Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

mikz
May 30, 2014

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

mikz

May 30, 2014
Tweet

Other Decks in Technology

Transcript

  1. Get in touch! [email protected] Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids
  2. Get in touch! [email protected] What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue
  3. Get in touch! [email protected] Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0
  4. Get in touch! [email protected] Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface
  5. Get in touch! [email protected] Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html
  6. Get in touch! [email protected] How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s
  7. Get in touch! [email protected] What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually
  8. Get in touch! [email protected] What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.
  9. Get in touch! [email protected] Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist