SlideShare une entreprise Scribd logo

- Webexpo 2010

Petr Dvorak
Petr Dvorak
1  sur  57
Télécharger pour lire hors ligne
iPhone developer's view at the mobile web-services Petr Dvořák iPhone Developer Prague, 24th September 2010
The key message Well, iPhone might not last forever. Web-services written for it will.
What we will cover ...  Motivation  Technical matters  Small appeal  Q&A
Motivation
Renaissance of the web-services  Back in 2005, WAP was pretty cool  Web-services are for corporations and bussiness applications
Renaissance of the web-services  Today, the web-services are „custommer goods“
Trends today  Social apps are on the roll...
Trends today  Modern media changes – news are everywhere...
Trends today  iPhone is the business phone (sorry...)
Two points to remember for now...  Importance of the web-services rapidly grows  If you didn't start yesterday, it might be too late
Technical matters
XML-RPC/SOAP? Why not...  Procedural approach to webservices  Libraries already exist  „Cocoa XML-RPC Framework“ used in WordPress  Any C/C++ library will work
And the winner is ...  RESTful + XML / JSON (YAML , PList …)  REST principles implemented above HTTP protocol  HTTP POST, GET, PUT, DELETE  Data oriented – the main unit is resource  vs. procedural approach  Popularity originates in comprehensibility
Example of a REST API - Corkbin <nearest lat="50.104571" lon="14.496027" max="2"> <wine hash="w722833d" id="1284919812900_475001_4" recommended="false" timestamp="1284919812900" userId="475001"> <comment>Pink wine :)</comment> <img>wineImage/p1284919812900_475001_4</img> <gps lat="50.129139" lon="14.471089"/> </wine> <wine hash="w14a6cb4" id="1284902438029_125008_8" recommended="true" timestamp="1284902438029" userId="125008"> <comment>Nice wine from France</comment> <img>wineImage/p1284902438029_125008_8</img> <gps lat="45.192108" lon="9.208828"/> </wine> </nearest>
Little issue to keep in mind ...  Not all servers support all HTTP methods, when you need them  „Pure RESTful“ needs all HTTP methods to work  Fix your servers and frameworks
Which API format to choose?
XML vs. JSON – and the winner is ...
XML vs. JSON  Choose what fits you best (or just start a flame...)  XML  Older, more robust, chatty format with more adult tools  TouchXML, KissXML, NSXMLParser, ...  JSON  Better suits object serialization abstraction, compact  TouchJSON, JSON Framework
Little remark on XML being chatty … <!-- 76 chars //--> <person> <name>Petr</name> <surname>Dvorak</surname> <born>1985</born> </person> <!-- 50 chars //--> <person name=”Petr” surname=”Dvorak” born=”1985”/>
Plists  You can use plists as a base format for API
Plists (Property List)  You can use plists as a base format for API  What the heck is plist?  Apple's XML based format with a binary variant  Binary variant is default, and very space efficient  Used for object serialization and app properties
Plist - Example <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Year Of Birth</key> <integer>1965</integer> <key>Kids Names</key> <array> <string>John</string> <string>Kyra</string> </array> </dict> </plist>
Optimal granularity?
What is granularity? „The way you split the complete model stored on the server into individual resources“
What is granularity?  Extreme: One huge XML file with all information vs. Many small files  Which direction should you choose?
Choose the right one, dummies! :-)
Practical testing  One resource should have no more than 80kB  GPRS: ~20-30 seconds to download (users don't die waiting)  3G: ~6-8 seconds (users don't get bored)  Latency is still an issue – try to keep resources as big as possible
Authentication on iPhone
Basic HTTP authentication  Client-side method  Almost for free on iPhone  Implement authentication challenge callback  … or just add credentials in the URL  Do you really want to consider this method?
Basic HTTP authentication -(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge*)challenge { // you can use [challenge previousFailureCount] here NSURLCredential *newCredential = [NSURLCredential credentialWithUser:USERNAME password:PASSWORD persistence:NSURLCredentialPersistenceForSession]; [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge]; }
