Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014
Technology
1
400

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

588546210fcf916c39dafebdbb2ddbb5?s=128

mikz

May 30, 2014
Tweet

Want more?

7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
3
760
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
14
890
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
6
490
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
310
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
8
640
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
9
330
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
370
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
5
920
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
240
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
300
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
63
250k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
6
860

Transcript

  1. 1.

    Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. 2.

    Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. 3.

    Debugging APIs raimon@3scale.net & michal@3scale.net 3scale

  4. 4.

    APIs Everywhere

  5. 5.

    Get in touch! hello@apitools.com Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids
  6. 6.

    Get in touch! hello@apitools.com Sonos

  7. 7.

    Get in touch! hello@apitools.com Sonos

  8. 8.

    Get in touch! hello@apitools.com Sonos

  9. 9.

    Get in touch! hello@apitools.com Sonos

  10. 10.

    Get in touch! hello@apitools.com Sonos

  11. 11.

    Demotime!

  12. 12.

    Yay! :) or nay :(

  13. 13.

    Get in touch! hello@apitools.com What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue
  14. 14.

    Get in touch! hello@apitools.com Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0
  15. 15.

    Get in touch! hello@apitools.com Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface
  16. 16.

    Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses
  17. 17.

    Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html
  18. 18.

    Demotime!

  19. 19.

    Get in touch! hello@apitools.com How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s
  20. 20.

    Get in touch! hello@apitools.com What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually
  21. 21.

    Get in touch! hello@apitools.com What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.
  22. 22.

    Get in touch! hello@apitools.com Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist
  23. 23.

    Thank You and Happy Hacking! www.apitools.com @apitools - hello@apitools.com raimon@3scale.net

    / michal@3scale.net