Save 37% off PRO during our Black Friday Sale! »

Reverse Engineering APIs

588546210fcf916c39dafebdbb2ddbb5?s=47 mikz
May 30, 2014

Reverse Engineering APIs

Hacking Sonos and Bicing APIs with APItools.



May 30, 2014


  1. Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

  2. Inspecting APIs & 3scale

  3. Debugging APIs & 3scale

  4. APIs Everywhere

  5. Get in touch! Cases of study • ‘Hidden’ API:

    Sonos • Combining APIs: Bicing on steroids
  6. Get in touch! Sonos

  7. Get in touch! Sonos

  8. Get in touch! Sonos

  9. Get in touch! Sonos

  10. Get in touch! Sonos

  11. Demotime!

  12. Yay! :) or nay :(

  13. Get in touch! What else you could do? •

    Transfer song from Spotify to the Sonos • Backup playlists • Stream the music to remote locations • Vote the songs added to the queue
  14. Get in touch! Case 2: Api aggregation Bicing +

    Google Maps Source: Carlos Mejía Greene CC BY-NC-SA 2.0
  15. Get in touch! Improvements • Reduce transfer size •

    Reduce roundtrips • Improve accuracy by getting info from multiple sources • Improve API interface
  16. Get in touch! Api Aggregation Mobile app Middleware Web

    APIs requests responses
  17. Get in touch! Api Aggregation Mobile app Middleware Web

    APIs requests responses
  18. Demotime!

  19. Get in touch! How we improved? Size Savings Response

    time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s
  20. Get in touch! What APIs to combine? Hue +

    Google Calendar Google Maps + Foursquare Sonos + Dropbox + Github Almost any, actually
  21. Get in touch! What do we get from it?

    • As hackers we like to know what’s under the hood • Cross API • We can ‘discover’ hidden APIs. :) • It’s fun! • We can improve performance by aggregating multiple calls.
  22. Get in touch! Special Treat Primavera Sound Festival 2014

    fake apps on Google Play Store real iOS app with a twist
  23. Thank You and Happy Hacking! @apitools -