SlideShare a Scribd company logo

Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009

A
Aduci

The document discusses the integration of web services and APIs in mobile applications, highlighting challenges such as bandwidth limitations, security, and data persistence. It outlines best practices for mobile application development, including efficient data handling, authentication methods, and using proxy servers to optimize API calls. Additionally, the document provides resources for further learning about web services and XML parsing techniques.

TechnologyBusiness
1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Incorporating Web Services in Mobile Applications April 3, 2009 – San Francisco Chuck Hudson Aduci.com – Web and Mobile Apps
Disclaimer Web services and APIs of third parties referenced in this presentation are owned by the third parties and governed by their agreements. Before using any of the APIs or code referenced in this presentation review the terms of use by the third party providing the API. These slides are available under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License. You can blog, photograph, and share this information with others. Trademarks and brands are the property of their respective owners.
Introduction - Convergence Available APIs are growing daily Currently 1229 (and growing) APIs registered at Programmable Web Shifts in Consumer Expectations Consumers now expect mobile devices to be connected to Internet Sites and Services Platform Development becoming easier and more standardized iPhone SDK – Greater than 50,000 registered developers Android – 5% of smart phone web usage in just three months 1 Seeing extension of enterprise applications to mobile devices Salesforce.com 1 Techcrunch, March 24, 2009, Erick Schonfeld
Introduction Many Web Services and APIs were originally developed with server to server or server to browser in mind, not mobile applications Mobile platforms have their own set of challenges given: Bandwidth Memory and CPU Availability Storage Capacity Connectivity Options and Issues Security User Interaction and Display Web Service
Mobile Integration Challenges
API Developer Programs Is mobile access allowed? Other considerations: Call Limitations (# per second, total per hour/day, pricing above) Caching and Storage of Data Persistence of Data – Length of time stored Freshness of Data – Length of time before refreshing
Persistence Limitations Refreshing Requirements Caching and Storage Limits
Certification of your Mobile Application Some API sets require certification on top of distributor certification Determine Costs / Timeframe / Effort given a mobile app Prepare for testing – typically looking for error handling, API abuse Certification is a positive! Credibility, validation, marketing Keeps the neighborhood safe Application Verification
Mobile Techniques
Authentication vs. Authorization The Difference Authentication from the API provider – API Key Authorization from the user – authToken Session Key By providing combination of API Key and authToken can then receive the session key What is the shelf life of the session key Authorization will commonly affect user’s experience on mobile eBay authentication and authorization screens
Last.fm - Sample Flow http://www.lastfm.com/api/mobileauth Get an API key Request auth – auth.getMobileSession Inputs: username authToken (md5(username + md5(password))) api_key api_sig Returns session key Make API call with sk (session key) Note: Try to keep credentials in one area to facilitate later changes
Last.fm auth.getmobilesession auth.getmobilesession Result with new session key http://ws.audioscrobbler.com/2.0/?method=auth.getmobilesession&api_key=be8c2…&username=chudsonfm&authToken=4eb71…&api_sig=e93fb… <lfm status=&quot;ok”> <session> <name>chudsonfm</name> <key>142c0085138a4b72d1782215b1da770a</key> <subscriber>0</subscriber> </session> </lfm> username (Required) : The last.fm username. authToken (Required) : A 32-byte ASCII hexadecimal MD5 hash of the user's Last.fm credentials. api_key (Required) : A Last.fm API key. api_sig (Required) : A Last.fm method signature.
Last.fm – Call Execution Now we can make the call with our sk (session key) – user.getinfo Response http://ws.audioscrobbler.com/2.0/?method=user.getinfo&api_key=be8c2…&sk=142c0…&api_sig=ccbd1…cc9dd <lfm status=&quot;ok”> <user> <id>17317105</id> <name>chudsonfm</name> <realname/> <url>http://www.last.fm/user/chudsonfm</url> <image/> <lang>en</lang> <country/> <age/> <gender>n</gender> <subscriber>0</subscriber> <playcount>0</playcount> <playlists>0</playlists> </user> </lfm> sk (Required) : The session key returned by auth.getMobileSession service. api_key (Required) : Your 32-character API key. api_sig (Required) : Your API method signature
