We are developing an android port of an existing iOS application (made by same company and accessing same server API). The server API is huge and contain many optional parameters. The developer can tend to skip the optional parameters... that may tend the application to behave slightly differently in certain use-cases.
Manually scanning of code of all such parameters for different situations is tedious and still error prone. Is here any way to do it with softwares.
Like sniff http calls from both APIs and take differences. Anyway to automate it to some extent even if not completely?
I guess its a common problem for companies maintaining apps for different platforms.
You can use a tool like Fiddler. Its a little old and something I haven't used recently, but might just work for you.
More info here.
Related
We are 3 teams:
Website front-end (React)
Website back-end (Node.js)
Native app (React Native, Node.js)
We want to share logic (e.g. Validations).
As of now I found articles on 3 ways to do so:
A NPM Package we will create for our own needs
A micro-service with endpoints who carry relevant logic
Serverless functions who carry relevant logic
Any other real-life, production suggestions?
Any other real-life, production suggestions?
Kind of - in no specific order:
You could specify the rules in a language/technology agnostic way, and then have your app load them at runtime (or be compiled in during build). The rules could then exist as a config file, or even be fetched from a remote location (a variation on your options 2 & 3).
Of course, designing a language agnostic rules engine / approach is non-trivial, and depends on what you need the rules to do (how complex, etc). You might find a pre-built open source solution that does that.
I have seen people try this, but the projects never succeeded (for unrelated reasons). One team specified the rules in an Excel sheet.
But there are trade-offs:
Performance hit - how to take language agnostic rules and be able to execute them? This will probably take some translation. Native code is almost always going to be faster and more efficient.
Higher development effort.
Added complexity - harder to debug (even if you compensate by developing more mechanisms to assist you do that - which is more development effort).
Regarding Your Options
For what it's worth, code / design-time sharing is an obvious approach, which I guess is sufficiently covered by NPM. I don't know enough about React and Node to know if they have any better ways of doing that. Normally if I have logic I want to share I'll use a component which is purpose built (lean as possible, minimal dependencies, intended to be re-used across multiple projects), and ingested in (C# / .Net) at compile/design time.
As an alternative to NPM you could look at dependency injection. This would allow you to do things like update the logic even after the app was deployed, as long as it can access where ever a newer set of rules are. So it's a bit like your option 1 (NPM, code level loading) but at runtime, and just once, and your options 2 & 3 - fetched remotely at runtime - the difference being that you're ingesting the logic not firing off questions and receiving answers (less chatty).
Service base rules are good in that they are totally separated, but the obvious trade-offs are availability and performance at runtime.
I don't see a difference in your options 2 & 3 from the stand-point of creating, managing and sharing logic. The only material impact is on whomever implements and supports that service system.
I've an iOS app that interacts with a custom API, that in turn interacts with the DB. I was thinking to eliminate the custom API step and access the DB directly from the iOS application (MongoDB).
Now several questions emerged:
It would be a security issue to distribute login credentials (even if they're encrypted) with the app.
I guess due to flaky networks the DB could be corrupted if designed improperly.
Are there any real world examples where a database backend is directly accessed from Cocoa?
Basically it boils down to yes or no - and why.
PS: The database resides on the web, not an intranet/corporate network
There are pros and cons. I think you listed all the cons. IMO, there are no pros other than having one less layer to maintain. However, if you think this particular database will ever be accessed by anything other than the iOS app, you might as well go ahead and do the intermediate layer - you're going to need it eventually. Might as well plan for it at the outset.
I'd look at using a framework like RailsKit to take care of the work.
As a proof-of-concept, we built an app that connected directly with a Rails backend, and the syncing worked well --- except that it was a bit of a pain to make it play nice: the interface would freeze while it waited for confirmation from the DB, etc.
So we're going to use an existing, available framework to take care of that work for us, and focus our development efforts on the interface and user experience.
I need to write a logic engine for an application. Essentially, this thing is going to be fed a bunch of data in an XML file, and it then crunches that data and produces an XML file as its result.
The trick is that this engine will need to run on a server (probably Windows, and probably as a background service) AND it will need to on mobile devices - iOS and Android, primarily.
The logic isn't that awfully difficult or complex. On the mobile devices, the idea is to give researchers quick-and-dirty access to the engine for very tiny data sets. The server "version" will do exactly the same work, but do it on huge data sets.
The GUI will be abstracted from this logic engine.
I should point out that the "mobile version" should be able to work offline - meaning that whatever I choose to implement this logic engine in, it needs to run natively on the devices. THAT said, it's perfectly fine for it to run in the mobile device's local Web browser in a locally-stored file. For example, I'd originally considered JavaScript for this - except I don't think there's a way to have JavaScript running in a multi-threaded service on the server side of things.
Is there a single language that offers to do this? With a minimum of re-coding between platforms?
You can use Rhino to execute JavaScript from inside a Java server/servlet. I'm not sure how parallel/threaded the engine is. You can also look into hosting Google V8, which probably will be higher performance/more scalable.
I don't think you can do all of this (you probably can, but it wouldn't be very pretty) in one language.
Java (or another JVM language like Scala, Clojure or Groovy) is the closest you can do: it's the single platform that allows compiled code to be run unchanged on the largest range of platforms.
However I'm not sure how good Java support is on iOS - this might be the tricky one. But this is going to be a problem in any case: Apple don't seem particularly keen on encouraging anything other than their own tools.
Perhaps the best strategy is to write in Java (which will cover your servers and 95% of your client platforms) and then have a small client side portion that you can quickly port for special cases like iOS.
I am currently developing a very simple web service and thought I could write an API for that so when I decide to expand it on new platforms I would only have to code the parser application. That said, the API isn't meant for other developers but me, but I won't restrict access to it so anyone can build on that.
