Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014
Technology
1
450

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

588546210fcf916c39dafebdbb2ddbb5?s=128

mikz

May 30, 2014
Tweet

Other Decks in Technology

See All in Technology
大声で伝えたい!定時に帰る方法
61c616e83bef28a1cd2666439ebf334b?s=48 sbtechnight
0
250
品質特性のすすめ
95d0e8ddf4a989d9734c25bd6b1af295?s=48 honamin09
0
180
脆弱性スキャナのOWASP ZAPを コードベースで扱ってみる / OWASP ZAP on a code base
195f71c8183f8d27da66aa0618f293b6?s=48 task4233
1
260
ログラスを支える技術的投資の仕組み / loglass-technical-investment
F109e64829df9d89239079d68689c938?s=48 urmot
9
2k
MySQL v5.7 勉強会/study-mysql-ver-5-7
8847086af047cbf895ab3277b59529fe?s=48 andpad
0
2.1k
Continuous Architecture Design for Modernization
9b63847a4c413a2604e1d64e5d595dab?s=48 humank
3
540
聊聊 Cgo 的二三事
B3a7c0d5c590642dbce68bce8929a2df?s=48 david74chou
0
340
2022 COSCUP - GKE Backend Cluster 除雷分享
89f41026db2c96853402524fca4a2ff8?s=48 brentchang
0
120
Cloud Foundryの移行先はどこか? オープンソースPaaS探し
49844569246a6d183a5551bb74895e2a?s=48 kolinz
0
360
Red Hat Enterprise Linux 9のリリースノートを読む前に知りたい最近のキーワードをまとめて復習
79c2f7db29ee6df3e1ceb85c6a0126d3?s=48 moriwaka
0
370
Goで実装するブランドネットワークとの接続ポイント
E10d51de51c08e913216385be87dc1ca?s=48 pongzu
2
280
サイバー攻撃を想定したクラウドネイティブセキュリティガイドラインとCNAPP及びSecurity Observabilityの未来
E7f82c6db76f340b8ccc175d4330405b?s=48 sakon310
4
470

Featured

See All Featured
Practical Orchestrator
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
178
8.7k
Docker and Python
Ecdea9b9714877b86cee08458f085481?s=48 trallard
27
1.6k
4 Signs Your Business is Dying
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
169
20k
Dealing with People You Can't Stand - Big Design 2015
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
351
21k
Writing Fast Ruby
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
57k
Documentation Writing (for coders)
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenintech
48
2.6k
Intergalactic Javascript Robots from Outer Space
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
260
25k
The Cult of Friendly URLs
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
68
4.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
21
1.4k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
29
4.4k
Art, The Web, and Tiny UX
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
280
18k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
269
12k

Transcript

  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. Debugging APIs raimon@3scale.net & michal@3scale.net 3scale

  4. APIs Everywhere

  5. Get in touch! hello@apitools.com Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids

  6. Get in touch! hello@apitools.com Sonos

  7. Get in touch! hello@apitools.com Sonos

  8. Get in touch! hello@apitools.com Sonos

  9. Get in touch! hello@apitools.com Sonos

  10. Get in touch! hello@apitools.com Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! hello@apitools.com What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue

  14. Get in touch! hello@apitools.com Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0

  15. Get in touch! hello@apitools.com Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface

  16. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses

  17. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html

  18. Demotime!

  19. Get in touch! hello@apitools.com How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s

  20. Get in touch! hello@apitools.com What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually

  21. Get in touch! hello@apitools.com What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.

  22. Get in touch! hello@apitools.com Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist

  23. Thank You and Happy Hacking! www.apitools.com @apitools - hello@apitools.com raimon@3scale.net

    / michal@3scale.net