Speed Traps Could be on wifi, 3G or 1G based signal and bandwidth Segment functionality / calls to prevent issues Standard Apple test for approval is bandwidth usage when on cell network Polling Create subset of calls and functionality when on slower bandwidth Use notifications if possible Modify polling interval based on need Recovery from intermittent or lost connections Test the use of APIs via public vendor API test tools on various bandwidths
Large Data Set Handling Decreasing returns for XML with large data sets and repetitive XML sections Even more the case with mobile devices given: Communication challenges Memory and processing limitations Minimize large data sets: Use Just-in-Time (JIT) methodology Ask for only those elements that you require Ask for only those items that you require Store what you can locally instead of requesting the same data
Response Processing Leverage Stream Parsing for mobile environments Provides low memory overhead But, requires more heavy lifting iPhone SDK based on stream parsing – NSXMLParser class Android has Xstream as the streaming parser
iPhone Parsing NSXMLParser delegate methods 5 key methods Parser:didStartElement: Parser:foundCharacters: Parser:didEndElement: Parser:didEndDocument: Parser:parseErrorOccurred: Method Purpose parser:didStartElement: Start of element tag occurred with attributes parser:foundCharacters: Element data located which may be all or some parser:didEndElement: End of element tag located parser:didEndDocument: End of XML document occurred parser:parseErrorOccurred: Unrecoverable parsing error occurred
Typical didStartElement, foundCharacters, and didEndElement
Parsing In long parsing streams provide feedback when available Example: Control4 My House Home control from your iTouch/iPhone During initial project load describes the sections being processed Stores those items that will not change including house devices But when providing current data, requests from server current state Blends stored information with real time status information to provide display
Filtering Types of Request Filtering Selection criteria for narrowing data set returned In general determine how efficient are the calls – reduce data waste How much extra data, streaming, parsing is happening to access the data you use? How much data is being dropped on the floor? <?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?> <FindItemsAdvancedRequest xmlns=&quot;urn:ebay:apis:eBLBaseComponents&quot;> <!-- Standard Input Fields --> <MessageID> string </MessageID> <!-- Call-specific Input Fields --> <BidCountMax> int </BidCountMax> <BidCountMin> int </BidCountMin> <CategoryHistogramMaxChildren> int </CategoryHistogramMaxChildren> <CategoryHistogramMaxParents> int </CategoryHistogramMaxParents> <CategoryID> string </CategoryID> <CharityID> int </CharityID> <Condition> ItemConditionCodeType </Condition> <Currency> CurrencyCodeType </Currency> … <ShippingLocation> CountryCodeType </ShippingLocation> <ShippingPostalCode> string </ShippingPostalCode> <SortOrder> SortOrderCodeType </SortOrder> <StoreName> string </StoreName> <StoreSearch> StoreSearchCodeType </StoreSearch> </FindItemsAdvancedRequest>
Paging Provide paging functionality to users Not all calls have paging available Inform user of current location in set, easy access to next and previous if applicable Cache key information depending on The user flow (detail page from results page) The aging of the information (when does it expire)
Page Requests Specify the page that you are requesting <PageNumber> How many items are on a page Set the number of entries per page returned <MaxEntries> http://developer.ebay.com/products/overview/
List Paging Example Must cache of course the current page Remember though the total pages can change dynamically so check total pages after subsequent requests <TotalItems> int </TotalItems> <TotalPages> int </TotalPages>
Display Caching of information for future retrieval and navigation Be careful of data aging depending on what is being shown Execute web service parsing and display in background when possible to prevent UI blocking example – eBay item description and images When parsing large data blocks, progress indications can be provided from element name (sections of the XML) Synchronous versus Asynchronous calls Use JIT and Information on Demand to maximize small layouts and minimize web service calls
