Click here to load reader
View
226
Download
1
Tags:
Embed Size (px)
Mobile Friendly APIsConsiderations for Connected Mobile AppsTorey LomendaChief Technologist, Object Partners (OPI)
Mobile Friendly APIsAbout OPIFounded in 1996Java, Groovy, Mobile, Web, Open Source~ 100 EmployeesTwin Cities, OmahaChicago, DenverAverage Tenure over 5 Years
Mobile Friendly APIsLiving in a Mobile World
Mobile Friendly APIsWhat Users ExpectResponsive, connected apps...All The TimeRealityMobile ConstraintsNetwork Latency Runs on BatteryCPU
Mobile Friendly APIsMobile Apps Need
Access to Online Data & ServicesRemembering Constraints
Mobile Friendly APIsFrom Web Apps to Mobile AppsEvolution of Connected Apps
Mobile Friendly APIsFocus on Web
Mobile Friendly APIsFocus on Interoperability
Mobile Friendly APIsFocus on Mobile (Web)
Mobile Friendly APIsAnother ChallengeThe move to Micro-services
Mobile Friendly APIsMartin Fowler Article (http://martinfowler.com/articles/microservices.html)
Mobile Friendly APIsA Friendly APIUser PerspectiveDoesn't get in the way of a great UX
Developer PerspectiveIs intuitive, a pleasure to integrate into codebase
Mobile Friendly APIsThe Rise of the Friendly Interface
Mobile Friendly APIsConnecting Apps Shouldn't Be Painful
Mobile Friendly APIsMobile APIStandardsSimple & FastCompletenessBest PracticesExtrasMobile API Considerations
Mobile Friendly APIs: StandardsWhatever Happened to SOA?
HTTP Request (Headers/Body)SOAP Envelope (WS-Basic)WS-SecurityWS-* StackXML PayloadInteroperabilityXML for data exchange
HTTP for network protocol
What could be better?Mobile Friendly APIs: StandardsDATA
From SOAP to REST
GOOG
534.5
ticker=GOOG{"price":534.5}Mobile Friendly APIs: Standards
RESTlike NOT RESTfulThe Essential PartsJSONPOST/GET RequestsAction & ParametersThe Other PartsPUT/DELETEHATEOS & HALengine of application state relational links Mobile Friendly APIs: Simple & Fast
RESTlike is Just FinePOST player/createPOST player/delete/$idPOST player/update/$id
Mobile Friendly APIs: Simple & Fast
JSON is your FriendStay Consistent
Completeness
Only What is Needed
Mobile Friendly APIs: Simple & Fast"player": {"name": "Torey Lomenda","number": "14","position": "center","funFacts":[...],"seasonStats": [...]}"team": {"name": "Lakeville Panthers""roster": [{"player_name": "Torey Lomenda","player_number": "14","player_position": "center",}]}NOT CONSISTENT
Mobile Friendly APIs: CompletenessAPI Granularity
Design APIs by Screen
Consider an API Gateway for Mobile
Mobile Friendly APIs: CompletenessAPI GranularityLazy APIs put the burden on the mobile app
Minimize use of Network Completeness (avoid roundtrips)
Minimizing Use of NetworkHTTP Latency ~1 second for each request over 3G
Battery drain as each network request requires power
Mobile Friendly APIs: Completeness
API: Pure REST Approach213
API: Friendlier ApproachMobile Friendly APIs: Completeness123
Mobile Friendly APIs: Best PracticeDon't ForgetSlim It Down (gzip compression)Heavy Lifting on the serveraggregationserver-side caching strategies
Mobile Friendly APIs: Best PracticeAPI ErrorsManage errors on server-side
Human-readable (ie: friendly) messages
Caching and Offline AccessHTTP Headers (Cache Control)Cache-Control: specify how to cache the datamax-age:
ETag: "15f0fff99ed5aae4edffdd6496d7131f" Entity TagIf-None-Match: "15f0fff99ed5aae4edffdd6496d7131f"
Last-modified: If-Modified: Mobile Friendly APIs: Best Practice
Intermittent Connectivity: Maintain StatePicking up where you left off.Keeping APIs statelessMobile-side: send current state from device through APIAPI-side: Merging & Conflict Resolution
Mobile Friendly APIs: Best Practice
Mobile Friendly APIs: Best PracticeSecuring Your APIsBasic Auth/SSL
Token-based approaches like OATH
SSL Pinning (client checks server's certificate against a known copy of the certificate)
Batching Requests[{"method":"POST", "relative_url":"me/feed", "body":"message=Test status update&link="},{"method":"GET","relative_url":"me/feed?limit=1"}][{ "code": 200, "headers": [...], "body":"{...}" }, { "code": 200, "headers": [...], "body": "{...}}]Mobile Friendly APIs: Best PracticeReturn batch responses
Mobile Friendly APIs: Best PracticeBackground/Async ProcessingMaking multiple requests for a screen Don't hold up the UI
HAL JSON (http://stateless.co/hal_specification.html) Fetch linked data asynchronously
Neutral Testing of APIUseful Tools to Test APIs:RESTClientRunscopeMobile Friendly APIs: Best Practice
Mobile Friendly APIs: Best PracticeAPI VersioningIndicate Version to ClientVersion via URL (major version only)HTTP accepts-headerVersion in JSON DocumentJSON Formatblank-out fields no longer useddeprecated fieldsbackward compatible on minor version, breaking changes on major version
API Documentation Swaggerhttps://helloreverb.com/developers/swagger Mashery I/O Docshttp://www.mashery.com/product/io-docs
Mobile Friendly APIs: Best Practice
Mobile Friendly APIs: ExtrasWhat's In a Protocol?(TCP/IP is Fabric of Internet Not HTTP)
Mobile Friendly APIs: ExtrasCustom Key/Value Pair (KVP)Taking message-passing efficiency to the next levelNot as friendly but fast. Consumption of messagesSerializing/Deserializing
Mobile Friendly APIs: ExtrasMQTT (Message Queue Telemetry Transport)What is ItLow overhead protocol with bandwidth and CPU limitations in mindpublish/subscribe message passingCan use JSON over MQTT
Use CasesIn-app push notificationInternet of Things (device to device)Facebook Messenger App (Chat)
Mobile Friendly APIsReferencesFred Brunel- CTO WhereCloudhttps://speakerdeck.com/fbrunel/mobile-api-design-techniques
Articlehttp://natashatherobot.com/best-practices-mobile-friendly-apis/
Micro-services is about scaling components of a distributed system by their individual needs
Can lead to a chatty appAPI A Programming Interface is a contract that defineswhat can and cannot be done when integrating with another system/component.
Mobile API An API that integrates with system/components online over the Internet.
Needs to be:- Simple- Fast- Complete- Secure (standards)De-normalize at the right levelAvoid roundtrippingDe-normalize at the right levelAvoid roundtrippingDe-normalize at the right levelAvoid roundtrippingAggregate on the Back-end via GatewayExample: Netflix Design APIs by:Thinking ScreensEntities to DisplayEntity ModelServices around the entitiesSetting Caching Policies in iOS and Android to enable Offline ModeEntity Tags are useful reference ids to documents/media downloaded and cached on deviceEntity tags as MD5 hashes are great for offline data syncingexample: Determining if you have up to date documents
SSL Pinning is a way to build trust between API Consumer and the API ServerBe sure to cancel outgoing requests if you navigate away from the screen or activity