Form-based authentication  Long story short: You get it for free...
Form-based authentication NSURL *url = [NSURL URLWithString:@”https://localhost/login.php”]; NSMutableURLrequest = [NSMutableURLRequest requestWithURL:url]; [request setHTTPMethod:@"POST"]; [request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"]; NSData *postData = [@”login=joshis&password=********” dataUsingEncoding:NSUTF8StringEncoding]; [request setHTTPBody:postData]; [request setValue:[NSString stringWithFormat:@"%d", [postData length]] forHTTPHeaderField:@"Content-Length"]; self.connection = [NSURLConnection connectionWithRequest:request delegate:some_delegate]; [self.connection start];
Apparent problem ...  Credentials are stored on device  For the purpose of auto-login  Does not have to be an issue  Mobile device: Usually, it is...  If not on HTTPS, content can be forged  Any solution? Yes – let's dance...
OAuth  Authentication protocol  3 subjects – user, consumer, provider  Consumer ~ Application at provider  3 stages – request, authorize, access  On mobile device: OOB (out-of-brand) version
Step 1: Request token Asks a request token Consumer Provider Grants request token
Step 2: Direct user to provider Points user to providers login page Consumer User re-writes PIN (verifier) in the app
Step 3: Access token Asks an access token (uses PIN) Consumer Provider Grants access token
OAuth – the good thing  Access tokens are stored on the device, then used in OAuth header (HTTP)  These are not the username and password  And that's what we wanted  Signature prevents content forgery
OAuth in an actuall app
OAuth – the bad thing  You display a web page for authentication for your app  Either in app – user writes in untrusted context  Or in Safari – workflow is horrible  The best security is achieved only in trusted browser
XAuth  XAuth is still OAuth  Credentials processed on client during the dance  Username and password are exchanged for the access tokens
OAuth/XAuth – implementation  It is a heck of a lot of work to implement OAuth/XAuth on the iPhone for the first time  If you don't/can't use libraries  It is definitely worth it, if you have the patience  Users' passwords and communication are safe  Web-service implementors: Do OAuth/XAuth!
Caching
Caching  Better feel for user  Less data transferred  Technologies  PLists  SQLite database + nice wrappers (fmdb, TouchSQL, ...)
Cache validation Asking the server if the resource you have is up to date.
ETag  Every resource has a “tag” associated with it on “CREATE” operation on server (HTTP POST)  Tag is updated on “UPDATE” operation on server (HTTP PUT)  ETag is sent in HTTP header with resource
ETag  Client caches the ETag with the resource  Client sends a “If-none-match” header with eTag when asking for a resource  If the resource is not modified, client receives a response “304 – Not Modified” from server and cancels the connection
HTTP Responses
Error handling  HTTP responses often ignored on the server side  Always returns 200 + XML with <error> elements …  Wrong for a mobile clients  Download just to find out error occurred
Error handling - (void) connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response { int code = [((NSHTTPURLResponse*)response) statusCode]; if (code == 200) { // OK, alt. (code / 100 != 2) } else if (code == 418) { // I'm a teapot [self iMaTeaPot]; } else { // assume error here, switch depending on the response code [self handleError:code]; [connection cancel]; self.connection = nil; } }
Little appeal
Little appeal Machines are people too...
Little appeal  Making public data hard to process by machines does not help anyone  And it does not stop anyone  Registration at least enforces some policy
Real-world „web-services“  vs. YAML API after registration  10 API queries per 1 ad query  Enforcable  app does not follow rule → BAN
Romanian hydrometeorological institute  vs. Paid XML/CSV exports  Rational pricing  Now: ~ 10k EUR/year
The key message Well, iPhone might not last forever. Web-services written for it will.
Q&A http://twitter.com/inmite

