Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014
Technology
1
400

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

588546210fcf916c39dafebdbb2ddbb5?s=128

mikz

May 30, 2014
Tweet

Other Decks in Technology

See All in Technology
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
0
220
0d29d155ce5c5a93ed46363626da3ea7?s=48 ocise
0
620
A431674e1b362e40786876211b77455e?s=48 ramimac
1
1.3k
Cd3d2cb2dadf5488935fe0ddaea7938a?s=48 monochromegane
0
120
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
130
415b1dba0dcda50480d48b6770795f93?s=48 geshomizu
0
180
332f89cc697355902a817506b6995f2b?s=48 ytaka23
2
540
98e8fcf6f0962f5ffdbe830f5555b189?s=48 mrkmakr
3
1.3k
96e6721cf9462dfc15a564189a701d29?s=48 naoyasugita
0
140
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
0
120
Afa915e2be5df7c64a848f078b62abb1?s=48 kg0r0
0
190
73c174b34dafaea64f2824eb008a6559?s=48 shibayan
0
1.1k

Featured

See All Featured
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
295
27k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
100
11k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
203
35k
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
286
110k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
10k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
306
17k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
192
8.4k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
225
8.4k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
166
19k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
436
28k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
447
36k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
143
19k

Transcript

  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. Debugging APIs raimon@3scale.net & michal@3scale.net 3scale

  4. APIs Everywhere

  5. Get in touch! hello@apitools.com Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids

  6. Get in touch! hello@apitools.com Sonos

  7. Get in touch! hello@apitools.com Sonos

  8. Get in touch! hello@apitools.com Sonos

  9. Get in touch! hello@apitools.com Sonos

  10. Get in touch! hello@apitools.com Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! hello@apitools.com What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue

  14. Get in touch! hello@apitools.com Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0

  15. Get in touch! hello@apitools.com Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface

  16. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses

  17. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html

  18. Demotime!

  19. Get in touch! hello@apitools.com How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s

  20. Get in touch! hello@apitools.com What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually

  21. Get in touch! hello@apitools.com What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.

  22. Get in touch! hello@apitools.com Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist

  23. Thank You and Happy Hacking! www.apitools.com @apitools - hello@apitools.com raimon@3scale.net

    / michal@3scale.net