How to Build RESTful API for Your Mobile App?

Are you a relatively new developer creating ’application programming interfaces‘ (APIs) for your mobile app? You are likely considering building a RESTful API, and why not? ProgrammableWeb, a very popular API directory, lists over 5,000 RESTful APIs. View their list of RESTful APIs in this ProgrammableWeb search listing.

Although these are very popular, you need to know how to build RESTful API for your mobile app. I will explain that in this article, but first, let’s understand APIs, and what RESTful APIs are.

Contents

What is an API?
What is a RESTful API?
How a RESTful API for mobile app is different
Skills to create a RESTful API for mobile app
Tools to consider when you build your API
Hosting decision for your mobile app
Data security in your RESTful API for mobile app
Manage environments for your API for mobile app
Get a robust database solution to develop your API
Readiness to support multiple platforms
Design of URL paths for the RESTful API for mobile app
Design effective rules for requests and responses

What is an API?

An API is a tool that developers can use, where they provide certain data and consume services that it provides. It lists a set of operations developers can make use of, and it describes the functions.

If you are a developer, you don‘t need to know how APIs do their work, you just use them. Well-known platforms nowadays have many APIs offering standard functions, so that you don‘t have to code them.

APIs are everywhere now, for e.g.:

  1. If you want to click pictures using your smartphones‘ camera, you don‘t code an interface for the camera, rather you use their API.
  2. If a website you visit asks for your location, it intends to use the geolocation API in your browser. APIs can control access to your hardware devices and software, and you can deny that request. This way, APIs also play an important role in security.

Read more about APIs in “What Is an API?”.

What is a RESTful API?

REST, i.e. ’REpresentational State Transfer‘ is an architectural style. Roy Fielding had first come up with this concept in 2000. Read his dissertation on this architectural style for a detailed study.

Download Our Project Specification Template

This architectural style has its guiding constraints, as follows:

  1. ’Client-Server‘: The user interface concern is separated from the data storage concern, which improves portability.
  2. ’Stateless’: A request from the client to the server must have all the information to understand the request and can’t depend on stored context information on the server.
  3. ’Cacheable‘: A response to a request must label data as ’cacheable‘ or ’non-cacheable‘.
  4. ’Uniform interface‘: Component interfaces are standardized following specific REST guidelines.
  5. ’Layered system‘: The REST architectural style makes use of hierarchical layers.
  6. Optional ’Code on demand‘: Enables downloading the client functionality code as applets or scripts.

Read “What is REST” to know more about this architectural style. A RESTful API uses this architectural style, and ’HyperText Transfer Protocol‘ (HTTP) requests to create, read, update, and delete (CRUD) data.

How a RESTful API for mobile app is different

You need to keep in mind that a RESTful API for mobile app is a bit different, as follows:

  1. While RESTful APIs communicate using HTTP in general, for mobile apps HTTPS, i.e. HyperText Transfer Protocol Secure comes into the picture. It’s a form of HTTP, however, it’s more secure, because it uses a secure socket layer (SSL). To know the difference, just check the website of your bank, and you will notice a green padlock sign at the top left of your browser. Read more about HTTPs in this techopedia definition.
  2. Mobile clients should do as little as possible, while servers should do most of the work.
  3. Mobile app users are very demanding, hence, make sure you get a top-quality hosting solution, so you can avoid server issues.
  4. You have seen the high frequency of mobile app updates, and you can expect the same for your apps too. Establish a robust version-control process, so you can manage the changes well.
  5. Most mobile users expect that the app should offer at least a limited set of functionalities even when offline. However, when they are back online, they should see the database reconciled with their offline activities. You need to factor this in your API development project.

 

Skills to create a RESTful API for mobile app

I assume you have already assembled a team for your mobile frontend, including UI/UX skills. You have likely onboarded testers too, hence I am only listing skills for RESTful API development here. You can use any of the below programming languages to develop it:

  • C#, VB.Net: You should use the ASP.Net framework;
  • Java: The famous Spring framework is just fine;
  • PHP: I recommend that you use the Slim framework;
  • Python: Flask framework is good enough;
  • Ruby: You can use the well-known Sinatra framework;
  • js: Using any one of Express or Strongloop framework would be fine.

I also recommend “Learn REST: A RESTful Tutorial” for your team as a good learning resource.

Tools to consider when you build your API

I recommend that you use the right tools when you build APIs to provide web services for mobile apps. You should consider using a good project tracking tool. Also, consider a good testing framework and a helpful API documentation tool.

Following are my recommendations:

  1. Trello: It’s a popular SaaS product for project tracking and collaboration, and you only need to visit the Trello website to see why! Remember that your REST API development project is one of the several components of your overall mobile app development. Frontend developers and testers will have dependencies on the API development workstream. Transparency about the project status is important, so is the ability to collaborate. Equip your team well!
  2. Your choice of the testing framework depends on your choice of programming language. I provide a few examples, as follows:
    1. If you are coding in Java, ’REST-assured‘ is a good option. It‘s easy to integrate it Java-based automation frameworks.
    2. Postman is a compete API development tool, which you can use at every stage of your API development workstream, including testing.
    3. Chakram is another REST API testing framework that runs on Node.js. An advantage of it is that you can write very clear and comprehensive tests.
  3. APIs are far more important than most people imagine because they allow you to monetize the information you hold over a sustained period. However, success APIs need excellent documentation so that developers find it easy to use it. You need to document all error codes, and messages for successful and failed calls very clearly, and for this, you need a good tool. I recommend Swagger, it supports many languages.

 

Hosting decision for your mobile app

It‘s not just about the RESTful API you are building, but a good hosting solution is imperative for your mobile app. You have a wide range of options, as follows:

  1. Amazon Web Services: Amazons‘ expertise with Cloud computing doesn‘t need an introduction. They provide a free tier; however, you may need to upgrade it depending on your app.
  2. Google Compute Engine: This is Googles‘ ’Infrastructure as a Service‘ (IaaS). Highly reliable, performant, and scalable, this also allows you to create and run your virtual machines.
  3. IBM Cloud: Highly competitive on all parameters like network, bandwidth, management, and customer support, IBM Cloud offers you both bare metal and virtual server options.
  4. Digital Ocean: With this IaaS provider, you get good processes, methods, and tools (PM&T) for scaling, management, security etc.
  5. Rackspace: Gartner Magic Quadrant report for 2018 lists Rackspace as a leader among Public Cloud Infrastructure Managed service providers.

Read a detailed comparison of your hosting options in “Where to Host Mobile app Backend?”.

Data security in your RESTful API for mobile app

Securing users data is your responsibility. