Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Data to Go: Mobile API Design (SXSW)
1. Data to Go
Mobile API Design
Matt Smollinger
CTO & Co-Founder, Skaffl
@mattsmollinger
Chuck Greb
Sr. Software Engineer, Mapzen
@ecgreb
#SXSW
#DataToGo
2. About us
Chief Technology Officer of Skaffl.
com, Mobile Dev, and general geek.
Mobile software craftsman, test-
driven evangelist, and clean code
connoisseur.
Matt Smollinger
CTO & Co-Founder, Skaffl
@mattsmollinger
Chuck Greb
Sr. Software Engineer, Mapzen
@ecgreb
5. What is an API?
An application programming interface (API) is a
specification of how software components
should interact with each other. In most cases
an API is a library that includes specification for
routines, data structures, object classes, and
variables.
http://en.wikipedia.org/wiki/Application_programming_interface
6. Remote Service API
● Web service
● Desktop, laptop, or mobile client
● Communication and protocol
HTTP + JSON = <3
33. Show me the cache
● Memory
● Disk
● Invalidation
Chiu-Ki Chan
Caching Strategies for Mobile Apps
Philly ETE 2012
http://chiuki.github.io/mobile-caching-strategies/
34. - Phil Karlton
"There are two hard things in
computer science:
cache invalidation, naming
things, and off-by-1 errors."
46. Object Expansion
Specify verbosity level on per request basis
● Abstract verbosity level
● Custom media type
● Specify response fields in the request
● Collection vs. resource
53. Cat (resource)
GET http://mostlygeeks.com:5000/cats/1
Output
{
"cat_id": 1,
"name": "Kaze",
"age": 2,
"small_photo_url": "http://example.com/images/kaze_small.jpg",
"short_description": "Kaze is an energetic and playful cat.",
"large_photo_url": "http://example.com/images/kaze_large.jpg",
"long_description": "Kaze is an energetic and playful cat who likes to..."
}
59. Mobile-friendly security
Do
● HTTPS/SSL
● Access token
header
● 2-step verification
Don’t
● Session
● Cookies
● CSRF tokens
● OAuth*
● HMAC*
*Unless your API is public
60. Wait... I thought OAuth was good?
● Which implementation?
● Designed for 3-legged communication over
un-encrypted connections.
● Apps can be decompiled to determine
hashing algorithm if done client-side.
● Introduces significant overhead.
● OAuth2 = Security Sadness
65. ...is now
● SPDY
● Binary Transfer Formats
○ Protobuf
○ BSON
○ Thrift
● Websockets
● HTTP 2.0
66. How was the session?
FeedbackSXSW App Session Feedback
1. Express yourself
2. Help us get better
3.Earn rewards
{Daily SXSW Posters + Grand Prizes}
In 1 minute