SlideShare a Scribd company logo

Architectural considerations when building an API

R
Rod Hemphill

An properly designed API for either mobile apps or 3rd party access needs to be built with maintainability, security, version control, data volume optimisation and speed performance in mind. Rod Hemphill from Melbourne App Development explains the options and his experience.

Technology
1 of 17
Download to read offline
API ARCHITECTURE FOR MOBILE APPS ROD HEMPHILL MELBOURNE APP DEVELOPMENT
PROBLEM STATEMENT • Management Advantage Pty Ltd provides administration and other solutions for aged care facilities in Australia. • There core system is an Entity Framework desktop Aged Care administration system. • They had an existing API built for their staff mobile app and needed to: • provide an API to a new mobile app to support family members of clients, and • an API to support third parties to provide other solutions such as catering and maintenance. • How do you do this?
THE CORE SYSTEM • An extensive solution providing: • client administration, • ACFI appraisals, • Medicare claims, • client care, • client assessments, • care planning, • progress management, • graphical charting, • client, management and healthcare professional communications, • facilities maintenance, • compliance audits, • employee management, • police checks, • courses and certificate management, • invoicing, • banking ….. It’s big and comprehensive. • Entity Framework .Net system using Forms, SQL Server with about 1500 tables.
STAFF APP • Intended for client support staff to provide the following services: • Record chart information (e.g. blood glucose level, heart rate etc) • Provide staff with client personal information (e.g. life story, family details) • Evacuation Aid • ACFI reporting • Activity events management (e.g. Bingo attendance) • Xamarin Forms, Android and iPhone, oAuth session based authentication. • Uses the camera. • 60 pages, 3 graphic charts using telerix. • Sqlite database with 117 tables. • Designed to work offline hence keeps a copy of large amounts of operational data. One medium sized client has 27,800 records stored locally and kept in sync.
FAMILY APP • For family members of clients to communciate with health care professions, see what their parents activities, provide feedback and maintenance request. • Xamarin Forms, 17 pages. • Social media and standard session based oAuth authetication. • Push notifications, camera support. • Sqlite with 20 tables, and a small volume of data. • Firebase Deep Linking onboarding.
API FOR THIRD PARTY ACCESS • Generic API for third party access to data. • Uses: Catering services, facilities maintenance. • Issued encrypted security key access. • Continually growing.
DIFFERING REQUIREMENTS Staff App Family App 3rd Party Access Speed of transfer ✔ ✔ Volume of data optimisation ✔ Data synchronisation (always in sync) ✔ ✔ Simplistic flat data formats ✔ Ever evolving functionality ✔ New interfaces ✔ Require stable interfaces ✔ Maintainability ✔ ✔ ✔
API DESIGN CONSIDERATIONS 1. Maintainability, extensibility, expandability. 2. Security 3. Version control. 4. Data volume optimisation. 5. Speed performance.
1. MAINTAINABILITY Single or many API’s? • Originally one for apps and one for 3rd party API. • Now a single API. • The architecture is complex, but the real maintenance is the functional changes. REST • Inherently flexible. • Supports flat and hierarchic data. • Internal systems can compromise flexibility for redundant data. • You will need to pass parameters to handle complexity. We use “App-Name”.
2. SECURITY Differing options: • Flat private key. • Hashed private / public key. (Used for high security currency transations). • Username/Password session based. • Username/Password initiated oAuth, with sessions. Management Advantage Chose: • Flat private key for 3rd party • Username/Password initiated oAuth with sessions. • Use Https.
3. VERSION CONTROL Servers architecture: 1. Central server per client. 2. Centralised, single version, multi- tenanted cloud based system. Problem: • You don’t have any control when the user downloads an app. • The app version could be behind or ahead of your API. • Your API could be ahead or behind your app. • i.e. your API needs to allow for App versions that haven’t been written yet.
3. VERSION CONTROL - IMPLEMENTATION • Learnings: • Don’t store app versions as strings. Use the inbuilt C# Version class. • Pass the version of each system in the Request and Response headers. (e.g. “X-API-VER” and “X-APP-VER”) • Remember that the App will not know the API version when it first starts a session. • Default to REST and Json wherever possible. Very forgiving. • You will need to hard code ‘if tests’ for version numbers in both the API and App. Ensure you use the [Obsolete] attribute with the version number where possible. • Where not possible make sure you throw out debug messages when the ‘if tests’ should be cleaned up. • Have auto-updating database version control in your apps. Naming our connection string as “/V1/xxxx” had little value. We use “/API/xxxx”.
4. DATA VOLUME OPTIMISATION • App needs to separate business logic from data transfer: • Models support full business logic. (e.g. Client, Address, HCP) • DTO’s optimised for data transfer. (e.g. ClientDto, AddressDto, HCPDto) • Optimise Json with “DefaultValueHandling” – don’t transmit nulls. • LastChangeDate. https://manad.com.au/api/client?lastChangeDate=20180715T13:10:31.102 • We use a generic process. Only use server side UTC dates. Never app device dates. • Server should always send the “RunDate” – don’t rely on record LastUpdatedTimestamp.
4. DATA VOLUME OPTIMISATION (CONT) • For complex data structures, don’t resend data if already sent. We created a “DtoSession” class. ClientDto (recursive structure) • AddressDto Address • AddressDto MailingAddress • List<HCPDto> HCPs • AddressDto Address • List<ClientDto> ClientContacts • AddressDto Address • (etc)
5. SPEED PERFORMANCE Considerations: • Http overhead: A call per record type? One call and fully cascade data? • Decision came down to what we could run on background threads: • Initial startup you need data before show a page. • Ongoing you can show last data and update with ObservableCollections. • Do you have the Apache “KeepAlive” option? • Reduced data has marginal effect on transmission performance: • (802.11b should get at least 100 Mbytes per second) • Real impact on speed is: • Optimising your server enquiries. • Optimising your app processing. • Minimising the data usually reduces the app processing time. • ... But may not reduce the server processing time.
5. SPEED PERFORMANCE (CONT) • We use NewtonSoft JSON which is fully functional: • Supports streaming for http content. • Allows us performance tuning options through scheme definitions and direct coding (if required in the future). • Compression or not? • Overhead to compress and decompress outweigh benefits? • Our research (not tested) said https you get better performance overall. • We had to do https anyway, but we did not turn on http compression.
QUESTIONS / DISCUSSION ROD HEMPHILL - MELBOURNE APP DEVELOPMENT

