SDKs are APIs with additional development tools and libraries to make integration easier. The document discusses PayPal's mobile and server SDKs, which provide OAuth authentication, API object models, and sample code to simplify making payments and accessing financial data. Well-designed SDKs should solve problems beyond what the base API provides through good documentation, mock environments for testing, and developer support for issues.

1. SDKS ARE APIS TOO!
Jeff Brateman
Senior Software Engineer
PayPal

2. 2
BACKGROUND
Software Engineer developing server and client-side APIs for 10+ years
Senior Android SDK developer at PayPal
Lazy developer

3. 3
OUTLINE
 APIs, SDKs, and OAuth2
 PayPal Mobile SDKs
 PayPal Server SDKs
 Releasing
 Support

4. 4
GOALS OF AN API
APIs are an important way for a company, like PayPal, to extend reach
Principles when delivering a great developer experience
 Delightful experience for end users
 Simple, yet complete API design (easy to learn and integrate)
Successful APIs come from
 Familiar API standards
 Good API design process
 Simple and complete developer experience

5. 5
SOME TERMS
API
An application programming interface (API) specifies how some software
components should interact with each other.
Generally, this refers to Web APIs
SDK
A software development kit (SDK or "devkit") is typically a set of
software development tools that allows for the creation of applications
for a certain software package, software framework, hardware platform,
computer system, video game console, operating system, or similar
development platform.
SDKs are just client-side Programming APIs with some plumbing

6. 6
OAUTH2
Token Granting
 Public Clients (no secret)
 Confidential Clients (with secret)
User Approval / Consent
OAuth2 scopes to represent ability for an application to:
 Use certain functionality
 Access and operate on a resource
 E.g, capture funds authorized previously, read financial instrument from
wallet,...
Auth != Security
 Always use SSL
 Data at rest is always encrypted!

7. 7
PAYPAL MOBILE SDKS

8. 8
ANDROID SDK
One tidy package
 Oauth2 tokens, login, and consent
 Confirm
 card.io
Easy to use and configure, because developers are lazy
 One .jar file and some native libs
 No xml or resource files to update
 All configuration is via native Android extras
 Small library footprint
 No external library dependencies

9. 9
ANDROID OPEN SOURCE LIBRARIES
Android Support Library
Spring REST
Async http libraries:
 LoopJ
 RoboSpice
 OkHttp
 Volley
Robotium
MonkeyRunner

10. 10
ANDROID SDK INTEGRATION
1. Add libs
2. Add AndroidManifest.xml entry
3. Copy/paste sample code from GitHub
4. Edit configuration
5. …
6. Profit
Note that there are no layout xml or resource files to update, making
integration and upgrades easy!
card.io Android SDK integration on GitHub
PayPal Android SDK integration on GitHub

11. 11
IOS SDK INTEGRATION
1. Add libs
2. Add some linker options and frameworks
3. Copy/paste sample code from GitHub
4. Edit configuration
5. …
6. Profit
card.io iOS SDK integration on GitHub
PayPal iOS SDK integration on GitHub

12. 12
LINKING TO YOUR APP
e.g. Make a payment via SDK by using Fingerprint Authentication (Samsung S5)
Hook up the SDK to the Wallet App, and release new version of the SDK
On Android, this requires no additional configuration from the application developer
SDK can immediately make use of more authentication mechanisms as they become available –
developer just needs to upgrade their SDK
The Saga of my Crush
on Candy Android App
PayPal Android SDK
PayPal Wallet Android App

13. 13
GITHUB.IO
GitHub has tools to host your docs
Create gh-pages branch to get a pretty, github.io hosted doc page
 http://paypal.github.io/PayPal-Android-SDK/
 http://card-io.github.io/card.io-Android-SDK/

14. 14
PAYPAL SERVER SDKS
Shouldn’t a RESTful API be easy enough to consume without an SDK?
Yes, but PayPal SDKs provide useful benefits:
 Abstract OAuth2 details
 Native language interfaces and objects (e.g., Java POJOs) – easy code gen
 Updates for new APIs
 Community support
 Write/fork your own!

15. 15
OPEN SOURCE?
Pros:
Community contributions
Open and honest
Street cred
Public forks
Cons:
Cannot reveal proprietary information
• Secret APIs or algorithms
• Potentially embarrassing bugs
Cannot control usage

16. 16
BRANCHING, BUILDING, AND TESTING
Git Flow
Android Build Tools:
• Ant
• Gradle
• Buck
CI Tools:
• Jenkins
• TestDroid
• TestFlight
• TravisCI

17. 17
RELEASING
Distribute via:
 GitHub
 Language specific
package manager
(e.g., Sonatype, PyPI)
Semantic versioning + Changelog
Announce over:
 Twitter
 Google Groups
 Blog posts
 Evangelists
 Close open GitHub issues

18. 18
A LITTLE HELP?

19. 19
WHAT MAKES A GOOD SDK?
Solves a specific problem above and beyond the API
Minimal handholding
• Documentation
• SDK and code samples
Mock mode (mobile SDKs)
Sandbox
Unit tests
Sandbox tests

20. 20
WHAT IF THINGS GO WRONG?
Developer support (client side problems)
 GitHub issues
 StackOverflow
 Issues sometimes reported long after it was introduced
 Release often, encourage upgrades
 Practice culture of being polite while asking common questions:
• “Are you using the latest SDK?”
• “What environments/devices do you encounter the problem?”
• “Have you tried turning it off and on again?”
Account or server problem
 SDK developers end up being the QA for server side APIs – experts at
what the API ‘really’ does
 Defer or engage Developer Technical Support

21. THANK YOU
We’re hiring!
Apply online (ebaycareers.com), or send resume, cover letter,
or GitHub id to Deepak Nadig - dn@paypal.com
04/23/2014