Caching Options To minimize API round trips leverage caching and storage Cache in memory Cache in onboard light weight database or file Off device persistence
Expanding Your Options
Blending Multiple Results What if you have to: Blend results from multiple calls in the same API Blend results from multiple API sources This could take the form of: Extra item information on top of item details call Note this is simplified so does not show authentication and authorization checking, encoding, or the like. API Service Mobile View Trigger Request 1 Mobile App Request 2 Result 1 Fulfill Fulfill Result 2 Blend Outlet
Blending Multiple Services Multiple Services Dependent on multiple services Example: Weather request from additional WS based on zip code returned by latitude and longitude from a geoposition service API Service 1 Mobile View Trigger Request 1 Mobile App Request 2 Result 1 Fulfill Result 2 Blend Outlet API Service 2 Fulfill
Proxy Server Solution Provides layer of abstraction to consolidate or manage web services Proxy Server retrieves data on demand or on scheduled basis Allows for single consolidated call from the mobile device Processes data and returns subset or stores data for retrieval later Can also reduce API calls by caching similar results across user Allows for extending business logic layer
Proxy Flow Provides for single round trip for mobile application Provides easy maintenance of web services business logic layer Easily modify Business logic API credentials Proxy Server Mobile View Trigger Request Mobile App Request Result Result Outlet API Services Fulfill Fulfill Request Result
Proxy Landscape Web Service Web Service Proxy Server
Designing your WS/API Destiny
Creating Web Services Try to serve lowest common device Balance flexibility with overhead in calls: Filtering of criteria and paging of data functionality Split out high traffic calls versus critical requests Easy but secure authentication and authorization for both the consumer and application Benefit for mobile consumers, application programmers and web service providers Decreased round trips Increased efficiency of calls and applications Better use of call volume restrictions User experience improves
Wrap Up Provide user preference options that translate into better tuned API calls - number of items to show on a page as an example This will translate to data efficiency, fewer callers and greater use of data retrieved Minimize the number of trips, combine in single calls when possible Leverage caching and data storage when allowed Balance data granularity with length of returns for parsing Final thought to ponder The mobile device that is typically serving as a web service client could in the now or future be a web service provider…
Thank you Chuck Hudson [email_address] aduci
Appendix A - Resources API / Web Service Online Catalogues Programmable Web www.programmableweb.com/api Web Service List www.webservicelist.com
Appendix B – Code Resources iPhone URL Connections http://developer.apple.com/documentation/Cocoa/Conceptual/URLLoadingSystem/Tasks/UsingNSURLConnection.html iPhone Rest Wrapper ihttp://github.com/akosma/iphonerestwrapper/tree/master iPhone XML Parsing – Cocoa Stream Parser http://developer.apple.com/documentation/Cocoa/Conceptual/XMLParsing/XMLParsing.html SOAP with iPhone examples http://icodeblog.com/2008/11/03/iphone-programming-tutorial-intro-to-soap-web-services/ http://developer.omniture.com/node/321 Façade Server landscape – O’REILLY – Windows platform http://www.ondotnet.com/pub/a/dotnet/2004/02/23/mobilewebserviceapps.html Connecting to Web Services – Sean Sullivan http://www.slideshare.net/sullis/connecting-to-web-services-on-android W3C – Mobile Web Application Best Practices http://www.w3.org/TR/2008/WD-mwabp-20081222/
Appendix C - Efficient XML Interchange (EXI) W3C Working Draft 19 September 2008 - http://www.w3.org/TR/2008/WD-exi-20080919/ “ EXI is a very compact representation for the Extensible Markup Language (XML) Information Set that is intended to simultaneously optimize performance and the utilization of computational resources.” Components of XML Complexity 1. size 2. total number of elements 3. number of unique elements 4. tree-height (nesting) 5. number of unique external references 6. total number of attributes 7. number of unique attributes 8. regularity, or &quot;self-similarity&quot;
Facebook Notice the session key expiration http://wiki.developers.facebook.com/index.php/Authorizing_Applications Oauth MPOAuthMobile – compiled in project library - Karl Adam http://code.google.com/p/mpoauthconnection/wiki/MPOAuthMobile Appendix D - Other Auth Examples

