Reverse Engineering APIs - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Reverse Engineering APIs Raimon Grau & Michal Cichra 3scale

Slide 2

Slide 2 text

Inspecting APIs github.com/kidd & github.com/mikz 3scale

Slide 3

Slide 3 text

Debugging APIs [email protected] & [email protected] 3scale

Slide 4

Slide 4 text

APIs Everywhere

Slide 5

Slide 5 text

Get in touch! [email protected] Cases of study ● ‘Hidden’ API: Sonos ● Combining APIs: Bicing on steroids

Slide 6

Slide 6 text

Get in touch! [email protected] Sonos

Slide 7

Slide 7 text

Get in touch! [email protected] Sonos

Slide 8

Slide 8 text

Get in touch! [email protected] Sonos

Slide 9

Slide 9 text

Get in touch! [email protected] Sonos

Slide 10

Slide 10 text

Get in touch! [email protected] Sonos

Slide 11

Slide 11 text

Demotime!

Slide 12

Slide 12 text

Yay! :) or nay :(

Slide 13

Slide 13 text

Get in touch! [email protected] What else you could do? ● Transfer song from Spotify to the Sonos ● Backup playlists ● Stream the music to remote locations ● Vote the songs added to the queue

Slide 14

Slide 14 text

Get in touch! [email protected] Case 2: Api aggregation Bicing + Google Maps Source: Carlos Mejía Greene https://www.flickr.com/photos/carlitos/3101121106/ CC BY-NC-SA 2.0

Slide 15

Slide 15 text

Get in touch! [email protected] Improvements ● Reduce transfer size ● Reduce roundtrips ● Improve accuracy by getting info from multiple sources ● Improve API interface

Slide 16

Slide 16 text

Get in touch! [email protected] Api Aggregation Mobile app Middleware Web APIs requests responses

Slide 17

Slide 17 text

Get in touch! [email protected] Api Aggregation Mobile app Middleware Web APIs requests responses http://techblog.netflix.com/2013/01/optimizing-netflix-api.html

Slide 18

Slide 18 text

Demotime!

Slide 19

Slide 19 text

Get in touch! [email protected] How we improved? Size Savings Response time Original XML 131k ~0.7s JSON 80k 39% ~0.7s JSON with distances 91k 30% ~0.7s nearest 10 5k 96% ~0.8s

Slide 20

Slide 20 text

Get in touch! [email protected] What APIs to combine? Hue + Google Calendar Google Maps + Foursquare Sonos + Last.fm Dropbox + Github Almost any, actually

Slide 21

Slide 21 text

Get in touch! [email protected] What do we get from it? ● As hackers we like to know what’s under the hood ● Cross API ● We can ‘discover’ hidden APIs. :) ● It’s fun! ● We can improve performance by aggregating multiple calls.

Slide 22

Slide 22 text

Get in touch! [email protected] Special Treat Primavera Sound Festival 2014 fake apps on Google Play Store real iOS app with a twist

Slide 23

Slide 23 text

Thank You and Happy Hacking! www.apitools.com @apitools - [email protected] [email protected] / [email protected]