2014 austin-api-sdks-are-apis-too


Published on

Talk presented to the Austin API meetup on April 23

Published in: Software, Technology, Education
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

2014 austin-api-sdks-are-apis-too

  1. 1. SDKS ARE APIS TOO! Jeff Brateman Senior Software Engineer PayPal
  2. 2. 2 BACKGROUND Software Engineer developing server and client-side APIs for 10+ years Senior Android SDK developer at PayPal Lazy developer
  3. 3. 3 OUTLINE  APIs, SDKs, and OAuth2  PayPal Mobile SDKs  PayPal Server SDKs  Releasing  Support
  4. 4. 4 GOALS OF AN API APIs are an important way for a company, like PayPal, to extend reach Principles when delivering a great developer experience  Delightful experience for end users  Simple, yet complete API design (easy to learn and integrate) Successful APIs come from  Familiar API standards  Good API design process  Simple and complete developer experience
  5. 5. 5 SOME TERMS API An application programming interface (API) specifies how some software components should interact with each other. Generally, this refers to Web APIs SDK A software development kit (SDK or "devkit") is typically a set of software development tools that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform. SDKs are just client-side Programming APIs with some plumbing
  6. 6. 6 OAUTH2 Token Granting  Public Clients (no secret)  Confidential Clients (with secret) User Approval / Consent OAuth2 scopes to represent ability for an application to:  Use certain functionality  Access and operate on a resource  E.g, capture funds authorized previously, read financial instrument from wallet,... Auth != Security  Always use SSL  Data at rest is always encrypted!
  8. 8. 8 ANDROID SDK One tidy package  Oauth2 tokens, login, and consent  Confirm  card.io Easy to use and configure, because developers are lazy  One .jar file and some native libs  No xml or resource files to update  All configuration is via native Android extras  Small library footprint  No external library dependencies
  9. 9. 9 ANDROID OPEN SOURCE LIBRARIES Android Support Library Spring REST Async http libraries:  LoopJ  RoboSpice  OkHttp  Volley Robotium MonkeyRunner
  10. 10. 10 ANDROID SDK INTEGRATION 1. Add libs 2. Add AndroidManifest.xml entry 3. Copy/paste sample code from GitHub 4. Edit configuration 5. … 6. Profit Note that there are no layout xml or resource files to update, making integration and upgrades easy! card.io Android SDK integration on GitHub PayPal Android SDK integration on GitHub
  11. 11. 11 IOS SDK INTEGRATION 1. Add libs 2. Add some linker options and frameworks 3. Copy/paste sample code from GitHub 4. Edit configuration 5. … 6. Profit card.io iOS SDK integration on GitHub PayPal iOS SDK integration on GitHub
  12. 12. 12 LINKING TO YOUR APP e.g. Make a payment via SDK by using Fingerprint Authentication (Samsung S5) Hook up the SDK to the Wallet App, and release new version of the SDK On Android, this requires no additional configuration from the application developer SDK can immediately make use of more authentication mechanisms as they become available – developer just needs to upgrade their SDK The Saga of my Crush on Candy Android App PayPal Android SDK PayPal Wallet Android App
  13. 13. 13 GITHUB.IO GitHub has tools to host your docs Create gh-pages branch to get a pretty, github.io hosted doc page  http://paypal.github.io/PayPal-Android-SDK/  http://card-io.github.io/card.io-Android-SDK/
  14. 14. 14 PAYPAL SERVER SDKS Shouldn’t a RESTful API be easy enough to consume without an SDK? Yes, but PayPal SDKs provide useful benefits:  Abstract OAuth2 details  Native language interfaces and objects (e.g., Java POJOs) – easy code gen  Updates for new APIs  Community support  Write/fork your own!
  15. 15. 15 OPEN SOURCE? Pros: Community contributions Open and honest Street cred Public forks Cons: Cannot reveal proprietary information • Secret APIs or algorithms • Potentially embarrassing bugs Cannot control usage
  16. 16. 16 BRANCHING, BUILDING, AND TESTING Git Flow Android Build Tools: • Ant • Gradle • Buck CI Tools: • Jenkins • TestDroid • TestFlight • TravisCI
  17. 17. 17 RELEASING Distribute via:  GitHub  Language specific package manager (e.g., Sonatype, PyPI) Semantic versioning + Changelog Announce over:  Twitter  Google Groups  Blog posts  Evangelists  Close open GitHub issues
  18. 18. 18 A LITTLE HELP?
  19. 19. 19 WHAT MAKES A GOOD SDK? Solves a specific problem above and beyond the API Minimal handholding • Documentation • SDK and code samples Mock mode (mobile SDKs) Sandbox Unit tests Sandbox tests
  20. 20. 20 WHAT IF THINGS GO WRONG? Developer support (client side problems)  GitHub issues  StackOverflow  Issues sometimes reported long after it was introduced  Release often, encourage upgrades  Practice culture of being polite while asking common questions: • “Are you using the latest SDK?” • “What environments/devices do you encounter the problem?” • “Have you tried turning it off and on again?” Account or server problem  SDK developers end up being the QA for server side APIs – experts at what the API ‘really’ does  Defer or engage Developer Technical Support
  21. 21. THANK YOU We’re hiring! Apply online (ebaycareers.com), or send resume, cover letter, or GitHub id to Deepak Nadig - dn@paypal.com 04/23/2014