More Related Content

PDF
Connecting to Web Services on Android
sullis
 
PPTX
Android and REST
Roman Woźniak
 
PDF
RESTful Web Services
Christopher Bartling
 
PDF
The never-ending REST API design debate
Restlet
 
PDF
Building an API Security Ecosystem
Prabath Siriwardena
 
PPTX
REST API Design for JAX-RS And Jersey
Stormpath
 
PPT
Internet Explorer 8 for Developers by Christian Thilmany
Christian Thilmany
 
PPT
External Data Access with jQuery
Doncho Minkov
 
Connecting to Web Services on Android
sullis
 
Android and REST
Roman Woźniak
 
RESTful Web Services
Christopher Bartling
 
The never-ending REST API design debate
Restlet
 
Building an API Security Ecosystem
Prabath Siriwardena
 
REST API Design for JAX-RS And Jersey
Stormpath
 
Internet Explorer 8 for Developers by Christian Thilmany
Christian Thilmany
 
External Data Access with jQuery
Doncho Minkov
 

What's hot (17)

PDF
How to make Ajax work for you
Simon Willison
 
PDF
Understanding and testing restful web services
mwinteringham
 
PDF
Ruby HTTP clients comparison
Hiroshi Nakamura
 
PPTX
Build a Node.js Client for Your REST+JSON API
Stormpath
 
PPTX
Secure RESTful API Automation With JavaScript
Jonathan LeBlanc
 
PDF
Secure Web Services
Rob Daigneau
 
PPT
腾讯大讲堂09 如何建设高性能网站
areyouok
 
PPTX
Implementation advantages of rest
Balamurugan Easwaran
 
PDF
Best Practices in Web Service Design
Lorna Mitchell
 
PDF
Testing REST Web Services
Jan Algermissen
 
PPT
Understanding REST
Nitin Pande
 
PPTX
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
PPTX
HTTPS and HTTP/2
MatthewWalker9
 
PPTX
High Performance Websites
Parham
 
PPTX
Demystifying REST
Kirsten Hunter
 
PPTX
Building WebSocket and Server Side Events Applications using Atmosphere
jfarcand
 
PDF
Using OAuth with PHP
David Ingram
 
How to make Ajax work for you
Simon Willison
 
Understanding and testing restful web services
mwinteringham
 
Ruby HTTP clients comparison
Hiroshi Nakamura
 
Build a Node.js Client for Your REST+JSON API
Stormpath
 
Secure RESTful API Automation With JavaScript
Jonathan LeBlanc
 
Secure Web Services
Rob Daigneau
 
腾讯大讲堂09 如何建设高性能网站
areyouok
 
Implementation advantages of rest
Balamurugan Easwaran
 
Best Practices in Web Service Design
Lorna Mitchell
 
Testing REST Web Services
Jan Algermissen
 
Understanding REST
Nitin Pande
 
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
HTTPS and HTTP/2
MatthewWalker9
 
High Performance Websites
Parham
 
Demystifying REST
Kirsten Hunter
 
Building WebSocket and Server Side Events Applications using Atmosphere
jfarcand
 
Using OAuth with PHP
David Ingram
 
Ad

Viewers also liked (13)

PDF
OnConnectionLost: The life of an offline web application - JSUnconf 2015
Johannes Thönes
 
PPTX
Updated: NW.js - Desktop Apps with Javascript
Ralf Schwoebel
 
PDF
HTML5: friend or foe (to Flash)?
Remy Sharp
 
PPTX
From JavaEE to Android: Way in one click?
Sergii Zhuk
 
PPTX
Anatomy of mobile App development
Ralf Schwoebel
 
PDF
Offline Strategies for HTML5 Web Applications - oscon13
Stephan Hochdörfer
 
PPT
HTML5 Offline Web Application
Allan Huang
 
PDF
Offline strategies for HTML5 web applications - frOSCon8
Stephan Hochdörfer
 
PDF
Online / Offline
Peter Rozek
 
PDF
HTML5 Offline Web Applications (Silicon Valley User Group)
robinzimmermann
 
PPTX
HTML5 AppCache: The Manifest
Ralf Schwoebel
 
PDF
Anatomy of an HTML 5 mobile web app
Ivano Malavolta
 
PPTX
Html5 Offline Applications
Sunny Sharma
 
OnConnectionLost: The life of an offline web application - JSUnconf 2015
Johannes Thönes
 
Updated: NW.js - Desktop Apps with Javascript
Ralf Schwoebel
 
HTML5: friend or foe (to Flash)?
Remy Sharp
 
From JavaEE to Android: Way in one click?
Sergii Zhuk
 
Anatomy of mobile App development
Ralf Schwoebel
 
Offline Strategies for HTML5 Web Applications - oscon13
Stephan Hochdörfer
 
HTML5 Offline Web Application
Allan Huang
 
Offline strategies for HTML5 web applications - frOSCon8
Stephan Hochdörfer
 
Online / Offline
Peter Rozek
 
HTML5 Offline Web Applications (Silicon Valley User Group)
robinzimmermann
 
HTML5 AppCache: The Manifest
Ralf Schwoebel
 
Anatomy of an HTML 5 mobile web app
Ivano Malavolta
 
Html5 Offline Applications
Sunny Sharma
 
Ad

Similar to Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009 (20)