Recommandé

Advanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRFAdvanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRFjohnwilander
 
What's Your Problem?
What's Your Problem?What's Your Problem?
What's Your Problem?Asbjørn Ulsberg
 
Introduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedIntroduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
 
What’s Your Problem?
What’s Your Problem?What’s Your Problem?
What’s Your Problem?Nordic APIs
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuthMikkel Flindt Heisterberg
 
Social Connections VI Prague - An introduction to ibm connections as an appde...
Social Connections VI Prague - An introduction to ibm connections as an appde...Social Connections VI Prague - An introduction to ibm connections as an appde...
Social Connections VI Prague - An introduction to ibm connections as an appde...Mikkel Flindt Heisterberg
 
Pushing the Web: Interesting things to Know
Pushing the Web: Interesting things to KnowPushing the Web: Interesting things to Know
Pushing the Web: Interesting things to Known|u - The Open Security Community
 
QuickConnect
QuickConnectQuickConnect
QuickConnectAnnu G
 

Recommandé

Advanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRFAdvanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRFjohnwilander
 
What's Your Problem?
What's Your Problem?What's Your Problem?
What's Your Problem?Asbjørn Ulsberg
 
Introduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedIntroduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
 
What’s Your Problem?
What’s Your Problem?What’s Your Problem?
What’s Your Problem?Nordic APIs
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuthMikkel Flindt Heisterberg
 
Social Connections VI Prague - An introduction to ibm connections as an appde...
Social Connections VI Prague - An introduction to ibm connections as an appde...Social Connections VI Prague - An introduction to ibm connections as an appde...
Social Connections VI Prague - An introduction to ibm connections as an appde...Mikkel Flindt Heisterberg
 
Pushing the Web: Interesting things to Know
Pushing the Web: Interesting things to KnowPushing the Web: Interesting things to Know
Pushing the Web: Interesting things to Known|u - The Open Security Community
 
QuickConnect
QuickConnectQuickConnect
QuickConnectAnnu G
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
OAuth using PHP5
OAuth using PHP5OAuth using PHP5
OAuth using PHP5Nurulazrad Murad
 
Internet Explorer 8 for Developers by Christian Thilmany
Internet Explorer 8 for Developers by Christian ThilmanyInternet Explorer 8 for Developers by Christian Thilmany
Internet Explorer 8 for Developers by Christian ThilmanyChristian Thilmany
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
Seam Introduction
Seam IntroductionSeam Introduction
Seam Introductionihamo
 
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMThere’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMMikkel Flindt Heisterberg
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on AzureMaarten Balliauw
 
Crud tutorial en
Crud tutorial enCrud tutorial en
Crud tutorial enforkgrown
 
Implementing OAuth with PHP
Implementing OAuth with PHPImplementing OAuth with PHP
Implementing OAuth with PHPLorna Mitchell
 
Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Jan Jongboom
 
How to make Ajax work for you
How to make Ajax work for youHow to make Ajax work for you
How to make Ajax work for youSimon Willison
 
Php
PhpPhp
PhpMindtree
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Using OAuth with PHP
Using OAuth with PHPUsing OAuth with PHP
Using OAuth with PHPDavid Ingram
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Web Directions
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshopahmadsayed
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Pragmatics of Declarative Ajax
Pragmatics of Declarative AjaxPragmatics of Declarative Ajax
Pragmatics of Declarative Ajaxdavejohnson
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moondavejohnson
 
MITANS
MITANSMITANS
MITANSCitizens for Accountable Governance
 
Water, sanitation, & hygiene (WASH) and NTDs
Water, sanitation, & hygiene (WASH) and NTDsWater, sanitation, & hygiene (WASH) and NTDs
Water, sanitation, & hygiene (WASH) and NTDsJordan Teague
 
Community Based Environmental Health Promotion Programme
Community Based Environmental Health Promotion Programme Community Based Environmental Health Promotion Programme
Community Based Environmental Health Promotion Programme International WaterCentre
 

Contenu connexe

Tendances

Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
Internet Explorer 8 for Developers by Christian Thilmany
Internet Explorer 8 for Developers by Christian ThilmanyInternet Explorer 8 for Developers by Christian Thilmany
Internet Explorer 8 for Developers by Christian ThilmanyChristian Thilmany
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
Seam Introduction
Seam IntroductionSeam Introduction
Seam Introductionihamo
 
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMThere’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMMikkel Flindt Heisterberg
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on AzureMaarten Balliauw
 
Crud tutorial en
Crud tutorial enCrud tutorial en
Crud tutorial enforkgrown
 
Implementing OAuth with PHP
Implementing OAuth with PHPImplementing OAuth with PHP
Implementing OAuth with PHPLorna Mitchell
 
Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Jan Jongboom
 
How to make Ajax work for you
How to make Ajax work for youHow to make Ajax work for you
How to make Ajax work for youSimon Willison
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Using OAuth with PHP
Using OAuth with PHPUsing OAuth with PHP
Using OAuth with PHPDavid Ingram
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Web Directions
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshopahmadsayed
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Pragmatics of Declarative Ajax
Pragmatics of Declarative AjaxPragmatics of Declarative Ajax
Pragmatics of Declarative Ajaxdavejohnson
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moondavejohnson
 

Tendances (19)

Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
OAuth using PHP5
OAuth using PHP5OAuth using PHP5
OAuth using PHP5
 
