Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014
Technology
1
400

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

588546210fcf916c39dafebdbb2ddbb5?s=128

mikz

May 30, 2014
Tweet

Other Decks in Technology

See All in Technology
40c17fd99791bbfbed1730cd1ae5a2c0?s=48 mii3king
0
430
8bf5ef27f515041b93d3211571a7ed46?s=48 yasuyukiyamasaki
1
160
877f92a3597118cda2715790fa170ad4?s=48 benzookapi
1
380
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
120
3009eedce0d0f7ae45987a7bd8f57b85?s=48 nkjzm
0
570
93c80c388fe9d8f9df7d030549a0ff0b?s=48 chaspy
6
1.3k
Ff1cf99c7a71928f886c3b6c7c95b1da?s=48 masakazu
0
140
9cdd446fb259ec93e52d4388f60197f8?s=48 karamem0
1
730
9a883e4b99553b96d3ecf5a47aa6f233?s=48 khrd
1
530
3373c144fef1d3518b9b3f24a6b46ad0?s=48 lmi
3
1k
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
0
170
3e8f61263f14a620f21d5f3f89c4b846?s=48 gamella
3
1.5k

Featured

See All Featured
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
188
14k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
219
120k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
296
40k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
84
7.9k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
86
8.6k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
14
4.3k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
779
240k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
3
610
245cee81a9c424266e5e401d844ea881?s=48 lara
172
9.6k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
31
3.4k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
113
25k

Transcript

  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. Debugging APIs raimon@3scale.net & michal@3scale.net 3scale

  4. APIs Everywhere

  5. Get in touch! hello@apitools.com Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids

  6. Get in touch! hello@apitools.com Sonos

  7. Get in touch! hello@apitools.com Sonos

  8. Get in touch! hello@apitools.com Sonos

  9. Get in touch! hello@apitools.com Sonos

  10. Get in touch! hello@apitools.com Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! hello@apitools.com What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue

  14. Get in touch! hello@apitools.com Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0

  15. Get in touch! hello@apitools.com Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface

  16. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses

  17. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html

  18. Demotime!

  19. Get in touch! hello@apitools.com How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s

  20. Get in touch! hello@apitools.com What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually

  21. Get in touch! hello@apitools.com What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.

  22. Get in touch! hello@apitools.com Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist

  23. Thank You and Happy Hacking! www.apitools.com @apitools - hello@apitools.com raimon@3scale.net

    / michal@3scale.net