Recommended

What is Serverless Computing?
What is Serverless Computing?What is Serverless Computing?
What is Serverless Computing?AIMDek Technologies
 
Whats New in SBM 10.1.5
Whats New in SBM 10.1.5Whats New in SBM 10.1.5
Whats New in SBM 10.1.5Serena Software
 
SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSO
SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSOSAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSO
SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSOSAP Analytics
 
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test ScenarioFundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test ScenarioSiddharth Sharma
 
RPI Lawson 10x Tech
RPI Lawson 10x TechRPI Lawson 10x Tech
RPI Lawson 10x TechRichard Leigh Stout
 
I3 - for Web & J2EE
I3 - for Web & J2EEI3 - for Web & J2EE
I3 - for Web & J2EEsebastian.guerrero
 
IIS 6.0 and asp.net
IIS 6.0 and asp.netIIS 6.0 and asp.net
IIS 6.0 and asp.netRishi Kothari
 
309675745
309675745309675745
309675745Navin Somal
 

Recommended

What is Serverless Computing?
What is Serverless Computing?What is Serverless Computing?
What is Serverless Computing?AIMDek Technologies
 
Whats New in SBM 10.1.5
Whats New in SBM 10.1.5Whats New in SBM 10.1.5
Whats New in SBM 10.1.5Serena Software
 
SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSO
SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSOSAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSO
SAP #BOBJ #BI 4.1 Upgrade Webcast Series 6: User Authentication and SSOSAP Analytics
 
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test ScenarioFundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test ScenarioSiddharth Sharma
 
RPI Lawson 10x Tech
RPI Lawson 10x TechRPI Lawson 10x Tech
RPI Lawson 10x TechRichard Leigh Stout
 
I3 - for Web & J2EE
I3 - for Web & J2EEI3 - for Web & J2EE
I3 - for Web & J2EEsebastian.guerrero
 
IIS 6.0 and asp.net
IIS 6.0 and asp.netIIS 6.0 and asp.net
IIS 6.0 and asp.netRishi Kothari
 
309675745
309675745309675745
309675745Navin Somal
 
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013Shereen Qumsieh
 
Middleware monitoring with Applications Manager
Middleware monitoring with Applications ManagerMiddleware monitoring with Applications Manager
Middleware monitoring with Applications ManagerManageEngine, Zoho Corporation
 