Internet Explorer 8 for Developers by Christian Thilmany
Internet Explorer 8 for Developers by Christian ThilmanyInternet Explorer 8 for Developers by Christian Thilmany
Internet Explorer 8 for Developers by Christian Thilmany
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big Picture
 
Seam Introduction
Seam IntroductionSeam Introduction
Seam Introduction
 
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMThere’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on Azure
 
Crud tutorial en
Crud tutorial enCrud tutorial en
Crud tutorial en
 
Implementing OAuth with PHP
Implementing OAuth with PHPImplementing OAuth with PHP
Implementing OAuth with PHP
 
Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014
 
How to make Ajax work for you
How to make Ajax work for youHow to make Ajax work for you
How to make Ajax work for you
 
Php
PhpPhp
Php
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Using OAuth with PHP
Using OAuth with PHPUsing OAuth with PHP
Using OAuth with PHP
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshop
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Pragmatics of Declarative Ajax
Pragmatics of Declarative AjaxPragmatics of Declarative Ajax
Pragmatics of Declarative Ajax
 
Ajax to the Moon
Ajax to the MoonAjax to the Moon
Ajax to the Moon
 

En vedette

Water, sanitation, & hygiene (WASH) and NTDs
Water, sanitation, & hygiene (WASH) and NTDsWater, sanitation, & hygiene (WASH) and NTDs
Water, sanitation, & hygiene (WASH) and NTDsJordan Teague
 
Community Based Environmental Health Promotion Programme
Community Based Environmental Health Promotion Programme Community Based Environmental Health Promotion Programme
Community Based Environmental Health Promotion Programme International WaterCentre
 
The importance of sanitation: How to bring about change
The importance of sanitation: How to bring about changeThe importance of sanitation: How to bring about change
The importance of sanitation: How to bring about changeInternational WaterCentre
 
Urban and Rural sanitation in india
Urban and Rural sanitation in indiaUrban and Rural sanitation in india
Urban and Rural sanitation in indiaTryambakesh Shukla
 
Hygiene & Sanitation Presentation for Hotel & Restaurants by Ravi
Hygiene & Sanitation Presentation for Hotel & Restaurants by RaviHygiene & Sanitation Presentation for Hotel & Restaurants by Ravi
Hygiene & Sanitation Presentation for Hotel & Restaurants by RaviHM Rav
 

En vedette (12)

MITANS
MITANSMITANS
MITANS
 
Water, sanitation, & hygiene (WASH) and NTDs
Water, sanitation, & hygiene (WASH) and NTDsWater, sanitation, & hygiene (WASH) and NTDs
Water, sanitation, & hygiene (WASH) and NTDs
 
Community Based Environmental Health Promotion Programme
Community Based Environmental Health Promotion Programme Community Based Environmental Health Promotion Programme
Community Based Environmental Health Promotion Programme
 
Community Engagement Hoagie
Community Engagement HoagieCommunity Engagement Hoagie
Community Engagement Hoagie
 
How stigma and discrimination hampers efforts at the univers
How stigma and discrimination hampers efforts at the universHow stigma and discrimination hampers efforts at the univers
How stigma and discrimination hampers efforts at the univers
 
Improved access to hivaids services through comprehensive care and treatment ...
Improved access to hivaids services through comprehensive care and treatment ...Improved access to hivaids services through comprehensive care and treatment ...
Improved access to hivaids services through comprehensive care and treatment ...
 
PROMISINGPIONEERS1
PROMISINGPIONEERS1PROMISINGPIONEERS1
PROMISINGPIONEERS1
 
Tdh -Water, sanitation and hygiene
Tdh -Water, sanitation and hygieneTdh -Water, sanitation and hygiene
Tdh -Water, sanitation and hygiene
 
The importance of sanitation: How to bring about change
The importance of sanitation: How to bring about changeThe importance of sanitation: How to bring about change
The importance of sanitation: How to bring about change
 
Urban and Rural sanitation in india
Urban and Rural sanitation in indiaUrban and Rural sanitation in india
Urban and Rural sanitation in india
 
Sanitation In India
Sanitation In IndiaSanitation In India
Sanitation In India
 
Hygiene & Sanitation Presentation for Hotel & Restaurants by Ravi
Hygiene & Sanitation Presentation for Hotel & Restaurants by RaviHygiene & Sanitation Presentation for Hotel & Restaurants by Ravi
Hygiene & Sanitation Presentation for Hotel & Restaurants by Ravi
 

