Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014
Technology
1
410

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

588546210fcf916c39dafebdbb2ddbb5?s=128

mikz

May 30, 2014
Tweet

Other Decks in Technology

See All in Technology
F97943a70302823ff0e66434dc70b389?s=48 liviagabos
0
170
4924e08c88a442edbffd87b91cb45131?s=48 zaki_lknr
0
560
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
160
1405a601755e5fcbfdc93a2560368bb1?s=48 freddi
3
170
D8e3492ad16d2087b7cb8b2f6c4d3eb9?s=48 iseki
1
180
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
PRO
0
140
6e28f76cf4ddc493b1df1d284e0d3400?s=48 hhj4ck
0
2.5k
7e6a435700dda6cdb22105d601f20892?s=48 picardparis
4
2.7k
58ed7368f1de80df0b380087b19a4ac1?s=48 sugarcrm
PRO
0
190
B84123138372542a55401c92b170b528?s=48 hassaku63
1
890
Fd38d7ee40295f6361aa059008288731?s=48 shyaginuma
14
5.5k
D65bdfdd4762c763f71d08fd4d9fa511?s=48 sky_joker
1
450

Featured

See All Featured
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
48
2.9k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
269
17k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
58
3.7k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
990
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.6k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
653
120k
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
61
6.6k
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
10
710
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
122
5k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
156
12k
A9704266587836f7e784235e5073b93e?s=48 jmmastey
19
4.9k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
287
19k

Transcript

  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. Debugging APIs raimon@3scale.net & michal@3scale.net 3scale

  4. APIs Everywhere

  5. Get in touch! hello@apitools.com Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids

  6. Get in touch! hello@apitools.com Sonos

  7. Get in touch! hello@apitools.com Sonos

  8. Get in touch! hello@apitools.com Sonos

  9. Get in touch! hello@apitools.com Sonos

  10. Get in touch! hello@apitools.com Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! hello@apitools.com What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue

  14. Get in touch! hello@apitools.com Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0

  15. Get in touch! hello@apitools.com Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface

  16. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses

  17. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html

  18. Demotime!

  19. Get in touch! hello@apitools.com How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s

  20. Get in touch! hello@apitools.com What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually

  21. Get in touch! hello@apitools.com What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.

  22. Get in touch! hello@apitools.com Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist

  23. Thank You and Happy Hacking! www.apitools.com @apitools - hello@apitools.com raimon@3scale.net

    / michal@3scale.net