Jono discusses practical design-led thinking approaches to creating scalable and agile server-side API’s for your mobile applications, from initial planning through to execution and documentation. While targeted at Swift as the language, you’ll be able to apply these techniques to creating API’s in almost any server-side language.
4. Local Authentication
Creating Rich Server API’s for your Mobile Apps
{
“user”: “me”,
“pwd”: “iHeartSwift”
}
{
“token”: “qwerty123”
}
Initial interaction
6. OAuth2 Authentication
Creating Rich Server API’s for your Mobile Apps
Allow me please?
{“token”:“qwerty123”}
Initial interaction (simplified)
OAuth2
Provider
{“token”:“qwerty123”}
user
info
7. Authentication
Local
Creating Rich Server API’s for your Mobile Apps
Easy to implement
Control over user info
User maintains many accounts
Password Fatigue
OAuth2
Low barrier to usage
User maintains fewer accounts
Harder to implement
Almost no control over content
Hard to deactivate a user
Better in corporate
environments
Better in user-first
environments
8. Authentication
always authenticate.
Creating Rich Server API’s for your Mobile Apps
If all else fails, use “fingerprinting”
“appid”: “mygreatapp”,
“deviceid”: “somethingrandom”,
“appversion”: 1.3.6
Add to API headers:
11. Local Logging
Creating Rich Server API’s for your Mobile Apps
All interactions contain these headers:
“appid”: “mygreatapp”,
“deviceid”: “somethingrandom”,
“appversion”: 1.3.6
Log to DB
12. Google Analytics
Creating Rich Server API’s for your Mobile Apps
All interactions contain these headers:
“appid”: “mygreatapp”,
“deviceid”: “somethingrandom”,
“appversion”: 1.3.6
Google Analytics
Measurement Protocol
https://github.com/PerfectlySoft/Perfect-GoogleAnalytics-MeasurementProtocol
13. Structure
• Simplicity is King
• Routing
• Code structure
Creating Rich Server API’s for your Mobile Apps
14. Simplicity is King
Creating Rich Server API’s for your Mobile Apps
• Minimize HTTP calls from the client
• Balance minimizing calls with
premature optimization
• Plan, and spend more time planning.
16. Routing
Creating Rich Server API’s for your Mobile Apps
// Docs
routes.append([
"method":"post", "uri":"/api/v1/docs/create",
“handler":WebHandlers.docCreate
])
routes.append([
"method":"post", "uri":"/api/v1/docs/save/doc",
“handler":WebHandlers.docSaveDoc
])
routes.append([
"method":"get", "uri":"/api/v1/docs/XAR0fzvSvImUwderQSJvFg",
“handler":WebHandlers.docGet
])
API version 1
17. Routing
Creating Rich Server API’s for your Mobile Apps
// Docs
routes.append([
"method":"post", "uri":"/api/v1/docs/create",
“handler":WebHandlers.docCreate
])
routes.append([
"method":"post", "uri":"/api/v1/docs/save/doc",
“handler":WebHandlers.docSaveDoc
])
routes.append([
"method":"get", "uri":"/api/v1/docs/XAR0fzvSvImUwderQSJvFg",
“handler":WebHandlers.docGet
])
POST
GET
18. Routing: HTTP Verbs
Creating Rich Server API’s for your Mobile Apps
GET
POST
PATCH
PUT
DELETE
Retrieve resources
Create resource
Update resource
Upload resource (aka file)
Delete resource
19. Routing: HTTP Verbs
Creating Rich Server API’s for your Mobile Apps
GET
POST
PATCH
PUT
DELETE
/v1/user/{id}
/v1/user
/v1/user
/v1/user/{id}/avatar
/v1/user/{id}
20. Routing: ID’s
Creating Rich Server API’s for your Mobile Apps
// Docs
routes.append([
"method":"post", "uri":"/api/v1/docs/create",
“handler":WebHandlers.docCreate
])
routes.append([
"method":"post", "uri":"/api/v1/docs/save/doc",
“handler":WebHandlers.docSaveDoc
])
routes.append([
"method":"get", "uri":"/api/v1/docs/XAR0fzvSvImUwderQSJvFg",
“handler":WebHandlers.docGet
])
Resource ID
21. Routing: ID’s
Creating Rich Server API’s for your Mobile Apps
• Never expose integer ID’s
• Sequential ID’s are guessable
• Use [A-Za-z0-9] ID’s
• Encrypt or abstract if needed
22. Code Structure
Creating Rich Server API’s for your Mobile Apps
• Clearly organize your code structure
• Maximize code re-use
• Employ sensible functional programming
25. Maximize code-reuse
Creating Rich Server API’s for your Mobile Apps
Every request
var context: [String : Any] = [
"accountID": contextAccountID,
"authenticated": contextAuthenticated,
"userlist?":"true",
"msg": msg,
"configTitle": configTitle,
"configLogo": configLogo,
"configLogoSrcSet": configLogoSrcSet
]
26. Maximize code-reuse
Creating Rich Server API’s for your Mobile Apps
extension WebHandlers {
static func appExtras() -> [String : Any] {
return [
"configTitle": configTitle,
"configLogo": configLogo,
"configLogoSrcSet": configLogoSrcSet
]
}
}
27. Maximize code-reuse
Creating Rich Server API’s for your Mobile Apps
var context: [String : Any] = [
"accountID": contextAccountID,
"authenticated": contextAuthenticated,
"userlist?":"true",
"msg": msg
]
// add app config vars
for i in WebHandlers.appExtras() {
context[i.0] = i.1
}