Similaire à - Webexpo 2010

[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016Robert Nyman
 
The Future of Progressive Web Apps - View Source conference, Berlin 2016
The Future of Progressive Web Apps - View Source conference, Berlin 2016The Future of Progressive Web Apps - View Source conference, Berlin 2016
The Future of Progressive Web Apps - View Source conference, Berlin 2016Robert Nyman
 
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009Aduci
 
Automated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XMLAutomated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XMLdiongillard
 
The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)Aman Kohli
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxChanna Ly
 
Windows Azure: Connecting the Dots for a Mobile Workforce
Windows Azure: Connecting the Dots for a Mobile WorkforceWindows Azure: Connecting the Dots for a Mobile Workforce
Windows Azure: Connecting the Dots for a Mobile WorkforceTechWell
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
What's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkWhat's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkSam Basu
 
Fanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone DeveloperFanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone DeveloperSam Basu
 
Iphone client-server app with Rails backend (v3)
Iphone client-server app with Rails backend (v3)Iphone client-server app with Rails backend (v3)
Iphone client-server app with Rails backend (v3)Sujee Maniyam
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Kashif Imran
 
WP7 & Azure
WP7 & AzureWP7 & Azure
WP7 & AzureSam Basu
 
Azure & WP7 at GRDevDay
Azure & WP7 at GRDevDayAzure & WP7 at GRDevDay
Azure & WP7 at GRDevDaySam Basu
 
Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd
Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd
Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd Sencha
 
Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)Visug
 

Similaire à - Webexpo 2010 (20)

[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016The Future of the Web - Cold Front conference 2016
The Future of the Web - Cold Front conference 2016
 
The Future of Progressive Web Apps - View Source conference, Berlin 2016
The Future of Progressive Web Apps - View Source conference, Berlin 2016The Future of Progressive Web Apps - View Source conference, Berlin 2016
The Future of Progressive Web Apps - View Source conference, Berlin 2016
 
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009
 
Automated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XMLAutomated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XML
 
The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)The Real World - Plugging the Enterprise Into It (nodejs)
The Real World - Plugging the Enterprise Into It (nodejs)
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
Windows Azure: Connecting the Dots for a Mobile Workforce
Windows Azure: Connecting the Dots for a Mobile WorkforceWindows Azure: Connecting the Dots for a Mobile Workforce
Windows Azure: Connecting the Dots for a Mobile Workforce
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
HTTP Basics Demo
HTTP Basics DemoHTTP Basics Demo
HTTP Basics Demo
 
What's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon TalkWhat's New with Windows Phone - FoxCon Talk
What's New with Windows Phone - FoxCon Talk
 
Fanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone DeveloperFanug - Pragmatic Windows Phone Developer
Fanug - Pragmatic Windows Phone Developer
 
Iphone client-server app with Rails backend (v3)
Iphone client-server app with Rails backend (v3)Iphone client-server app with Rails backend (v3)
Iphone client-server app with Rails backend (v3)
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365
 
WP7 & Azure
WP7 & AzureWP7 & Azure
WP7 & Azure
 
Azure & WP7 at GRDevDay
Azure & WP7 at GRDevDayAzure & WP7 at GRDevDay
Azure & WP7 at GRDevDay
 
Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd
Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd
Sencha Roadshow 2017: Build Progressive Web Apps with Ext JS and Cmd
 
Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)
 

Plus de Petr Dvorak

Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Petr Dvorak
 
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingPetr Dvorak
 
mDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appmDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appPetr Dvorak
 
Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Petr Dvorak
 
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíSmart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíPetr Dvorak
 
Bankovní API ve světě
Bankovní API ve světěBankovní API ve světě
Bankovní API ve světěPetr Dvorak
 
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePetr Dvorak
 
Představení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePředstavení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePetr Dvorak
 
Lime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionLime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionPetr Dvorak
 
Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Petr Dvorak
 
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Petr Dvorak
 
Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Petr Dvorak
 
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Petr Dvorak
 
Zingly - Single app for all banks
Zingly - Single app for all banksZingly - Single app for all banks
Zingly - Single app for all banksPetr Dvorak
 
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Petr Dvorak
 
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Petr Dvorak
 
Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Petr Dvorak
 
What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?Petr Dvorak
 
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelemDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelePetr Dvorak
 
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživateleiCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatelePetr Dvorak
 

Plus de Petr Dvorak (20)

Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.Czech Banks are Under Attack, Clients Lose Money.
Czech Banks are Under Attack, Clients Lose Money.
 