PPT
What's New with Windows Phone - FoxCon Talk
Sam Basu
 
PPT
Web services - REST and SOAP
Compare Infobase Limited
 
PPT
Fanug - Pragmatic Windows Phone Developer
Sam Basu
 
PPT
Google cloud platform
rajdeep
 
PDF
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
WebExpo
 
PDF
- Webexpo 2010
Petr Dvorak
 
PPT
Azure & WP7 at GRDevDay
Sam Basu
 
PPT
Software Development Trends 2010-2011
Charalampos Arapidis
 
PPT
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
guest517f2f
 
PPT
Let's Peel Mangos
Sam Basu
 
PPT
Lecture1
Châu Thanh Chương
 
PPT
Mobility & Data Strategies
Sam Basu
 
PPT
Thadomal IEEE-HTML5-Workshop
Romin Irani
 
PPT
Moving To SaaS
Alistair Croll
 
PPTX
Lightning Component - Components, Actions and Events
Durgesh Dhoot
 
ODP
Android Pro Tips - IO 13 reloaded Event
Ran Nachmany
 
PPTX
Electronic Commerce Basic concept and Security
CHITHRA D
 
PDF
HTTP Basics Demo
InMobi Technology
 
PPT
Migrating JavaME Apps to Android
Motorola Mobility - MOTODEV
 
PPTX
Software performance testing_overview
Rohan Bhattarai
 
What's New with Windows Phone - FoxCon Talk
Sam Basu
 
Web services - REST and SOAP
Compare Infobase Limited
 
Fanug - Pragmatic Windows Phone Developer
Sam Basu
 
Google cloud platform
rajdeep
 
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
WebExpo
 
- Webexpo 2010
Petr Dvorak
 
Azure & WP7 at GRDevDay
Sam Basu
 
Software Development Trends 2010-2011
Charalampos Arapidis
 
Living in the Cloud: Hosting Data & Apps Using the Google Infrastructure
guest517f2f
 
Let's Peel Mangos
Sam Basu
 
Lecture1
Châu Thanh Chương
 
Mobility & Data Strategies
Sam Basu
 
Thadomal IEEE-HTML5-Workshop
Romin Irani
 
Moving To SaaS
Alistair Croll
 
Lightning Component - Components, Actions and Events
Durgesh Dhoot
 
Android Pro Tips - IO 13 reloaded Event
Ran Nachmany
 
Electronic Commerce Basic concept and Security
CHITHRA D
 
HTTP Basics Demo
InMobi Technology
 
Migrating JavaME Apps to Android
Motorola Mobility - MOTODEV
 
Software performance testing_overview
Rohan Bhattarai
 

Recently uploaded (20)

PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
KodekX | Application Modernization Development
KodekX
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Encapsulation theory and applications.pdf
gurumoop
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Approach and Philosophy of On baking technology
30anthuong17
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009

