Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines

Creating Rich   Server API’s for   your Mobile Apps Jonathan Guthrie PerfectlySoft Inc. www.perfect.org @iamjono Best Practices & Guidelines

Meta-Themes • authentication • analytics • structure • deployment • documentation Creating Rich Server API’s for your Mobile Apps

Authentication • Local authentication • OAuth2 • And the others like SPENGO, LDAP Creating Rich Server API’s for your Mobile Apps

Local Authentication Creating Rich Server API’s for your Mobile Apps { “user”: “me”, “pwd”: “iHeartSwift” } { “token”: “qwerty123” } Initial interaction

Local Authentication Creating Rich Server API’s for your Mobile Apps Header: Authorization: Bearer qwerty123 Ongoing interaction

OAuth2 Authentication Creating Rich Server API’s for your Mobile Apps Allow me please? {“token”:“qwerty123”} Initial interaction (simplified) OAuth2 Provider {“token”:“qwerty123”} user info

Authentication Local Creating Rich Server API’s for your Mobile Apps Easy to implement Control over user info User maintains many accounts Password Fatigue OAuth2 Low barrier to usage User maintains fewer accounts Harder to implement Almost no control over content Hard to deactivate a user Better in corporate environments Better in user-first environments

Authentication always authenticate. Creating Rich Server API’s for your Mobile Apps If all else fails, use “fingerprinting” “appid”: “mygreatapp”, “deviceid”: “somethingrandom”, “appversion”: 1.3.6 Add to API headers:

Authentication Creating Rich Server API’s for your Mobile Apps

Analytics • Local logging • Google Server API Creating Rich Server API’s for your Mobile Apps

Local Logging Creating Rich Server API’s for your Mobile Apps All interactions contain these headers: “appid”: “mygreatapp”, “deviceid”: “somethingrandom”, “appversion”: 1.3.6 Log to DB

Google Analytics Creating Rich Server API’s for your Mobile Apps All interactions contain these headers: “appid”: “mygreatapp”, “deviceid”: “somethingrandom”, “appversion”: 1.3.6 Google Analytics Measurement Protocol https://github.com/PerfectlySoft/Perfect-GoogleAnalytics-MeasurementProtocol

Structure • Simplicity is King • Routing • Code structure Creating Rich Server API’s for your Mobile Apps

Simplicity is King Creating Rich Server API’s for your Mobile Apps • Minimize HTTP calls from the client • Balance minimizing calls with premature optimization • Plan, and spend more time planning.

Routing Creating Rich Server API’s for your Mobile Apps

Routing Creating Rich Server API’s for your Mobile Apps // Docs routes.append([ "method":"post", "uri":"/api/v1/docs/create",   “handler":WebHandlers.docCreate ]) routes.append([ "method":"post", "uri":"/api/v1/docs/save/doc",   “handler":WebHandlers.docSaveDoc ]) routes.append([ "method":"get", "uri":"/api/v1/docs/XAR0fzvSvImUwderQSJvFg", “handler":WebHandlers.docGet ]) API version 1

Routing Creating Rich Server API’s for your Mobile Apps // Docs routes.append([ "method":"post", "uri":"/api/v1/docs/create",   “handler":WebHandlers.docCreate ]) routes.append([ "method":"post", "uri":"/api/v1/docs/save/doc",   “handler":WebHandlers.docSaveDoc ]) routes.append([ "method":"get", "uri":"/api/v1/docs/XAR0fzvSvImUwderQSJvFg", “handler":WebHandlers.docGet ]) POST GET

Routing: HTTP Verbs Creating Rich Server API’s for your Mobile Apps GET POST PATCH PUT DELETE Retrieve resources Create resource Update resource Upload resource (aka file) Delete resource

Routing: HTTP Verbs Creating Rich Server API’s for your Mobile Apps GET POST PATCH PUT DELETE /v1/user/{id} /v1/user /v1/user /v1/user/{id}/avatar /v1/user/{id}

Routing: ID’s Creating Rich Server API’s for your Mobile Apps // Docs routes.append([ "method":"post", "uri":"/api/v1/docs/create",   “handler":WebHandlers.docCreate ]) routes.append([ "method":"post", "uri":"/api/v1/docs/save/doc",   “handler":WebHandlers.docSaveDoc ]) routes.append([ "method":"get", "uri":"/api/v1/docs/XAR0fzvSvImUwderQSJvFg", “handler":WebHandlers.docGet ]) Resource ID

Routing: ID’s Creating Rich Server API’s for your Mobile Apps • Never expose integer ID’s • Sequential ID’s are guessable • Use [A-Za-z0-9] ID’s • Encrypt or abstract if needed

Code Structure Creating Rich Server API’s for your Mobile Apps • Clearly organize your code structure • Maximize code re-use • Employ sensible functional programming

Clear Organization Creating Rich Server API’s for your Mobile Apps Use folder / groups

Clear Organization Creating Rich Server API’s for your Mobile Apps Separate handlers into digestible and identifiable chunks

Maximize code-reuse Creating Rich Server API’s for your Mobile Apps Every request var context: [String : Any] = [ "accountID": contextAccountID, "authenticated": contextAuthenticated, "userlist?":"true", "msg": msg, "configTitle": configTitle, "configLogo": configLogo, "configLogoSrcSet": configLogoSrcSet ]

Maximize code-reuse Creating Rich Server API’s for your Mobile Apps extension WebHandlers { static func appExtras() -> [String : Any] { return [ "configTitle": configTitle, "configLogo": configLogo, "configLogoSrcSet": configLogoSrcSet ] } }

Maximize code-reuse Creating Rich Server API’s for your Mobile Apps var context: [String : Any] = [ "accountID": contextAccountID, "authenticated": contextAuthenticated, "userlist?":"true", "msg": msg ] // add app config vars for i in WebHandlers.appExtras() { context[i.0] = i.1 }

Sensible functional programming Creating Rich Server API’s for your Mobile Apps Thursday, June 8 this.

Deployment Horizontal vs vertical scaling Creating Rich Server API’s for your Mobile Apps

Vertical Scaling Creating Rich Server API’s for your Mobile Apps bigger, better, faster, more

Vertical Scaling Creating Rich Server API’s for your Mobile Apps bigger, better, faster, more $$$ aka: Single Point of Failure

Horizontal Scaling Creating Rich Server API’s for your Mobile Apps lots & lots & lots of bricks

API Documentation Creating Rich Server API’s for your Mobile Apps crickets, anyone?

API Documentation Creating Rich Server API’s for your Mobile Apps Be kind to your API users: Document your API

API Doc Engines Creating Rich Server API’s for your Mobile Apps crickets, anyone? • readme.io • Slate • Perfect API Doc Server • Raw HTML

API Documentation Creating Rich Server API’s for your Mobile Apps

API Documentation Creating Rich Server API’s for your Mobile Apps Document first? or Code first?

API Documentation Creating Rich Server API’s for your Mobile Apps Plan first

API Documentation Creating Rich Server API’s for your Mobile Apps Plan first then document then code, and document

API Documentation Creating Rich Server API’s for your Mobile Apps Be kind to those who come later: Document your code

Questions? Creating Rich Server API’s for your Mobile Apps Jono Guthrie PerfectlySoft Inc. www.perfect.org @iamjono Slack: http://www.perfect.ly

Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines

More Related Content

What's hot

Similar to Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines

Recently uploaded

Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines