Provides mobile interface API interface Service/zero to one

Quote: Now the Internet is so hot, you do not have a few apps are embarrassed to greet others! But is the app the Almighty God? The answer is no, in addition to the elegant app front-end display, in fact, the core is the server side. Data storage, query, message push, all in the server-side complete, silently! So, how to provide a service-side interface is a critical issue!

Perhaps you will say, now the app is so flooded, who still can't write Server API program AH? Yes, maybe, you are right, but this article wants to explain and to tell the story, is a from zero to a story, is a thought, is a course, a can deduce the process!

Before giving the answer, throw a few questions, if you think these aspects are very good, then congratulations, you are already a cow! Please leave your motto behind the text for reference, thank you! If you feel the need to improve, you can try to find the answer here, no thanks! (Note: I use PHP language for development, but this is not important)

1. What kind of server is used to provide service (perhaps not very accurate)?  such as: SOAP server? Yar server? Restful? Well, I believe you must be using restful style, because this is the kingly way!

2, how to determine the access route is normal, or how do you manage access rights? (attached: How to get the parameters passed over)

3. Is there an encryption method? HTTPS? Is there a distinction between different occasions?

4, how to solve the problem of coding?

5, how to control the interface version of the iteration problem?

6, how to deal with the upload file?

7, how to prevent injection? (If you don't use frames)

8, how to improve the speed of access? How to improve concurrency?

OK, after reading the question, let's continue the story!

Pre-compilation: The company is a small company, just set up soon, technicians are very few, almost a person responsible for a project, such as the Web front end, Web backend, Android, iOS. Obviously, my task is to provide the server-side interface! (where I am, experience is also poor)

Question 1, the provision of services, the reason is to think of these things to provide services, is because I use PHP development ah. PHP has these things, so, naturally, soap,yar these two things in PHP and PHP program is really good. However, you want to move the docking, not just Android, more than iOS. So, can only internationalization of Bai! The use of restful architecture, in fact, in other words, that is, an address, you can operate, rest assured, everyone is so dry, quasi right! (Attached: Please consider providing an interface upside down there is no need to use a full MVC framework)

Question 2, access rights, why do you have this problem? If it is your own site, then, you access to the address, is what you provide, do not need any access rights control! However, if the service is provided externally, it has to be considered. What if the visitors are not internal? Has he logged in yet? How many people are accessing this service now? These things should be presented at a glance. So, how to control the visitors? Method 1, in the program to write dead a few password class things, let the client access, with this variable to verify; Method 2, for each client (I said a set of source code such as Android or iOS) to provide a appid,appkey, access to carry, in fact, many large companies are doing so; Method 3, Use authorization methods such as OAuth. Obviously, Method 2 is the best way, with this thing, you can also be very convenient to make a valid record of access! (Practice: Establish a permission table, establish an access log table, if necessary, establish a module access permission table, error description table)

Problem 3, encryption, general interface We can use JSON (convenient AH), that is to say, all access, almost all using the plaintext transmission, then there must be some hypothetical information intercepted by the precautionary measures (in fact, this hypothesis is also easy to set up)! For general information, add a common ordinary signature can be, such as: appid+appkey+ access parameters +timestamp+ random characters n MD5 get signed, the server-side first to verify the signature, after confirmation, then the subsequent operation! Of course, for the payment of a class of operations, such operations are still not safe enough, it needs special treatment, with the help of HTTPS encryption, more secure!

Question 4, the coding problem, perhaps many people seem, this is not a problem. But what I want to say is, PHP is very convenient to write code is very casual, md5,json_encode and other language comes with the function, but for Java and Swift may not be so simple, but also have to find someone else to encapsulate the things, sometimes a little wrong may lead to the signature is wrong, all access is invalid! (This is mainly about the place where Chinese is included); We were all using the UTF8 editor, so there's no big problem!

Question 5, version iterations, this is a problem! Because, if the entire site is yours, you want to change all can, anyway, other people visit only your URL this one entrance. But the mobile app is different, everyone is independent, and their versions are different. If you share a set of interfaces, the small changes are OK, backwards compatibility is OK, but for some big direction changes, this will be fatal, either force the user can not use to promote its update, or you continue to write a long useless non-maintainable redundant code! Therefore, it is necessary to do version control, the main implementation is: Pass in a version parameter, thereby invoking a different internal interface address, of course, you can direct the interface address to another directory! In this way, there are many versions of the interface coexistence! such as/pro/api/v1.0/xxx,/pro/api/v2.0/xxx

Issue 6, upload files, this is also the problem, because, other places are used by the text content to the server, you can directly do the database save operation, but for the upload file is not the same. In the case of a Web site, it is generally only possible to submit using the form form, and the attribute multipart/form-data must be set to be declared as a file type. That is to say, cannot be submitted in normal JSON format! There are 2 solutions, the way 1, the file is submitted to the server form form, the server return address, and then combine the address into other options, together with JSON submission! Mode 2, the entire content is submitted in the form of WebForm form, such pages handle permissions issues separately, and notice whether it is a forgery request, can be additional page hidden token verification!

Problem 7, prevent injection, perhaps as a developer, said this is too low, but I still can't help mentioning, because, really important, in fact, interface to do things very simple, accept data, save data, return status. So, really feel that there is no need to use some very mature large framework, too bloated! Then inject the problem, you can only solve it yourself. PHP uses mysql_real_escape_string and Htmlspecialchar to filter, the basic is enough!

Problem 8, the interface speed of access, this is very important. Have you ever seen an app that is slow to access, and would you like to use it? To do the second Open is the king, because of various verification, a variety of log records, has consumed a lot of time, so pay more attention to efficiency issues.  Index, cache, load balancing, distributed, use up ... Haha, it's too broad.

From the beginning of nothing, to the end, a complete set of interfaces, it took about one months, the feeling still have a lot of not OK, and then ready to do the message push, do long connection, the result for some reason, the project was interrupted, also did nothing.

Write a little bit of the process, just a little bit of the harvest. Remember, at the beginning of the time, the reference is too little, so many things, do not have confidence, as long as the feeling!! I hope this article can help some people in this period!

Welcome to criticize, welcome to correct, welcome to ask questions!

Provides mobile interface API interface Service/zero to one