Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

May 30, 2014

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.


May 30, 2014

Other Decks in Technology


  1. Get in touch! [email protected] Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids
  2. Get in touch! [email protected] What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue
  3. Get in touch! [email protected] Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0
  4. Get in touch! [email protected] Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface
  5. Get in touch! [email protected] Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html
  6. Get in touch! [email protected] How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s
  7. Get in touch! [email protected] What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually
  8. Get in touch! [email protected] What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.
  9. Get in touch! [email protected] Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist