SlideShare a Scribd company logo

Building a scalable API with Grails

Tanausu Cerdeña, profile picture
Tanausu Cerdeña

The document discusses the creation of a scalable API using Grails for online services in mobile gaming, highlighting design decisions, architecture, and development experiences. It covers aspects such as API design principles, versioning strategies, authentication methods, and performance considerations. The presentation reflects on the challenges faced, including resource limitations and the need for efficient error handling and usage tracking.

Technology
1 of 40
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Building a scalable API with Grails Greach – 2013-01-26 Tanausú Cerdeña @chozero | @geosophers
What you can expect from this talk • A story of an API creation on Grails. • Decisions made and the reasons behind. • Pitfalls. • We’re learning as we go.
About me • Tanausú Cerdeña (@chozero) • Sysadmin background. • Grails user for two years. • Co-founder and CTO at Geosophic.
Let’s get some context first Online services for mobile games: • Gaming features: Leaderboards, player matching… • Data tracking: levels played, session duration… • Monetization: Performance ad serving.
Let’s get some context first Online services for mobile games: • Gaming features: Leaderboards, player matching… • Data tracking: levels played, session duration… • Monetization: Performance ad serving.
Why Grails? 1. Productivity. Geosophic started as an MVP. 2. Java experience on the team. 3. It’s fun to use! (+15% developer happiness).
Our development environment • Grails 2.1.1 / Groovy 1.8.8 • STS / vim. Trying to move to Intellij (thanks doomsday!!) • Deployed to AWS (Elastic Beanstalk). • Team of 3 developers: • 1 backend, 1 frontend, 1 mobile • Everyone touches everything.
Overview of architecture Android iOS SDK SDK HTTP API Dashboard (Grails) API Controllers Dashboard Controllers Services Domain Objects MySQL Redis
API Controllers • Lightweight: • Validate parameters • Call required services • Compose responses
API Controllers
API Design Top-down design: • URLs. • (HTTP) Methods (Fully REST compliant?) • Response format. • Versioning. • Authentication.
API Design: URL schema http://{baseURL}/{version}/{feature}/{item}/{action?} http://api.geosophic.com/v1/leaderboards/leaderboard/nearest http://api.geosophic.com/v1/leaderboards/score http://api.geosophic.com/v1/track/event
API Design: Versioning options In the URL path? http://my.api.com/v1/endpoint As a URL parameter? http://my.api.com/endpoint??v=1 Custom HTTP Header? Accept-Version: 1 Versioned media types? Accept: application/vnd.myapp-v1+json
API Design: Versioning options In the URL path? http://my.api.com/v1/endpoint As a URL parameter? http://my.api.com/endpoint??v=1 Custom HTTP Header? Accept-Version: 1 Versioned media types? Accept: application/vnd.myapp-v1+json
API Design: Versioning issues • Scarcity of resources to handle different versions. • Backwards compatibility? • Our first client deployed, a week later, we decided a change on the API. • Mobile clients (apps) don’t update that often.
HTTP methods Our API model doesn’t match perfectly with a CRUD model so no fully REST API. • GET: Retrieving info. • Get a leaderboard • POST: Submitting info. • Send a score. • Submit an event.
API Design: URL mappings
API Design: Response format Only JSON. No XML { meta: { apiVersion: “1.0.1”, code: 400, errorType: “User id required”, msgs: [] }, response: { // Content depends on endpoint }, notifications: { // Future use } }
API Design: Response format
Rendering response render as JSON: • We have a mix of domain classes and other objects to render. • Write custom JSON Marshaller for some classes. • Register them at BootStrap.groovy.
Rendering JSON response
Rendering JSON response
DRY in our API Controllers We have some common code for all our API endpoints: • Authentication. • API usage tracking. • Common parameters validation.
@Mixin: ApiController
@Mixin: ApiController
@Mixin: ApiController Also includes some helper methods:
@Mixin: Issues • Class reloading when in development
API Design: Authentication • (consumer key, consumer secret) per client. • Consumer key used to identify the client (sent as a URL parameter). • Consumer secret to sign the request. • This is (sort of) 2-legged Oauth.
API Design: Authentication • Some plugins implementing clients, but no suitable (for us) server implementation (maybe we didn’t look deep enough?). • Better to use SpringSecurity and customize? • We are feeling more confident and want to contribute this.
API Design: Handling errors • 400 handled by each Controller • 500 handled by ErrorController (mapped in UrlMappings.groovy)
API Design: Handling errors
Measuring API usage • In ApiController beforeInterceptor • Fire and forget (runAsync in the service) • Now to MySQL, moving to Redis
Measuring API usage
Testing • Test Api Controllers as any other controller • All bussiness logic in Services • Remember to include the Mixin:
Testing
Performance considerations • No GSPs but JSON so quite fast. • Asynchronous tracking helps. • Difficult to cache (except for leaderboards). We cache in the service.
Some performance figures • 1 EC2 small instance(1.7GB RAM) • API + Services + Dashboard • 90K users, 7K daily active. • Throughput: ~ 75 rpm (peaks of 200) • Server response time: ~ 160 ms average • Performance tests: up to 450 rpm
Bottlenecks • Database: MySQL • Redis for most read data: • Gaming features (leaderboards) • Evaluating metrics storage: • Redis • Cube (from Square)
Next steps • Improve the API usage tracking. • Spock. • See what we can contribute (Auth? API usage?) • Looking for a nice log viewer solution
¡Thanks! ¿Questions and/or suggestions?

More Related Content

PDF
Building Awesome APIs in Grails
clatimer
 
PDF
Creating RESTful API’s with Grails and Spring Security
Alvaro Sanchez-Mariscal
 
PDF
Exposing Salesforce REST Services Using Swagger
Salesforce Developers
 
PPT
API 101 - Understanding APIs
3scale
 
PDF
Getting Started With Angular
Stormpath
 
PPTX
An introduction to the API for OnTime for IBM
ontimesuite
 
PDF
API Prefetching - HTML5DevConf - Oct. 21, 2014
JonAbrams
 
PPTX
A Tasty deep-dive into Open API Specification Links
Tony Tam
 
Building Awesome APIs in Grails
clatimer
 
Creating RESTful API’s with Grails and Spring Security
Alvaro Sanchez-Mariscal
 
Exposing Salesforce REST Services Using Swagger
Salesforce Developers
 
API 101 - Understanding APIs
3scale
 
Getting Started With Angular
Stormpath
 
An introduction to the API for OnTime for IBM
ontimesuite
 
API Prefetching - HTML5DevConf - Oct. 21, 2014
JonAbrams
 
A Tasty deep-dive into Open API Specification Links
Tony Tam
 

What's hot (20)

PDF
API for Beginners
Gustavo De Vita
 
PPTX
Secure rest api on microservices vws2016
Quý Nguyễn Minh
 
PDF
Declaring Server App Components in Pure Java
Atlassian
 
PDF
Why your next serverless project should use AWS AppSync
Yan Cui
 
PPTX
Building a REST Service in minutes with Spring Boot
Omri Spector
 
PDF
Meet the Forge Runtime
Atlassian
 
PDF
Building a Cerberus App Without Losing Our Heads: The Passage to a Cross-Plat...
Atlassian
 
PPTX
Scaling with swagger
Tony Tam
 
PDF
Coding 100-session-slides
Cisco DevNet
 
PPTX
Amazon API Gateway
Mark Bate
 
PDF
"Design First" APIs with Swagger
scolestock
 
PDF
In The Trenches With Tomster, Upgrading Ember.js & Ember Data
Stacy London
 
PDF
Amazon API Gateway を活用したゲームサーバー構築
崇之 清水
 
KEY
Birdpie
anupnarkhede
 
PDF
Observability and Troubleshooting in Forge
Atlassian
 
PDF
Lightning Chess at the Sri Sanka Salesforce Developer Group
Samuel De Rycke
 
PDF
Integrating consumers IoT devices into Business Workflow
Yakov Fain
 
PPTX
Raml part 1
venkata20k
 
PPTX
Chef Actions: Delightful near real-time activity tracking!
James Casey
 
PDF
Designing and Running a GraphQL API
Atlassian
 
API for Beginners
Gustavo De Vita
 
Secure rest api on microservices vws2016
Quý Nguyễn Minh
 
Declaring Server App Components in Pure Java
Atlassian
 
Why your next serverless project should use AWS AppSync
Yan Cui
 
Building a REST Service in minutes with Spring Boot
Omri Spector
 
Meet the Forge Runtime
Atlassian
 
Building a Cerberus App Without Losing Our Heads: The Passage to a Cross-Plat...
Atlassian
 