Hanover Wireless Update Manager
Hanover Wireless Update ManagerHanover Wireless Update Manager
Hanover Wireless Update ManagerGordonMcKendry2
 
Winter16 release overview of Salesforce
Winter16 release overview of SalesforceWinter16 release overview of Salesforce
Winter16 release overview of SalesforceSantosh Kumar - Patna
 
JohnMcAnespieResume2015
JohnMcAnespieResume2015JohnMcAnespieResume2015
JohnMcAnespieResume2015John McAnespie
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationLinh Nguyen
 
Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016Serena Software
 
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & RestoreLadies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restoregemziebeth
 
(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for DevelopmentBIOVIA
 
[UC4] Version and Automate Everything
[UC4] Version and Automate Everything[UC4] Version and Automate Everything
[UC4] Version and Automate EverythingPerforce
 
S/4HANA Installation Quickstart Guide and Monitoring S/4HANA
S/4HANA Installation Quickstart Guide and Monitoring S/4HANAS/4HANA Installation Quickstart Guide and Monitoring S/4HANA
S/4HANA Installation Quickstart Guide and Monitoring S/4HANALinh Nguyen
 
Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Santosh Ojha
 
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...DMC, Inc.
 
SAP License Audit Process
SAP License Audit ProcessSAP License Audit Process
SAP License Audit ProcessAuditBot SAP Security Audit
 
Performance testing for integrated healthcare suite
Performance testing for integrated healthcare suitePerformance testing for integrated healthcare suite
Performance testing for integrated healthcare suiteRelevantz
 
External identity
External identityExternal identity
External identitySon Nguyen
 
Showcase_Intern
Showcase_InternShowcase_Intern
Showcase_InternVishwanarayan Sriganesh
 
Sahi
SahiSahi
SahiSohail Ahmed
 
E business suite r12.2 changes for database administrators
E business suite r12.2 changes for database administratorsE business suite r12.2 changes for database administrators
E business suite r12.2 changes for database administratorsSrinivasa Pavan Marti
 
ott_calfee_resume
ott_calfee_resumeott_calfee_resume
ott_calfee_resumeOtt Calfee
 
Tuli eServices_Ecommerce portfolio
Tuli eServices_Ecommerce portfolioTuli eServices_Ecommerce portfolio
Tuli eServices_Ecommerce portfolioTULI eServices Inc.
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service FabricDavide Benvegnù
 

More Related Content

What's hot

SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013Shereen Qumsieh
 
Hanover Wireless Update Manager
Hanover Wireless Update ManagerHanover Wireless Update Manager
Hanover Wireless Update ManagerGordonMcKendry2
 
Winter16 release overview of Salesforce
Winter16 release overview of SalesforceWinter16 release overview of Salesforce
Winter16 release overview of SalesforceSantosh Kumar - Patna
 
JohnMcAnespieResume2015
JohnMcAnespieResume2015JohnMcAnespieResume2015
JohnMcAnespieResume2015John McAnespie
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationLinh Nguyen
 
Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016Serena Software
 
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & RestoreLadies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restoregemziebeth
 
(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for DevelopmentBIOVIA
 
[UC4] Version and Automate Everything
[UC4] Version and Automate Everything[UC4] Version and Automate Everything
[UC4] Version and Automate EverythingPerforce
 
S/4HANA Installation Quickstart Guide and Monitoring S/4HANA
S/4HANA Installation Quickstart Guide and Monitoring S/4HANAS/4HANA Installation Quickstart Guide and Monitoring S/4HANA
S/4HANA Installation Quickstart Guide and Monitoring S/4HANALinh Nguyen
 
Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Santosh Ojha
 
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...DMC, Inc.
 
Performance testing for integrated healthcare suite
Performance testing for integrated healthcare suitePerformance testing for integrated healthcare suite
Performance testing for integrated healthcare suiteRelevantz
 
External identity
External identityExternal identity
External identitySon Nguyen
 
E business suite r12.2 changes for database administrators
E business suite r12.2 changes for database administratorsE business suite r12.2 changes for database administrators
E business suite r12.2 changes for database administratorsSrinivasa Pavan Marti
 

What's hot (19)

SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
SharePoint Saturday Silicon Valley - Upgrading from SharePoint 2010 to 2013
 
Middleware monitoring with Applications Manager
Middleware monitoring with Applications ManagerMiddleware monitoring with Applications Manager
Middleware monitoring with Applications Manager
 
Hanover Wireless Update Manager
Hanover Wireless Update ManagerHanover Wireless Update Manager
Hanover Wireless Update Manager
 
Winter16 release overview of Salesforce
Winter16 release overview of SalesforceWinter16 release overview of Salesforce
Winter16 release overview of Salesforce
 
JohnMcAnespieResume2015
JohnMcAnespieResume2015JohnMcAnespieResume2015
JohnMcAnespieResume2015
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
 
Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016
 
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & RestoreLadies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
Ladies Be Architects - Integration - Multi-Org, Security, JSON, Backup & Restore
 
(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development
 
[UC4] Version and Automate Everything
[UC4] Version and Automate Everything[UC4] Version and Automate Everything
[UC4] Version and Automate Everything
 
S/4HANA Installation Quickstart Guide and Monitoring S/4HANA
S/4HANA Installation Quickstart Guide and Monitoring S/4HANAS/4HANA Installation Quickstart Guide and Monitoring S/4HANA
S/4HANA Installation Quickstart Guide and Monitoring S/4HANA
 
Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Pune meetup 16 feb 2019
Pune meetup 16 feb 2019
 
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
Advanced Motion Control: Using the New 1500TF Processor and Siemens LAxis Lib...
 
SAP License Audit Process
SAP License Audit ProcessSAP License Audit Process
SAP License Audit Process
 
Performance testing for integrated healthcare suite
Performance testing for integrated healthcare suitePerformance testing for integrated healthcare suite
Performance testing for integrated healthcare suite
 
External identity
External identityExternal identity
External identity
 
Showcase_Intern
Showcase_InternShowcase_Intern
Showcase_Intern
 
Sahi
SahiSahi
Sahi
 
E business suite r12.2 changes for database administrators
E business suite r12.2 changes for database administratorsE business suite r12.2 changes for database administrators
E business suite r12.2 changes for database administrators
 

Similar to Architectural considerations when building an API

ott_calfee_resume
ott_calfee_resumeott_calfee_resume
ott_calfee_resumeOtt Calfee
 
Tuli eServices_Ecommerce portfolio
Tuli eServices_Ecommerce portfolioTuli eServices_Ecommerce portfolio
Tuli eServices_Ecommerce portfolioTULI eServices Inc.
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service FabricDavide Benvegnù
 
Rohit_Kumar_Resume
Rohit_Kumar_ResumeRohit_Kumar_Resume
Rohit_Kumar_ResumeRohit Kumar
 
Asynchronous API Testing: Trends, Tools & More | Calidad Infotech
Asynchronous API Testing: Trends, Tools & More | Calidad Infotech Asynchronous API Testing: Trends, Tools & More | Calidad Infotech
Asynchronous API Testing: Trends, Tools & More | Calidad Infotech Calidad Infotech
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating SystemAdelina Todeva
 
Testing in the Cloud using Panda
Testing in the Cloud using PandaTesting in the Cloud using Panda
Testing in the Cloud using PandaTao Jiang
 
Disruptive Trends in Application Development
Disruptive Trends in Application DevelopmentDisruptive Trends in Application Development
Disruptive Trends in Application DevelopmentWaveMaker, Inc.
 
Online talent sourcing - a future essentia
Online talent sourcing - a future essentiaOnline talent sourcing - a future essentia
Online talent sourcing - a future essentiaHSE Guru
 
Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Katherine Golovinova
 
Apinizer - Full API Lifecycle and Integration Platform
Apinizer - Full API Lifecycle and Integration Platform Apinizer - Full API Lifecycle and Integration Platform
Apinizer - Full API Lifecycle and Integration Platform Mustafa Yildiz
 
Google Cloud Platform as a Backend Solution for your Product
Google Cloud Platform as a Backend Solution for your ProductGoogle Cloud Platform as a Backend Solution for your Product
Google Cloud Platform as a Backend Solution for your ProductSergey Smetanin
 

Similar to Architectural considerations when building an API (20)

ott_calfee_resume
ott_calfee_resumeott_calfee_resume
ott_calfee_resume
 
Tuli eServices_Ecommerce portfolio
Tuli eServices_Ecommerce portfolioTuli eServices_Ecommerce portfolio
Tuli eServices_Ecommerce portfolio
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric
 