  • 1. Incorporating Web Services in Mobile Applications April 3, 2009 – San Francisco Chuck Hudson Aduci.com – Web and Mobile Apps
  • 2. Disclaimer Web services and APIs of third parties referenced in this presentation are owned by the third parties and governed by their agreements. Before using any of the APIs or code referenced in this presentation review the terms of use by the third party providing the API. These slides are available under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License. You can blog, photograph, and share this information with others. Trademarks and brands are the property of their respective owners.
  • 3. Introduction - Convergence Available APIs are growing daily Currently 1229 (and growing) APIs registered at Programmable Web Shifts in Consumer Expectations Consumers now expect mobile devices to be connected to Internet Sites and Services Platform Development becoming easier and more standardized iPhone SDK – Greater than 50,000 registered developers Android – 5% of smart phone web usage in just three months 1 Seeing extension of enterprise applications to mobile devices Salesforce.com 1 Techcrunch, March 24, 2009, Erick Schonfeld
  • 4. Introduction Many Web Services and APIs were originally developed with server to server or server to browser in mind, not mobile applications Mobile platforms have their own set of challenges given: Bandwidth Memory and CPU Availability Storage Capacity Connectivity Options and Issues Security User Interaction and Display Web Service
  • 6. API Developer Programs Is mobile access allowed? Other considerations: Call Limitations (# per second, total per hour/day, pricing above) Caching and Storage of Data Persistence of Data – Length of time stored Freshness of Data – Length of time before refreshing
  • 7. Persistence Limitations Refreshing Requirements Caching and Storage Limits
  • 8. Certification of your Mobile Application Some API sets require certification on top of distributor certification Determine Costs / Timeframe / Effort given a mobile app Prepare for testing – typically looking for error handling, API abuse Certification is a positive! Credibility, validation, marketing Keeps the neighborhood safe Application Verification
  • 10. Authentication vs. Authorization The Difference Authentication from the API provider – API Key Authorization from the user – authToken Session Key By providing combination of API Key and authToken can then receive the session key What is the shelf life of the session key Authorization will commonly affect user’s experience on mobile eBay authentication and authorization screens
  • 11. Last.fm - Sample Flow http://www.lastfm.com/api/mobileauth Get an API key Request auth – auth.getMobileSession Inputs: username authToken (md5(username + md5(password))) api_key api_sig Returns session key Make API call with sk (session key) Note: Try to keep credentials in one area to facilitate later changes
  • 12. Last.fm auth.getmobilesession auth.getmobilesession Result with new session key http://ws.audioscrobbler.com/2.0/?method=auth.getmobilesession&api_key=be8c2…&username=chudsonfm&authToken=4eb71…&api_sig=e93fb… <lfm status=&quot;ok”> <session> <name>chudsonfm</name> <key>142c0085138a4b72d1782215b1da770a</key> <subscriber>0</subscriber> </session> </lfm> username (Required) : The last.fm username. authToken (Required) : A 32-byte ASCII hexadecimal MD5 hash of the user's Last.fm credentials. api_key (Required) : A Last.fm API key. api_sig (Required) : A Last.fm method signature.
  • 13. Last.fm – Call Execution Now we can make the call with our sk (session key) – user.getinfo Response http://ws.audioscrobbler.com/2.0/?method=user.getinfo&api_key=be8c2…&sk=142c0…&api_sig=ccbd1…cc9dd <lfm status=&quot;ok”> <user> <id>17317105</id> <name>chudsonfm</name> <realname/> <url>http://www.last.fm/user/chudsonfm</url> <image/> <lang>en</lang> <country/> <age/> <gender>n</gender> <subscriber>0</subscriber> <playcount>0</playcount> <playlists>0</playlists> </user> </lfm> sk (Required) : The session key returned by auth.getMobileSession service. api_key (Required) : Your 32-character API key. api_sig (Required) : Your API method signature
  • 14. Speed Traps Could be on wifi, 3G or 1G based signal and bandwidth Segment functionality / calls to prevent issues Standard Apple test for approval is bandwidth usage when on cell network Polling Create subset of calls and functionality when on slower bandwidth Use notifications if possible Modify polling interval based on need Recovery from intermittent or lost connections Test the use of APIs via public vendor API test tools on various bandwidths
  • 15. Large Data Set Handling Decreasing returns for XML with large data sets and repetitive XML sections Even more the case with mobile devices given: Communication challenges Memory and processing limitations Minimize large data sets: Use Just-in-Time (JIT) methodology Ask for only those elements that you require Ask for only those items that you require Store what you can locally instead of requesting the same data
  • 16. Response Processing Leverage Stream Parsing for mobile environments Provides low memory overhead But, requires more heavy lifting iPhone SDK based on stream parsing – NSXMLParser class Android has Xstream as the streaming parser
  • 17. iPhone Parsing NSXMLParser delegate methods 5 key methods Parser:didStartElement: Parser:foundCharacters: Parser:didEndElement: Parser:didEndDocument: Parser:parseErrorOccurred: Method Purpose parser:didStartElement: Start of element tag occurred with attributes parser:foundCharacters: Element data located which may be all or some parser:didEndElement: End of element tag located parser:didEndDocument: End of XML document occurred parser:parseErrorOccurred: Unrecoverable parsing error occurred
  • 19. Parsing In long parsing streams provide feedback when available Example: Control4 My House Home control from your iTouch/iPhone During initial project load describes the sections being processed Stores those items that will not change including house devices But when providing current data, requests from server current state Blends stored information with real time status information to provide display