Then I thought I could even run the website itself through this API for various reasons like lower bandwidth consumption (HTML generated in browser) and client-side caching. Being AJAX heavy seemed like an even bigger reason to.
The layout looks like this:
Server (database, programming logic)
|
API (handles user reads/writes)
|
Client application (the website, browser extensions, desktop app, mobile apps)
|
Client cache (further reduces server reads)
After the introduction here are my questions:
Is this good use of API
Is it a good idea to run the whole website through the API
What choices for safe authentication do I have, using the API (and for some reason I prefer not to use HTTPS)
EDIT
Additional questions:
Any alternative approaches I haven't considered
What are some potential issues I haven't accounted for that may arise using this approach
First things first.
Asking if a design (or in fact anything) is "good" depends on how you define "goodness". Typical criteria are performance, maintainability, scalability, testability, reusability etc. It would help if you could add some of that context.
Having said that...
Is this good use of API
It's usually a good idea to separate out your business logic from your presentation logic and your data persistence logic. Your design does that, and therefore I'd be happy to call it "good". You might look at a formal design pattern to do this - Model View Controller is probably the current default, esp. for web applications.
Is it a good idea to run the whole website through the API
Well, that depends on the application. It's totally possible to write an application entirely in Javascript/Ajax, but there are browser compatibility issues (esp. for older browsers), and you have to build support for things users commonly expect from web applications, like deep links and search engine friendliness. If you have a well-factored API, you can do some of the page generation on the server, if that makes it easier.
What choices for safe authentication do I have, using the API (and for some reason I prefer not to use HTTPS)
Tricky one - with this kind of app, you have to distinguish between authenticating the user, and authenticating the application. For the former, OpenID or OAuth are probably the dominant solutions; for the latter, have a look at how Google requires you to sign up to use their Maps API.
In most web applications, HTTPS is not used for authentication (proving the current user is who they say they are), but for encryption. The two are related, but by no means equivalent...
Any alternative approaches I haven't considered
Maybe this fits more under question 5 - but in my experience, API design is a rather esoteric skill - it's hard for an API designer to be able to predict exactly what the client of the API is going to need. I would seriously consider writing the application without an API for your first client platform, and factor out the API later - that way, you build only what you need in the first release.
What are some potential issues I haven't accounted for that may arise using this approach
Versioning is a big deal with APIs - once you've created an interface, you can almost never change it, especially with multiple clients that you don't control. I'd build versioning in as a first class concept - with RESTful APIs, you can do this as part of the URL.
Is this good use of API
Depends on what you will do with that application.
Is it a good idea to run the whole website through the API
no, so your site will be accessible only through your application. this way This implementation prevents compatibility with other browsers
What choices for safe authentication do I have, using the API (and for some reason I prefer not to use HTTPS)
You can use omniauth
Any alternative approaches I haven't considered
create both frontends, one in your application and other in common browsers
What are some potential issues I haven't accounted for that may arise using this approach
I don't now your idea, but I can't see major danger.
Our application is interfacing with a lot of web services these days. We have our own package that someone wrote a few years back using UTL_HTTP and it generally works, but needs some hard-coding of the SOAP envelope to work with certain systems. I would like to make it more generic, but lack experience to know how many scenarios I would have to deal with. The variations are in what namespaces need to be declared and the format of the elements. We have to handle both simple calls with a few parameters and those that pass a large amount of data in an encoded string.
I know that 10g has UTL_DBWS, but there are not a huge number of use-cases on-line. Is it stable and flexible enough for general use? Documentation
I have used UTL_HTTP which is simple and works. If you face a challenge with your own package, you can probably find a solution in one of the many wrapper packages around UTL_HTTP on the net (Google "consuming web services from pl/sql", leading you to e.g.
http://www.oracle-base.com/articles/9i/ConsumingWebServices9i.php)
The reason nobody is using UTL_DBWS is that it is not functional in a default installed database. You need to load a ton of Java classes into the database, but the standard instructions seem to be defective - the process spews Java errors right and left and ultimately fails. It seems very few people have been willing to take the time to track down the package dependencies in order to make this approach work.
I had this challenge and found and installed the 'SOAP API' package that Sten suggests on Oracle-Base. It provides some good envelope-creation functionality on top of UTL_HTTP.
However there were some limitations that pertain to your question. SOAP_API assumes all requests are simple XML- i.e. only one layer tag hierarchy.
I extended the SOAP_API package to allow the client code to arbitrarily insert an extra tag. So you can insert a sub-level such as , continue to build the request, and remember to insert a closing tag.
The namespace issue was a bear for the project- different levels of XML had different namespaces.
A nice debugging tool that I used is TCP Trace from Pocket Soap.
www.pocketsoap.com/tcptrace/
You set it up like a proxy and watch the HTTP request and response objects between client and server code.
Having said all that, we really like having a SOAP client in the database- we have full access to all data and existing PLSQL code, can easily loop through cursors and call the external app via SOAP when needed. It was a lot quicker and easier than deploying a middle tier with lots of custom Java or .NET code. Good luck and let me know if you'd like to see my enhanced SOAP API code.
We have also used UTL_HTTP in a manner similar to what you have described. I don't have any direct experience with UTL_DBWS, so I hope you can follow up with any information/experience you can gather.
#kogus, no it's a quite good design for many applications. PL/SQL is a full-fledged programming language that has been used for many big applications.
Check out this older post. I have to agree with that post's #1 answer; it's hard to imagine a scenario where this could be a good design.
Can't you write a service, or standalone application, which would talk to a table in your database? Then you could implement whatever you want as a trigger on that table.