Tuli eServices Dotnet portfolio
Tuli eServices Dotnet portfolioTuli eServices Dotnet portfolio
Tuli eServices Dotnet portfolio
 
Inventory managment system
Inventory managment systemInventory managment system
Inventory managment system
 
Rohit_Kumar_Resume
Rohit_Kumar_ResumeRohit_Kumar_Resume
Rohit_Kumar_Resume
 
Mobile APIs in Practice
Mobile APIs in PracticeMobile APIs in Practice
Mobile APIs in Practice
 
Neev Load Testing Services
Neev Load Testing ServicesNeev Load Testing Services
Neev Load Testing Services
 
Asynchronous API Testing: Trends, Tools & More | Calidad Infotech
Asynchronous API Testing: Trends, Tools & More | Calidad Infotech Asynchronous API Testing: Trends, Tools & More | Calidad Infotech
Asynchronous API Testing: Trends, Tools & More | Calidad Infotech
 
Azure Mobile Services
Azure Mobile ServicesAzure Mobile Services
Azure Mobile Services
 
Resume 10-24-16
Resume 10-24-16Resume 10-24-16
Resume 10-24-16
 
chandrakanth
chandrakanthchandrakanth
chandrakanth
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
 
Testing in the Cloud using Panda
Testing in the Cloud using PandaTesting in the Cloud using Panda
Testing in the Cloud using Panda
 
Disruptive Trends in Application Development
Disruptive Trends in Application DevelopmentDisruptive Trends in Application Development
Disruptive Trends in Application Development
 
Online talent sourcing - a future essentia
Online talent sourcing - a future essentiaOnline talent sourcing - a future essentia
Online talent sourcing - a future essentia
 
Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?
 
Apinizer - Full API Lifecycle and Integration Platform
Apinizer - Full API Lifecycle and Integration Platform Apinizer - Full API Lifecycle and Integration Platform
Apinizer - Full API Lifecycle and Integration Platform
 
Raghu resume[1]
Raghu resume[1]Raghu resume[1]
Raghu resume[1]
 
Google Cloud Platform as a Backend Solution for your Product
Google Cloud Platform as a Backend Solution for your ProductGoogle Cloud Platform as a Backend Solution for your Product
Google Cloud Platform as a Backend Solution for your Product
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Architectural considerations when building an API