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open Banking
 
mDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appmDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking app
 
Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API?
 
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíSmart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
 
Bankovní API ve světě
Bankovní API ve světěBankovní API ve světě
Bankovní API ve světě
 
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
 
Představení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePředstavení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integrace
 
Lime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionLime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introduction
 
Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Lime - Push notifications. The big way.
Lime - Push notifications. The big way.
 
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
 
Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?
 
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
 
Zingly - Single app for all banks
Zingly - Single app for all banksZingly - Single app for all banks
Zingly - Single app for all banks
 
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
 
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
 
Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015
 
What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?
 
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelemDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
 
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživateleiCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
 

- Webexpo 2010

  • 1. iPhone developer's view at the mobile web-services Petr Dvořák iPhone Developer Prague, 24th September 2010
  • 2. The key message Well, iPhone might not last forever. Web-services written for it will.
  • 3. What we will cover ...  Motivation  Technical matters  Small appeal  Q&A
  • 5. Renaissance of the web-services  Back in 2005, WAP was pretty cool  Web-services are for corporations and bussiness applications
  • 6. Renaissance of the web-services  Today, the web-services are „custommer goods“
  • 7. Trends today  Social apps are on the roll...
  • 8. Trends today  Modern media changes – news are everywhere...
  • 9. Trends today  iPhone is the business phone (sorry...)
  • 10. Two points to remember for now...  Importance of the web-services rapidly grows  If you didn't start yesterday, it might be too late
  • 12. XML-RPC/SOAP? Why not...  Procedural approach to webservices  Libraries already exist  „Cocoa XML-RPC Framework“ used in WordPress  Any C/C++ library will work
  • 13. And the winner is ...  RESTful + XML / JSON (YAML , PList …)  REST principles implemented above HTTP protocol  HTTP POST, GET, PUT, DELETE  Data oriented – the main unit is resource  vs. procedural approach  Popularity originates in comprehensibility
  • 14. Example of a REST API - Corkbin <nearest lat="50.104571" lon="14.496027" max="2"> <wine hash="w722833d" id="1284919812900_475001_4" recommended="false" timestamp="1284919812900" userId="475001"> <comment>Pink wine :)</comment> <img>wineImage/p1284919812900_475001_4</img> <gps lat="50.129139" lon="14.471089"/> </wine> <wine hash="w14a6cb4" id="1284902438029_125008_8" recommended="true" timestamp="1284902438029" userId="125008"> <comment>Nice wine from France</comment> <img>wineImage/p1284902438029_125008_8</img> <gps lat="45.192108" lon="9.208828"/> </wine> </nearest>
  • 15. Little issue to keep in mind ...  Not all servers support all HTTP methods, when you need them  „Pure RESTful“ needs all HTTP methods to work  Fix your servers and frameworks
  • 16. Which API format to choose?
  • 17. XML vs. JSON – and the winner is ...
  • 18. XML vs. JSON  Choose what fits you best (or just start a flame...)  XML  Older, more robust, chatty format with more adult tools  TouchXML, KissXML, NSXMLParser, ...  JSON  Better suits object serialization abstraction, compact  TouchJSON, JSON Framework
  • 19. Little remark on XML being chatty … <!-- 76 chars //--> <person> <name>Petr</name> <surname>Dvorak</surname> <born>1985</born> </person> <!-- 50 chars //--> <person name=”Petr” surname=”Dvorak” born=”1985”/>
  • 20. Plists  You can use plists as a base format for API
  • 21. Plists (Property List)  You can use plists as a base format for API  What the heck is plist?  Apple's XML based format with a binary variant  Binary variant is default, and very space efficient  Used for object serialization and app properties
  • 22. Plist - Example <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Year Of Birth</key> <integer>1965</integer> <key>Kids Names</key> <array> <string>John</string> <string>Kyra</string> </array> </dict> </plist>
  • 24. What is granularity? „The way you split the complete model stored on the server into individual resources“
  • 25. What is granularity?  Extreme: One huge XML file with all information vs. Many small files  Which direction should you choose?
