrippingDe-normalize at the right levelAvoid roundtrippingAggregate on the Back-end via GatewayExample: Netflix Design APIs by:Thinking ScreensEntities to DisplayEntity ModelServices around the entitiesSetting Caching Policies in iOS and Android to enable Offline ModeEntity Tags are useful reference ids to documents/media downloaded and cached on deviceEntity tags as MD5 hashes are great for offline data syncingexample: Determining if you have up to date documents

SSL Pinning is a way to build trust between API Consumer and the API ServerBe sure to cancel outgoing requests if you navigate away from the screen or activity