Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

mikz
May 30, 2014

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

mikz

May 30, 2014
Tweet

Other Decks in Technology

Transcript

  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. Debugging APIs [email protected] & [email protected] 3scale

  4. APIs Everywhere

  5. Get in touch! [email protected] Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids
  6. Get in touch! [email protected] Sonos

  7. Get in touch! [email protected] Sonos

  8. Get in touch! [email protected] Sonos

  9. Get in touch! [email protected] Sonos

  10. Get in touch! [email protected] Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! [email protected] What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue
  14. Get in touch! [email protected] Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0
  15. Get in touch! [email protected] Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface
  16. Get in touch! [email protected] Api Aggregation Mobile app Middleware Web

    APIs requests responses
  17. Get in touch! [email protected] Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html
  18. Demotime!

  19. Get in touch! [email protected] How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s
  20. Get in touch! [email protected] What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually
  21. Get in touch! [email protected] What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.
  22. Get in touch! [email protected] Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist
  23. Thank You and Happy Hacking! www.apitools.com @apitools - [email protected] [email protected]

    / [email protected]