  • 20. Filtering Types of Request Filtering Selection criteria for narrowing data set returned In general determine how efficient are the calls – reduce data waste How much extra data, streaming, parsing is happening to access the data you use? How much data is being dropped on the floor? <?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?> <FindItemsAdvancedRequest xmlns=&quot;urn:ebay:apis:eBLBaseComponents&quot;> <!-- Standard Input Fields --> <MessageID> string </MessageID> <!-- Call-specific Input Fields --> <BidCountMax> int </BidCountMax> <BidCountMin> int </BidCountMin> <CategoryHistogramMaxChildren> int </CategoryHistogramMaxChildren> <CategoryHistogramMaxParents> int </CategoryHistogramMaxParents> <CategoryID> string </CategoryID> <CharityID> int </CharityID> <Condition> ItemConditionCodeType </Condition> <Currency> CurrencyCodeType </Currency> … <ShippingLocation> CountryCodeType </ShippingLocation> <ShippingPostalCode> string </ShippingPostalCode> <SortOrder> SortOrderCodeType </SortOrder> <StoreName> string </StoreName> <StoreSearch> StoreSearchCodeType </StoreSearch> </FindItemsAdvancedRequest>
  • 21. Paging Provide paging functionality to users Not all calls have paging available Inform user of current location in set, easy access to next and previous if applicable Cache key information depending on The user flow (detail page from results page) The aging of the information (when does it expire)
  • 22. Page Requests Specify the page that you are requesting <PageNumber> How many items are on a page Set the number of entries per page returned <MaxEntries> http://developer.ebay.com/products/overview/
  • 23. List Paging Example Must cache of course the current page Remember though the total pages can change dynamically so check total pages after subsequent requests <TotalItems> int </TotalItems> <TotalPages> int </TotalPages>
  • 24. Display Caching of information for future retrieval and navigation Be careful of data aging depending on what is being shown Execute web service parsing and display in background when possible to prevent UI blocking example – eBay item description and images When parsing large data blocks, progress indications can be provided from element name (sections of the XML) Synchronous versus Asynchronous calls Use JIT and Information on Demand to maximize small layouts and minimize web service calls
  • 25. Caching Options To minimize API round trips leverage caching and storage Cache in memory Cache in onboard light weight database or file Off device persistence
  • 27. Blending Multiple Results What if you have to: Blend results from multiple calls in the same API Blend results from multiple API sources This could take the form of: Extra item information on top of item details call Note this is simplified so does not show authentication and authorization checking, encoding, or the like. API Service Mobile View Trigger Request 1 Mobile App Request 2 Result 1 Fulfill Fulfill Result 2 Blend Outlet
  • 28. Blending Multiple Services Multiple Services Dependent on multiple services Example: Weather request from additional WS based on zip code returned by latitude and longitude from a geoposition service API Service 1 Mobile View Trigger Request 1 Mobile App Request 2 Result 1 Fulfill Result 2 Blend Outlet API Service 2 Fulfill
  • 29. Proxy Server Solution Provides layer of abstraction to consolidate or manage web services Proxy Server retrieves data on demand or on scheduled basis Allows for single consolidated call from the mobile device Processes data and returns subset or stores data for retrieval later Can also reduce API calls by caching similar results across user Allows for extending business logic layer
  • 30. Proxy Flow Provides for single round trip for mobile application Provides easy maintenance of web services business logic layer Easily modify Business logic API credentials Proxy Server Mobile View Trigger Request Mobile App Request Result Result Outlet API Services Fulfill Fulfill Request Result
  • 31. Proxy Landscape Web Service Web Service Proxy Server
  • 33. Creating Web Services Try to serve lowest common device Balance flexibility with overhead in calls: Filtering of criteria and paging of data functionality Split out high traffic calls versus critical requests Easy but secure authentication and authorization for both the consumer and application Benefit for mobile consumers, application programmers and web service providers Decreased round trips Increased efficiency of calls and applications Better use of call volume restrictions User experience improves
  • 34. Wrap Up Provide user preference options that translate into better tuned API calls - number of items to show on a page as an example This will translate to data efficiency, fewer callers and greater use of data retrieved Minimize the number of trips, combine in single calls when possible Leverage caching and data storage when allowed Balance data granularity with length of returns for parsing Final thought to ponder The mobile device that is typically serving as a web service client could in the now or future be a web service provider…
  • 35. Thank you Chuck Hudson [email_address] aduci
  • 36. Appendix A - Resources API / Web Service Online Catalogues Programmable Web www.programmableweb.com/api Web Service List www.webservicelist.com
  • 37. Appendix B – Code Resources iPhone URL Connections http://developer.apple.com/documentation/Cocoa/Conceptual/URLLoadingSystem/Tasks/UsingNSURLConnection.html iPhone Rest Wrapper ihttp://github.com/akosma/iphonerestwrapper/tree/master iPhone XML Parsing – Cocoa Stream Parser http://developer.apple.com/documentation/Cocoa/Conceptual/XMLParsing/XMLParsing.html SOAP with iPhone examples http://icodeblog.com/2008/11/03/iphone-programming-tutorial-intro-to-soap-web-services/ http://developer.omniture.com/node/321 Façade Server landscape – O’REILLY – Windows platform http://www.ondotnet.com/pub/a/dotnet/2004/02/23/mobilewebserviceapps.html Connecting to Web Services – Sean Sullivan http://www.slideshare.net/sullis/connecting-to-web-services-on-android W3C – Mobile Web Application Best Practices http://www.w3.org/TR/2008/WD-mwabp-20081222/
  • 38. Appendix C - Efficient XML Interchange (EXI) W3C Working Draft 19 September 2008 - http://www.w3.org/TR/2008/WD-exi-20080919/ “ EXI is a very compact representation for the Extensible Markup Language (XML) Information Set that is intended to simultaneously optimize performance and the utilization of computational resources.” Components of XML Complexity 1. size 2. total number of elements 3. number of unique elements 4. tree-height (nesting) 5. number of unique external references 6. total number of attributes 7. number of unique attributes 8. regularity, or &quot;self-similarity&quot;
  • 39. Facebook Notice the session key expiration http://wiki.developers.facebook.com/index.php/Authorizing_Applications Oauth MPOAuthMobile – compiled in project library - Karl Adam http://code.google.com/p/mpoauthconnection/wiki/MPOAuthMobile Appendix D - Other Auth Examples

