Klout redesigned their APIs in 2012 to better support mobile applications. They created a Master API that feeds both their Mobile API and Partner API. The Mobile API provides optimized payloads for mobile with all needed data in one request to reduce requests. They realized they should have created a separate Mobile Partner API to more easily support third-party mobile app development. The document outlines best practices for mobile APIs, including minimizing data payloads and requests, handling errors, and designing for failure and changes.
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Mobile APIs In Practice: Designing for Performance and Reliability
1. Mobile APIs In Practice
November 2013
Tyler Singletary, Director of Platform
tyler@klout.com ; @harmophone
2. When Klout Started Thinking Mobile
Klout’s Partner API in
2010-2011:
Klout’s API Strategy in
2012+:
• Not Mobile Optimized
• Not Used on Klout.com
• Not Extensible.
• XML and JSON response
• No Mobile Web Experience
• Easy Data in 1 Call
• Acquired Blockboard
• Redesigned Central API
• Entitlement System for
Klout.com, Mobile, Partners
• Mobile Web
• JSON Only
• Easy Data in 2 Calls for
Partners
2
3. Tradeoffs at Klout
•
•
•
We redesigned APIs for
Klout.com and our 1stparty mobile App first.
The Partner API drove
some of the
requirements, but always
would be based on the
Master API (with hidden
data)
The Mobile API payloads
are optimized for mobile
and its specific functions.
Partner API
• Crowdsourced
Mobile Apps
• CRM, Enterprise
• Consumer
Master
API
Mobile API
• Official Klout App
• Cinch
Klout.com
• Mobile Klout.com
3
6. What We Should Have Done
•
•
We should have branched another
“Mobile Partner API” to ease in partner
development of mobile apps utilizing
our API.
November 2013 Update:
– We still haven’t done this. :(
Partner API
• CRM, Enterprise
• Consumer
Klout.com
Master
API
Mobile API
• Official Klout App
• Cinch
Mobile Partner
API
• Appboy
6
7. Division of Labor
Server
Client/App
• Talks to all external
APIs
• Proxy and repackage
content exactly how
the app needs it
• Truth
• Talks only to
Server, except for
auth (but even
then…)
• Temporary storage for
UX and rendering
• Maybe Truth
7
8. Problems With Any API in Mobile
Data transfer rate is typically
slower
Delivering data to a device
costs the consumer money
Any one or more requests
can fail. And will.
Apps collecting from multiple
sources will be slow.
Latency.
Device diversity, processing
power, multitasking, storage
Mobile development has a
slower cycle due to App
Publishing
APIs Change. Apps change.
Not always in sync.
8
10. How Do You Protect Against These?
Remove
extraneous
data
Deliver large
payloads, fewe
r requests
Try, try, again.
But not too
much.
Real work
should be done
on the server
Graceful
Degregation
10
11. Failure is Routine. Plan for it.
Requests
User
Detail
Twitter Stream
Server
User
Detail
Twitter Stream
App – 3G
User
Deta--------------tream
It’s a race against time!
11
12. The Problem With SOAP
•
•
•
•
Tons of Extraneous Data.
Big payload.
Processing response holds UI latency.
Out of fashion for big data, social, web at
large.
The Good:
• Type safety!
• Fast Infoset standard. “The GZIP for
XML!”
12
13. The Problem With REST and JSON
•
•
•
•
•
Resource collections and objects aren’t always best
Non-optimized APIs require tons of individual requests
Various interpretations of what REST is and isn’t
Error Handling gets weird with arrays/collections and mobile nuance
While not strictly part of REST, typically JSON.
13
14. Best Practices
• Envelopes are an essential way to control and react to change, impress an
update.
• Default to POST and PUT with arrays, even for single record updates.
• Reference both URLs to resources as well as content_ids
• GZIP or compress responses whenever possible
• OAuth/xAuth for authentication. Don’t roll your own.
• Return collections with reasonable limits. Employ params or headers.
• Version on a per-endpoint basis. Adopt easy, programmatic versioning.
• Clients should identify themselves thoroughly. Version, platform, etc. It’s
shipped software. The API needs to know who it’s talking to.
• Be able to specify a “critical read” -> indicating acceptance of longer latency
or bypassing cache responses
14
15. Just one more thing… (about errors)
• Use HTTP status when appropriate
• Server-side errors need clarity and extensibility, like exceptions.
– Utilize custom schemes (-10, -11, etc.)
– Use 500-504, but provide codified directive error messages inside.
• Require server to return a handshake at the end of Writes: in addition to
positive status codes, return a positive ACK that a server handled the write.
• Potential Standards: vnd.error : https://github.com/blongden/vnd.error
15
16. Summary
Master API -> Partner API
Mobile API, Mobile Partner API
Design for Mobile APIs:
• both internal and external
Mobile payloads:
• data rich, extensible, lean on the
DDL and extras. Low # of calls.
{
Mobile Envelope:
• should become a standard way of
change management
"response":{},
"responseTime":26,
"interstitial":{
"url": "http://m.klout.com/upgrade",
}
}
16
17. Mobile APIs In Practice
November 2013
Tyler Singletary, Director of Platform
tyler@klout.com ; @harmophone
Editor's Notes
A Note On My Perspective:Klout builds consumer experiences. We measure influence on social networks.I manage all partner relations in regards to data in and out, as well as managed the development of our new API and how it was divided for Mobile.My experience is primarily in this context.
We broke one cardinal rule for easily getting to data on Mobile: we made it require two calls. Our data model shifted from being keyed off of Twitter to being keyed off of internal Ids.Internal IDs are translated from social services, like Twitter, Google+, etc.Data is then accessed via those IDsPeople are influential about TopicsTopics are named entities, but also have unique identifiers referenced by RESTful routes and IDs.
Here’s where I get super opinionated.This applies to web as well.
In our mobile API protocol: interstitial can return a URL to a webview in case of a change to invaldiate or redirect a client.Deal with versioning clients to gracefully escape users to the newest versions
Cancel/Retry modals on Failure – usual.Write autoretry or store the POST for future use (always let the user know)Timers on state
Be able to specify a “critical read” -> indicating acceptance of longer latency or bypassing cache responses
If something like a “notif” object exists, include shortened versions of Actor and Subject objects in the payload, rather than reference them for future lookup.
Require server to return a handshake at the end of Writes: in addition to positive status codes, return a positive ACK that a server handled the write.Envelope the error messages – present user-readable error messages in the error response (in addition to developer responses)API endpoint that is a config file : apps local config file to manange features :
A Note On My Perspective:Klout builds consumer experiences. We measure influence on social networks.I manage all partner relations in regards to data in and out, as well as managed the development of our new API and how it was divided for Mobile.My experience is primarily in this context.