Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Designing mobile APIs
Search
Radoslav Stankov
November 30, 2013
Technology
3
190
Designing mobile APIs
Video:
https://www.youtube.com/watch?v=Y6LiPJV0EH4
Radoslav Stankov
November 30, 2013
Tweet
Share
More Decks by Radoslav Stankov
See All by Radoslav Stankov
The dream that turned into nightmare (lightning)
rstankov
0
10
Ruby on Rails - The Single Engineer Framework
rstankov
0
160
Living Without Exceptions
rstankov
1
120
One engineer company with Ruby on Rails
rstankov
2
560
Eliminating noise from your code
rstankov
0
37
Best JavaScript is No Javascript
rstankov
0
67
React Mid Game
rstankov
2
51
React Native for Better or Worst
rstankov
0
70
Component-Driven UI with ViewComponent Gem
rstankov
4
910
Other Decks in Technology
See All in Technology
コンテナ・K8s研修 - 前半 コンテナ基礎・ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
[NIKKEI Tech Talk]Bias for Action!! 実践から学ぶための仕組とコミュニティ / Community for Practice and Learning
kanamasa
0
280
[2024最新版]AWS Control Towerを使ったセキュアなマルチアカウント環境の作り方
hiashisan
0
270
年間一億円削減した時系列データベースのアーキテクチャ改善~不確実性の高いプロジェクトへの挑戦~
lycorptech_jp
PRO
3
2.9k
Github Actions 로 Android 팀의 효율성 극대화
hadonghyun
0
160
成長期に歩みを止めないための創業期の開発文化形成
mayah
6
420
ペパボのオブザーバビリティ研修2024 説明資料
kesompochy
0
1.1k
「単なる OAuth 2.0 を認証に使うと、車が通れるほどのどでかいセキュリティー・ホールができる」のか検証してみた
terara
0
380
AWSで”最小権限の原則”を実現するための考え方 /20240722-ssmjp-aws-least-privilege
opelab
10
4.4k
初中級者用如何使用backlog -VALE TUDOEDITION-
in0u
0
140
公共領域から学ぶ クラウド移行についてエンジニアが意識していること
kawakawa2222
0
140
エンジニアの生存戦略 〜クラウド潮流の経験から紐解く技術トレンドのメカニズムと乗りこなし方〜
shimy
9
1.9k
Featured
See All Featured
The Brand Is Dead. Long Live the Brand.
mthomps
52
36k
How GitHub Uses GitHub to Build GitHub
holman
471
290k
Done Done
chrislema
179
15k
Pencils Down: Stop Designing & Start Developing
hursman
118
11k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
24
1.8k
The Cult of Friendly URLs
andyhume
75
5.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
35
6.3k
The World Runs on Bad Software
bkeepers
PRO
63
11k
How to Ace a Technical Interview
jacobian
274
23k
The Straight Up "How To Draw Better" Workshop
denniskardys
229
130k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
34
1.9k
Creatively Recalculating Your Daily Design Routine
revolveconf
214
11k
Transcript
Radoslav Stankov BlagoevgradConf 2013 30/11/2013 Designing Mobile APIs
Radoslav Stankov @rstankov ! ! ! ! http://rstankov.com http://github.com/rstankov
None
I have a plan!
None
1.Versioning 2.Headers 3.Error responses 4.Authentication 5.REST Agenda
Mobile in numbers
None
Web App Mobile API
Mobile API
Example
1.Versioning 2.Headers 3.Error responses 4.Authentication 5.REST Agenda
1.Versioning! 2.Headers 3.Error responses 4.Authentication 5.REST Agenda
Versioning
http://fantasy-football.com/api/v1/team/1.json
http://fantasy-football.com/api/v1/team/1.json
https://fantasy-football.com/api/v1/team/1.json
https://fantasy-football.com/api/v1/team/1.json
https://fantasy-football.com/api/v1/team/1.json
https://mobile.fantasy-football.com/v1/team/1.json
https://mobile.fantasy-football.com/v1/team/1.json
https://mobile.fantasy-football.com/v1/team/1.json
Content-Types that are acceptable for the response. Accept Header
https://mobile.fantasy-football.com/v1/team/1.json
Accept: application/json https://mobile.fantasy-football.com/v1/team/1.json
Accept: application/json https://mobile.fantasy-football.com/v1/team/1
Accept: application/json https://mobile.fantasy-football.com/v1/team/1
Accept: application/vnd.football-team.com; version=1, application/json https://mobile.fantasy-football.com/v1/team/1
Accept: application/vnd.football-team.com; version=1, application/json https://mobile.fantasy-football.com/team/1
1.Versioning! 2.Headers 3.Error responses 4.Authentication 5.REST Agenda
1.Versioning 2.Headers! 3.Error responses 4.Authentication 5.REST Agenda
Headers
User-Agent User-Agent: iOS 7.1
Accept-Language Accept-Language: en
! • X-Api-Key • X-Push-Notification-Id • X-Checksum • …. Custom
! • X-Api-Key • X-Push-Notification-Id • X-Checksum • …. Custom
1.Versioning 2.Headers! 3.Error responses 4.Authentication 5.REST Agenda
1.Versioning 2.Headers 3.Error responses! 4.Authentication 5.REST Agenda
Error responses
HTTP Statuses Code Description 400 Bad Request 401 Unauthorized 402
Account Is Locked 404 Not Found 405 Method Not Allowed 422 Unprocessable Entity 426 To Many Requests 500 Internal Server Error
HTTP Statuses http://httpstatus.es/
Response Body { “message”: “Invalid api key” } GET https://mobile.fantasy-football.com/teams/1
422 - Unprocessable Entity { “errors”: { “name”: [“Already taken”],
“budget”: [“Must be more than 0”] } } POST https://mobile.fantasy-football.com/teams/
1.Versioning 2.Headers 3.Error responses! 4.Authentication 5.REST Agenda
1.Versioning 2.Headers 3.Error responses 4.Authentication! 5.REST Agenda
Authentication
WWW-Authentication > WWW-Authenticate: Basic realm=“Fantasy Football” ! < Authorization: Basic
QWxhZGRpbjpvcGVuIHNlc2FtZQ==
WWW-Authentication > WWW-Authenticate: Digest realm=“Fantasy Football", … ! < Authorization:
Digest username=“User", …
WWW-Authentication Authorization: Token token=“7C1100AD4A6D45A6B2E022B”
None
Public ~ vs ~ Private
OAuth ~ vs ~ Token
OAuth ~ vs ~ Token
Tokens Method URL Description POST /token Create new token (with
login credentials) DELETE /token Delete token HEAD /token Check if token is active PATCH /token Renew a token (if tokens can expire)
1.Versioning 2.Headers 3.Error responses 4.Authentication! 5.REST Agenda
1.Versioning 2.Headers 3.Error responses 4.Authentication 5.REST Agenda
REST
Teams Method URL Description GET /my/teams Returns all teams POST
/my/teams Create new team GET /my/teams/1 Return given team PATCH /my/teams/1 Update given team DELETE /my/teams/1 Delete given team
{ “id”: 1, “name”: “Real Blagoevgrad”, “players”: { /* players
*/ } } POST /my/teams Accept: application/vnd.fantasy-football.com; version=1,application/json Authentication: Token token=“0BD8AF0AAB86619” X-Api-Key: “7C1100AD4A6D45A6B2E022B”
{ “id”: 1, “name”: “Real Blagoevgrad”, “players”: { /* players
*/ } } GET /my/teams/1 Accept: application/vnd.fantasy-football.com; version=1,application/json Authentication: Token token=“0BD8AF0AAB86619” X-Api-Key: “7C1100AD4A6D45A6B2E022B”
{ “id”: 1, “name”: “Bayern Blagoevgrad”, “players”: { /* players
*/ } } PATCH /my/teams/1 Accept: application/vnd.fantasy-football.com; version=1,application/json Authentication: Token token=“0BD8AF0AAB86619” X-Api-Key: “7C1100AD4A6D45A6B2E022B”
GET /teams Accept: application/vnd.fantasy-football.com; version=1,application/json Authentication: Token token=“0BD8AF0AAB86619” X-Api-Key: “7C1100AD4A6D45A6B2E022B”
[{ “id”: 1, “name”: “Bayern Blagoevgrad”, “owner”: { /* owner */ }, “players”: { /* players */ }, }, { /* other team */ }]
Paging (1) X-Total: 10 X-Offset: 2 X-Offset: 3
Paging (2) Link: <https://fantasy-football.com/teams/?page=3>; rel="next", <https://fantasy-football.com/teams/?page=1>; rel=“previous”, <https://fantasy-football.com/teams/?page=1>; rel=“first”, <https://fantasy-football.com/teams/?page=100>;
rel=“last”
Paging (3) Link: <https://fantasy-football.com/teams/?after-id=1213>; rel="next"
1.Versioning 2.Headers 3.Error responses 4.Authentication 5.REST Agenda
Bonus
Mobile API ~ vs ~ Regular API
Syncing / Offline
Postman Chrome plugin
Good API example http://developer.github.com/v3/
Questions?
@rstankov Thank you :)