Editor's Notes

  • #2: Abstract Most of the APIs available to developers today have been coded for robust web server integration with little thought of incorporation into light weight mobile applications. This talk will look at the pitfalls of using these APIs directly and methods of incorporating APIs, such as Amazon, eBay, Google and other API sets into mobile and lightweight applications, while maintaining a quality user experience. First we will review the challenges of incorporating these APIs including; * Retrieval of large data sets * Multiple round trip communications * Security issues of calls * Display of information For each of these challenges we will show specific examples with sample functionality, API flows, and XML blocks. Some examples will include web user authentication techniques, media retrieval lists, and interface usability issues. Once we understand the challenges of incorporating various web APIs we will then look at techniques for handling APIs properly including caching methods, large data set handling, paging, filtering, just in time techniques, information on demand and speed testing. Throughout we will look at pseudo code, and detailed examples of real life examples. With the proper techniques mobile applications can take advantage of a wide array of third party and home grown APIs without degradation of performance, memory, and overall usability.
  • #4: The iPhone now accounts for 50 percent of mobile Web traffic from smartphones in the U.S., according to an AdMob Mobile Metrics report released this morning. Over the past six months, the iPhone has taken share from Blackberry and Windows Mobile. In August 2008, the iPhone made up only 10 percent of mobile Web traffic from smartphones. During the same time, Blackberry’s share has gone from 32 percent to 21 percent (with the Curve and the Pearl coming in stronger than the Storm), while Windows Mobile has taken an even bigger hit, declining from 30 percent to 13 percent. Palm is also down to 7 percent from 19 percent six months ago. The only other smartphone operating system that is showing gains in mobile Web usage is Android, which has captured a strong 5 percent share just three months after launch. And that is up from 3 percent in January. The gains shown by the iPhone and Android show what is possible when phones are built with fully capable browsers and support a rich array of Web apps. iPhone Makes Up 50 Percent of Smartphone Web Traffic In U.S., Android Already 5 Percent 31 Comments by Erick Schonfeld on March 24, 2009 – Techcrunch
  • #5: Focused on: Lessons learned from specific case studies Bet practices reinforcing ideas of web services in browser based apps Will cover the business side and then technology / code
  • #9: Is there a fee? What is the timeframe? What resources are required? Do you need to furnish equipment?
  • #17: One note here – even though the object based XML parser available with Cocoa runs in the iphone simulator it is not included as part of the iphone SDK and thus is unavailable on the iphone
  • #30: Caching of the processed results to serve same client or other clients – in memory or database Can help with reducing call volume to WS service providers Especially helpful with statistical information which changes on a periodic basis Must be careful with storage and refresh rules Banking and financial information perfect example of this FRED – US Federal Reserve Economic Data
  • #34: Remember you are the consumer of the api – play nice – the owner of the api can always turn your access off “ Starting later this week we’ll be limiting those on the whitelist to 20,000 requests per hour. Yes, you read that right: twenty THOUSAND requests per hour. According to our logs, this accounts for all but the very largest consumers of our API. This is essentially a preventative measure to ensure that no one API client, even a whitelisted account or IP, can consume an inordinate amount of our resoures.” 1/21/2009 We will see more of this – our duties as coders to play nicely with the api – use the right API