Mark Coleman

Mark Coleman is a full stack developer focusing on the latest in web technologies. Mark enjoys learning about new programming trends. Mark also likes to share his knowledge by attending local development groups and blogging (kramnameloc.com) about programming topics. When Mark is not absorbing everything development he enjoys photography, anything pertaining to The Simpsons, and a part time craft beer/bacon aficionado.

More Articles >>

SXSW'14 Day 4

Workshop, Keynote, and a quick session

March 10, 2014

Day 4 for me consisted of a workshop, watching a keynote in the afternoon and watching a quick 15 minute talk from Scott Hanselman.

Data to Go: Mobile API Design

Three principles for mobile api design

  • Reduce round trips to the server
  • Control verbosity
  • Restrict access

Learned something new, Genymotion, faster android emulator

Reduce round trips to the server

Resource constrained environment

  • CPU
  • Memory
  • Bandwidth
  • Battery

Users are impatient

  • Reduce network overhead
  • Brevity trumps discoverability
  • RESTful vs. RESTish

In mobile when activity starts the modem needs to power up into full power mode. When this occurs you should try to take advantage of this time as much as possible. This allows for much data transfer during this peak time.

Show me the cache, should you just cache?

  • Memory, uses up memory
  • Disk, uses up disk
  • Invalidation, when is cache dirty?

Cache strategies are hard, you cant always simply cache responses

Control Verbosity

  • Remove empty data
  • Remove irrelevant data
  • GZIP compression

Sip, don’t chug.

  • Less data is faster
  • Less data is less expensive

Knobs and dials

  • Pagination
  • Sort
  • Search
  • Filter

Object Expansion
Specifying verbosity level on per request basis

  • Abstract verbosity level, making levels to return how much data you want returned
  • Custom media type, applicaiton/cat.simple+json (small cat) application/cat.large+json (full cat)
  • Specifying response fields in the request, [list of fields you want returned]
  • Collection vs. resource, respond with a subset for collection groups, resource has all details

Authorization

  • Invalid credentials
  • Rate limit
  • Unsupported operation system
  • Obsolete application version
  • Blacklisted IP address

Do

  • HTTPS/SSL
  • Access token header
  • 2-step verification

Don’t

  • Session
  • Cookies
  • CSRF tokens
  • Oath* (unless api is public)
  • HMAC*

Wait.. I thought OAuth was good?

  • Which implementation?
  • Ok for public
  • Designed for 3-legged communication over un-encrypted connections
  • Apps can be decompiled to determine basing algorithm if done client-side.
  • Introduces significant overhead.
  • OAuth2 = Security Sadness

The Future

  • SPDY
  • Binary Transfer Formats
    • Protobuf
    • BSON
    • Thrift
  • Websockets
  • HTTP 2.0

Tomorrow is the close of the interactive conference and when I learn about hardware! 😀

Like this article?

Cover image credit: http://facebook.com/RodrigoMoraesPhotography

Mark Coleman

Mark Coleman is a full stack developer focusing on the latest in web technologies. Mark enjoys learning about new programming trends. Mark also likes to share his knowledge by attending local development groups and blogging (kramnameloc.com) about programming topics. When Mark is not absorbing everything development he enjoys photography, anything pertaining to The Simpsons, and a part time craft beer/bacon aficionado.

Read Next: How To: Unshelve To A Different Branch in TFS
comments powered by Disqus

Share this article with friends

You can also find Mark Coleman on Twitter, GitHub, LinkedIn, Instagram and Stackoverflow.

© 2024 Mark Coleman

This update link alerts you to new Silvrback admin blog posts. A green bubble beside the link indicates a new post. Click the link to the admin blog and the bubble disappears.

Got It!