Mobile API service from scratch: The Internet is so popular, and few apps in your hand are embarrassed to say hello to others! But is APP an all-powerful God? The answer is No. apart from the elegant front-end display of the APP, the core is the server. Data storage, query, and message pushing are not completed on the server side! Then, how to provide a server interface is a crucial issue!
Maybe you will say that the APP is so popular now, who will not write the server-side API Program? Yes, maybe you are right, but what I want to explain in this article is a story from scratch, a thought, a course, A deduction process!
Before giving an answer, let me give you a few questions. if you think you have done well in these aspects, congratulations! Please leave your proverbs behind for reference. thank you! If you feel that you still need to improve, try to find the answer here. thank you! (Note: I am using PHP for development, but this is not important)
1. what kind of server is used to provide services (maybe not accurate )? For example, soap server? Yar server? Restful? Well, I believe you must use a restful style, because this is King!
2. how do you determine that access is normal, or how do you manage access permissions? (Appendix: how to obtain the passed parameters)
3. is there an encryption method? Https? Is there a distinction between different occasions?
4. how to solve the encoding problem?
5. how to control interface version iterations?
6. how to upload files?
7. how to prevent injection? (If you do not use a framework)
8. how can I increase the access speed? How to improve concurrency?
Okay. after reading the question, let's continue with the story!
Pre-editor: The company is a small company. after its establishment, there were few technicians. almost one person was responsible for a project, such as web front-end, web backend, Android, and IOS. Obviously, my task is to provide server interfaces! (I have poor experience)
Question 1: how to provide services? the reason why I want to use these services is that I am using PHP for development. PHP has these things, so naturally, soap and yar are really good between PHP and PHP programs. However, you need to connect to the mobile terminal, not just Android, but IOS. So we can only make it international! The restful architecture is actually an address, so you can operate it. Don't worry, everyone is doing this. that's right! (Appendix: please consider whether it is necessary to use a complete MVC framework to provide interfaces)
Question 2: Why is There access permission? If it is your own website, then the address you visit is provided by yourself, and you do not need any access permission control at all! However, if you provide external services, you have to consider it. What should I do if the visitor is not an internal visitor? Is he logged on? How many people are visiting this service? These things should be clearly presented. How can we control visitors? Method 1: write a few things such as passwords in the program to enable the client to access them with this variable for verification; method 2: provide an appId and appKey for each client (I am talking about a set of source code such as Android or ios). In fact, many large companies do this; method 3: use Oauth and other authorization methods. Obviously, Method 2 is the best way. with this, you can easily record valid access records! (Practice: create a permission table and an access log table. if necessary, create a module access permission table and an error description table)
Question 3: Encryption. generally, we can use json (convenient) to provide interfaces. that is to say, almost all access requests are transmitted using clear codes, then there must be some preventive measures to assume that the information is intercepted (in fact, this assumption is also easy to establish )! For general information, add a common signature, for example, appId + appKey + access parameter + timestamp + random character n and then md5 to obtain the signature, the server first verifies the signature and then performs subsequent operations after confirmation! Of course, for payment-related operations, such operations are still not safe enough, so special treatment is required. with https encryption, it is much safer!
Question 4: Coding Problems. maybe many people think this is not a problem. But what I want to say is that PHP code writing is really convenient and casual. md5, json_encode, and other built-in functions are all languages, but java and swift may not be that simple, you have to find something encapsulated by someone else. sometimes the signature may be incorrect if it is slightly incorrect. all accesses are invalid! (Here we mainly talk about Chinese characters.) at that time, we all used UTF8 editor development, so there was no major problem!
Question 5: version iteration. this is a problem! Because, if the whole website is yours, you can change everything you want. However, only your website can be accessed by others. But mobile apps are different. everyone is independent, and their versions are different. If you share a set of interfaces, a small change will be fine and backward compatible. However, some major changes will be fatal, either force the user to be unable to use it for updates, or you can continue to write unnecessary and unmaintainable redundant code! Therefore, version control is required. the main implementation is to pass in a version parameter to call different internal interface addresses. of course, you can direct the interface address to another directory! In this way, many version interfaces coexist! For example,/pro/api/v1.0/xxx,/pro/api/v2.0/xxx
Problem 6: uploading files is also a problem, because the text content is transmitted to the server in other places, and the database can be saved directly. However, the files uploaded are different. If it is a website, you can only use Form form for submission. you must set the attribute multipart/Form-data and declare it as the file type. That is to say, it cannot be submitted in normal json format! There are two solutions. Method 1: submit the file to the server in the form of a form, the server returns the address, and then combines the address into other options to submit it in json! Method 2: The entire content is submitted in the form of a webForm. This type of page handles permission issues independently and determines whether the request is forged. you can add a page to hide the token verification!
Question 7: preventing injection. maybe it's too low as a developer, but I can't help but mention it, because it's really important. In fact, the interface is easy to do, accept data, save data, and return the status. Therefore, I really feel that there is no need to use some very mature large frameworks, which is too bloated! Then, you can solve the injection problem yourself. Php uses mysql_real_escape_string and htnlspecialchar for filtering. this is enough!
Problem 8: interface access speed, which is very important. Have you seen that the access speed of any App is very slow and everyone is willing to use it? The second is the king. due to various verifications and various log records, it has consumed a lot of time, so we should pay more attention to efficiency issues. Index, cache, load balancing, and distributed... Haha, too broad
It took more than a month to complete a complete set of interfaces from the very beginning to the end. I felt that there were still a lot of problems, and then I was prepared to push messages, after a persistent connection is established, the project is interrupted due to some reasons.
Write a little bit about the process at that time. I still remember that when I started to do this, there were so few references that I had no confidence in doing so many things. just feel it !! I hope this article will help some people in this period!
Thank you for your criticism. thank you for your correction!