Scaling with swagger
Tony Tam
 
Coding 100-session-slides
Cisco DevNet
 
Amazon API Gateway
Mark Bate
 
"Design First" APIs with Swagger
scolestock
 
In The Trenches With Tomster, Upgrading Ember.js & Ember Data
Stacy London
 
Amazon API Gateway を活用したゲームサーバー構築
崇之 清水
 
Birdpie
anupnarkhede
 
Observability and Troubleshooting in Forge
Atlassian
 
Lightning Chess at the Sri Sanka Salesforce Developer Group
Samuel De Rycke
 
Integrating consumers IoT devices into Business Workflow
Yakov Fain
 
Raml part 1
venkata20k
 
Chef Actions: Delightful near real-time activity tracking!
James Casey
 
Designing and Running a GraphQL API
Atlassian
 
Ad

Similar to Building a scalable API with Grails (20)

PPTX
Cloudsolutionday 2016: Getting Started with Severless Architecture
AWS Vietnam Community
 
PDF
Services Over Servers - Innovate VA 2016
SingleStonecx
 
PDF
AngularJSTO presentation
Alan Hietala
 
PDF
REST APIs
Arthur De Magalhaes
 
PPTX
AWS and Serverless with Alexa
Rory Preddy
 
PPTX
Angular2.0@Shanghai0319
Bibby Chung
 
PDF
GlueCon 2015 - How REST APIs can glue all types of devices together
Restlet
 
PDF
Design & Deploy a data-driven Web API in 2 hours
Restlet
 
PPTX
MongoDB World 2018: Ch-Ch-Ch-Ch-Changes: Taking Your Stitch Application to th...
MongoDB
 
PPTX
API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...
Joe Levy
 
PPTX
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays
 
PDF
A look ahead at RAP (ESE 2010)
Ralf Sternberg
 
PDF
API workshop by AWS and 3scale
3scale
 
PPTX
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
PDF
API Design Workflows
Jakub Nesetril
 
PPTX
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup
 
PDF
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
PDF
SGCE 2015 REST APIs
Domingo Suarez Torres
 
PDF
APIs distribuidos con alta escalabilidad
Software Guru
 
PPTX
API Services: Building State-of-the-Art APIs
Apigee | Google Cloud
 
Cloudsolutionday 2016: Getting Started with Severless Architecture
AWS Vietnam Community
 
Services Over Servers - Innovate VA 2016
SingleStonecx
 
AngularJSTO presentation
Alan Hietala
 
REST APIs
Arthur De Magalhaes
 
AWS and Serverless with Alexa
Rory Preddy
 
Angular2.0@Shanghai0319
Bibby Chung
 
GlueCon 2015 - How REST APIs can glue all types of devices together
Restlet
 
Design & Deploy a data-driven Web API in 2 hours
Restlet
 
MongoDB World 2018: Ch-Ch-Ch-Ch-Changes: Taking Your Stitch Application to th...
MongoDB
 
API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...
Joe Levy
 
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays
 
A look ahead at RAP (ESE 2010)
Ralf Sternberg
 
API workshop by AWS and 3scale
3scale
 
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
API Design Workflows
Jakub Nesetril
 
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup
 
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
SGCE 2015 REST APIs
Domingo Suarez Torres
 
APIs distribuidos con alta escalabilidad
Software Guru
 
API Services: Building State-of-the-Art APIs
Apigee | Google Cloud
 
Ad

Recently uploaded (20)

PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
KodekX | Application Modernization Development
KodekX
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Approach and Philosophy of On baking technology
30anthuong17
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