  • 26. Choose the right one, dummies! :-)
  • 27. Practical testing  One resource should have no more than 80kB  GPRS: ~20-30 seconds to download (users don't die waiting)  3G: ~6-8 seconds (users don't get bored)  Latency is still an issue – try to keep resources as big as possible
  • 29. Basic HTTP authentication  Client-side method  Almost for free on iPhone  Implement authentication challenge callback  … or just add credentials in the URL  Do you really want to consider this method?
  • 30. Basic HTTP authentication -(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge*)challenge { // you can use [challenge previousFailureCount] here NSURLCredential *newCredential = [NSURLCredential credentialWithUser:USERNAME password:PASSWORD persistence:NSURLCredentialPersistenceForSession]; [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge]; }
  • 31. Form-based authentication  Long story short: You get it for free...
  • 32. Form-based authentication NSURL *url = [NSURL URLWithString:@”https://localhost/login.php”]; NSMutableURLrequest = [NSMutableURLRequest requestWithURL:url]; [request setHTTPMethod:@"POST"]; [request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"]; NSData *postData = [@”login=joshis&password=********” dataUsingEncoding:NSUTF8StringEncoding]; [request setHTTPBody:postData]; [request setValue:[NSString stringWithFormat:@"%d", [postData length]] forHTTPHeaderField:@"Content-Length"]; self.connection = [NSURLConnection connectionWithRequest:request delegate:some_delegate]; [self.connection start];
  • 33. Apparent problem ...  Credentials are stored on device  For the purpose of auto-login  Does not have to be an issue  Mobile device: Usually, it is...  If not on HTTPS, content can be forged  Any solution? Yes – let's dance...
  • 34. OAuth  Authentication protocol  3 subjects – user, consumer, provider  Consumer ~ Application at provider  3 stages – request, authorize, access  On mobile device: OOB (out-of-brand) version
  • 35. Step 1: Request token Asks a request token Consumer Provider Grants request token
  • 36. Step 2: Direct user to provider Points user to providers login page Consumer User re-writes PIN (verifier) in the app
  • 37. Step 3: Access token Asks an access token (uses PIN) Consumer Provider Grants access token
  • 38. OAuth – the good thing  Access tokens are stored on the device, then used in OAuth header (HTTP)  These are not the username and password  And that's what we wanted  Signature prevents content forgery
  • 39. OAuth in an actuall app
  • 40. OAuth – the bad thing  You display a web page for authentication for your app  Either in app – user writes in untrusted context  Or in Safari – workflow is horrible  The best security is achieved only in trusted browser
  • 41. XAuth  XAuth is still OAuth  Credentials processed on client during the dance  Username and password are exchanged for the access tokens
  • 42. OAuth/XAuth – implementation  It is a heck of a lot of work to implement OAuth/XAuth on the iPhone for the first time  If you don't/can't use libraries  It is definitely worth it, if you have the patience  Users' passwords and communication are safe  Web-service implementors: Do OAuth/XAuth!
  • 44. Caching  Better feel for user  Less data transferred  Technologies  PLists  SQLite database + nice wrappers (fmdb, TouchSQL, ...)
  • 45. Cache validation Asking the server if the resource you have is up to date.
  • 46. ETag  Every resource has a “tag” associated with it on “CREATE” operation on server (HTTP POST)  Tag is updated on “UPDATE” operation on server (HTTP PUT)  ETag is sent in HTTP header with resource
  • 47. ETag  Client caches the ETag with the resource  Client sends a “If-none-match” header with eTag when asking for a resource  If the resource is not modified, client receives a response “304 – Not Modified” from server and cancels the connection
  • 49. Error handling  HTTP responses often ignored on the server side  Always returns 200 + XML with <error> elements …  Wrong for a mobile clients  Download just to find out error occurred
  • 50. Error handling - (void) connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response { int code = [((NSHTTPURLResponse*)response) statusCode]; if (code == 200) { // OK, alt. (code / 100 != 2) } else if (code == 418) { // I'm a teapot [self iMaTeaPot]; } else { // assume error here, switch depending on the response code [self handleError:code]; [connection cancel]; self.connection = nil; } }
  • 52. Little appeal Machines are people too...
  • 53. Little appeal  Making public data hard to process by machines does not help anyone  And it does not stop anyone  Registration at least enforces some policy
  • 54. Real-world „web-services“  vs. YAML API after registration  10 API queries per 1 ad query  Enforcable  app does not follow rule → BAN
  • 55. Romanian hydrometeorological institute  vs. Paid XML/CSV exports  Rational pricing  Now: ~ 10k EUR/year
  • 56. The key message Well, iPhone might not last forever. Web-services written for it will.