Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014
Technology
1
410

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.
ApiDays

588546210fcf916c39dafebdbb2ddbb5?s=128

mikz

May 30, 2014
Tweet

Other Decks in Technology

See All in Technology
F6d9eaeab301cb77b4b9d2b99a69eedc?s=48 hfu
0
130
71c9ebde850996d2533c5df4df2c93c6?s=48 opdavies
0
170
14f2b7db383dec76a490bae09596e96c?s=48 last9
0
230
E598c2f9a8e5c94eea0e6505b4233d81?s=48 tomohide_tanaka
1
600
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
PRO
0
170
3aeee885003e0a7406ba970fb015c4bb?s=48 sakuracloud
0
110
A4d5b3aae2e67f31b513c88c726514c2?s=48 smzksts
0
260
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
170
0b626efa067fc1732d0827b6ac1ca6e1?s=48 shoheiyamamoto
0
210
8989dfee7c4a1360817fccb657d695bc?s=48 nobuakikikuchi
0
130
98f8e6125c052c4ac3fcc94f97919371?s=48 evilsmile
0
290
9ea422a61c1a69c888786830eee3dbe6?s=48 osonoi
0
140

Featured

See All Featured
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
402
20k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
88
3.4k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
119
16k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
311
17k
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
26
3.3k
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
35
1.7k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
73
1.5k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
204
38k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
147
6.7k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
28
2.1k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
2k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
344
26k

Transcript

  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs github.com/kidd & github.com/mikz 3scale

  3. Debugging APIs raimon@3scale.net & michal@3scale.net 3scale

  4. APIs Everywhere

  5. Get in touch! hello@apitools.com Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids

  6. Get in touch! hello@apitools.com Sonos

  7. Get in touch! hello@apitools.com Sonos

  8. Get in touch! hello@apitools.com Sonos

  9. Get in touch! hello@apitools.com Sonos

  10. Get in touch! hello@apitools.com Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! hello@apitools.com What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue

  14. Get in touch! hello@apitools.com Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0

  15. Get in touch! hello@apitools.com Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface

  16. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses

  17. Get in touch! hello@apitools.com Api Aggregation Mobile app Middleware Web

    APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html

  18. Demotime!

  19. Get in touch! hello@apitools.com How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s

  20. Get in touch! hello@apitools.com What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually

  21. Get in touch! hello@apitools.com What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.

  22. Get in touch! hello@apitools.com Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist

  23. Thank You and Happy Hacking! www.apitools.com @apitools - hello@apitools.com raimon@3scale.net

    / michal@3scale.net