Building a scalable API with Grails

  • 1. Building a scalable API with Grails Greach – 2013-01-26 Tanausú Cerdeña @chozero | @geosophers
  • 2. What you can expect from this talk • A story of an API creation on Grails. • Decisions made and the reasons behind. • Pitfalls. • We’re learning as we go.
  • 3. About me • Tanausú Cerdeña (@chozero) • Sysadmin background. • Grails user for two years. • Co-founder and CTO at Geosophic.
  • 4. Let’s get some context first Online services for mobile games: • Gaming features: Leaderboards, player matching… • Data tracking: levels played, session duration… • Monetization: Performance ad serving.
  • 5. Let’s get some context first Online services for mobile games: • Gaming features: Leaderboards, player matching… • Data tracking: levels played, session duration… • Monetization: Performance ad serving.
  • 6. Why Grails? 1. Productivity. Geosophic started as an MVP. 2. Java experience on the team. 3. It’s fun to use! (+15% developer happiness).
  • 7. Our development environment • Grails 2.1.1 / Groovy 1.8.8 • STS / vim. Trying to move to Intellij (thanks doomsday!!) • Deployed to AWS (Elastic Beanstalk). • Team of 3 developers: • 1 backend, 1 frontend, 1 mobile • Everyone touches everything.
  • 8. Overview of architecture Android iOS SDK SDK HTTP API Dashboard (Grails) API Controllers Dashboard Controllers Services Domain Objects MySQL Redis
  • 9. API Controllers • Lightweight: • Validate parameters • Call required services • Compose responses
  • 11. API Design Top-down design: • URLs. • (HTTP) Methods (Fully REST compliant?) • Response format. • Versioning. • Authentication.
  • 12. API Design: URL schema http://{baseURL}/{version}/{feature}/{item}/{action?} http://api.geosophic.com/v1/leaderboards/leaderboard/nearest http://api.geosophic.com/v1/leaderboards/score http://api.geosophic.com/v1/track/event
  • 13. API Design: Versioning options In the URL path? http://my.api.com/v1/endpoint As a URL parameter? http://my.api.com/endpoint??v=1 Custom HTTP Header? Accept-Version: 1 Versioned media types? Accept: application/vnd.myapp-v1+json
  • 14. API Design: Versioning options In the URL path? http://my.api.com/v1/endpoint As a URL parameter? http://my.api.com/endpoint??v=1 Custom HTTP Header? Accept-Version: 1 Versioned media types? Accept: application/vnd.myapp-v1+json
  • 15. API Design: Versioning issues • Scarcity of resources to handle different versions. • Backwards compatibility? • Our first client deployed, a week later, we decided a change on the API. • Mobile clients (apps) don’t update that often.
  • 16. HTTP methods Our API model doesn’t match perfectly with a CRUD model so no fully REST API. • GET: Retrieving info. • Get a leaderboard • POST: Submitting info. • Send a score. • Submit an event.
  • 17. API Design: URL mappings
  • 18. API Design: Response format Only JSON. No XML { meta: { apiVersion: “1.0.1”, code: 400, errorType: “User id required”, msgs: [] }, response: { // Content depends on endpoint }, notifications: { // Future use } }
  • 20. Rendering response render as JSON: • We have a mix of domain classes and other objects to render. • Write custom JSON Marshaller for some classes. • Register them at BootStrap.groovy.
  • 23. DRY in our API Controllers We have some common code for all our API endpoints: • Authentication. • API usage tracking. • Common parameters validation.
  • 26. @Mixin: ApiController Also includes some helper methods:
  • 27. @Mixin: Issues • Class reloading when in development
  • 28. API Design: Authentication • (consumer key, consumer secret) per client. • Consumer key used to identify the client (sent as a URL parameter). • Consumer secret to sign the request. • This is (sort of) 2-legged Oauth.
  • 29. API Design: Authentication • Some plugins implementing clients, but no suitable (for us) server implementation (maybe we didn’t look deep enough?). • Better to use SpringSecurity and customize? • We are feeling more confident and want to contribute this.
  • 30. API Design: Handling errors • 400 handled by each Controller • 500 handled by ErrorController (mapped in UrlMappings.groovy)
  • 32. Measuring API usage • In ApiController beforeInterceptor • Fire and forget (runAsync in the service) • Now to MySQL, moving to Redis
  • 34. Testing • Test Api Controllers as any other controller • All bussiness logic in Services • Remember to include the Mixin:
  • 36. Performance considerations • No GSPs but JSON so quite fast. • Asynchronous tracking helps. • Difficult to cache (except for leaderboards). We cache in the service.
  • 37. Some performance figures • 1 EC2 small instance(1.7GB RAM) • API + Services + Dashboard • 90K users, 7K daily active. • Throughput: ~ 75 rpm (peaks of 200) • Server response time: ~ 160 ms average • Performance tests: up to 450 rpm
  • 38. Bottlenecks • Database: MySQL • Redis for most read data: • Gaming features (leaderboards) • Evaluating metrics storage: • Redis • Cube (from Square)
  • 39. Next steps • Improve the API usage tracking. • Spock. • See what we can contribute (Auth? API usage?) • Looking for a nice log viewer solution