  • 1. API ARCHITECTURE FOR MOBILE APPS ROD HEMPHILL MELBOURNE APP DEVELOPMENT
  • 2. PROBLEM STATEMENT • Management Advantage Pty Ltd provides administration and other solutions for aged care facilities in Australia. • There core system is an Entity Framework desktop Aged Care administration system. • They had an existing API built for their staff mobile app and needed to: • provide an API to a new mobile app to support family members of clients, and • an API to support third parties to provide other solutions such as catering and maintenance. • How do you do this?
  • 3. THE CORE SYSTEM • An extensive solution providing: • client administration, • ACFI appraisals, • Medicare claims, • client care, • client assessments, • care planning, • progress management, • graphical charting, • client, management and healthcare professional communications, • facilities maintenance, • compliance audits, • employee management, • police checks, • courses and certificate management, • invoicing, • banking ….. It’s big and comprehensive. • Entity Framework .Net system using Forms, SQL Server with about 1500 tables.
  • 4. STAFF APP • Intended for client support staff to provide the following services: • Record chart information (e.g. blood glucose level, heart rate etc) • Provide staff with client personal information (e.g. life story, family details) • Evacuation Aid • ACFI reporting • Activity events management (e.g. Bingo attendance) • Xamarin Forms, Android and iPhone, oAuth session based authentication. • Uses the camera. • 60 pages, 3 graphic charts using telerix. • Sqlite database with 117 tables. • Designed to work offline hence keeps a copy of large amounts of operational data. One medium sized client has 27,800 records stored locally and kept in sync.
  • 5. FAMILY APP • For family members of clients to communciate with health care professions, see what their parents activities, provide feedback and maintenance request. • Xamarin Forms, 17 pages. • Social media and standard session based oAuth authetication. • Push notifications, camera support. • Sqlite with 20 tables, and a small volume of data. • Firebase Deep Linking onboarding.
  • 6. API FOR THIRD PARTY ACCESS • Generic API for third party access to data. • Uses: Catering services, facilities maintenance. • Issued encrypted security key access. • Continually growing.
  • 7. DIFFERING REQUIREMENTS Staff App Family App 3rd Party Access Speed of transfer ✔ ✔ Volume of data optimisation ✔ Data synchronisation (always in sync) ✔ ✔ Simplistic flat data formats ✔ Ever evolving functionality ✔ New interfaces ✔ Require stable interfaces ✔ Maintainability ✔ ✔ ✔
  • 8. API DESIGN CONSIDERATIONS 1. Maintainability, extensibility, expandability. 2. Security 3. Version control. 4. Data volume optimisation. 5. Speed performance.
  • 9. 1. MAINTAINABILITY Single or many API’s? • Originally one for apps and one for 3rd party API. • Now a single API. • The architecture is complex, but the real maintenance is the functional changes. REST • Inherently flexible. • Supports flat and hierarchic data. • Internal systems can compromise flexibility for redundant data. • You will need to pass parameters to handle complexity. We use “App-Name”.
  • 10. 2. SECURITY Differing options: • Flat private key. • Hashed private / public key. (Used for high security currency transations). • Username/Password session based. • Username/Password initiated oAuth, with sessions. Management Advantage Chose: • Flat private key for 3rd party • Username/Password initiated oAuth with sessions. • Use Https.
  • 11. 3. VERSION CONTROL Servers architecture: 1. Central server per client. 2. Centralised, single version, multi- tenanted cloud based system. Problem: • You don’t have any control when the user downloads an app. • The app version could be behind or ahead of your API. • Your API could be ahead or behind your app. • i.e. your API needs to allow for App versions that haven’t been written yet.
  • 12. 3. VERSION CONTROL - IMPLEMENTATION • Learnings: • Don’t store app versions as strings. Use the inbuilt C# Version class. • Pass the version of each system in the Request and Response headers. (e.g. “X-API-VER” and “X-APP-VER”) • Remember that the App will not know the API version when it first starts a session. • Default to REST and Json wherever possible. Very forgiving. • You will need to hard code ‘if tests’ for version numbers in both the API and App. Ensure you use the [Obsolete] attribute with the version number where possible. • Where not possible make sure you throw out debug messages when the ‘if tests’ should be cleaned up. • Have auto-updating database version control in your apps. Naming our connection string as “/V1/xxxx” had little value. We use “/API/xxxx”.
  • 13. 4. DATA VOLUME OPTIMISATION • App needs to separate business logic from data transfer: • Models support full business logic. (e.g. Client, Address, HCP) • DTO’s optimised for data transfer. (e.g. ClientDto, AddressDto, HCPDto) • Optimise Json with “DefaultValueHandling” – don’t transmit nulls. • LastChangeDate. https://manad.com.au/api/client?lastChangeDate=20180715T13:10:31.102 • We use a generic process. Only use server side UTC dates. Never app device dates. • Server should always send the “RunDate” – don’t rely on record LastUpdatedTimestamp.
  • 14. 4. DATA VOLUME OPTIMISATION (CONT) • For complex data structures, don’t resend data if already sent. We created a “DtoSession” class. ClientDto (recursive structure) • AddressDto Address • AddressDto MailingAddress • List<HCPDto> HCPs • AddressDto Address • List<ClientDto> ClientContacts • AddressDto Address • (etc)
  • 15. 5. SPEED PERFORMANCE Considerations: • Http overhead: A call per record type? One call and fully cascade data? • Decision came down to what we could run on background threads: • Initial startup you need data before show a page. • Ongoing you can show last data and update with ObservableCollections. • Do you have the Apache “KeepAlive” option? • Reduced data has marginal effect on transmission performance: • (802.11b should get at least 100 Mbytes per second) • Real impact on speed is: • Optimising your server enquiries. • Optimising your app processing. • Minimising the data usually reduces the app processing time. • ... But may not reduce the server processing time.
  • 16. 5. SPEED PERFORMANCE (CONT) • We use NewtonSoft JSON which is fully functional: • Supports streaming for http content. • Allows us performance tuning options through scheme definitions and direct coding (if required in the future). • Compression or not? • Overhead to compress and decompress outweigh benefits? • Our research (not tested) said https you get better performance overall. • We had to do https anyway, but we did not turn on http compression.
  • 17. QUESTIONS / DISCUSSION ROD HEMPHILL - MELBOURNE APP DEVELOPMENT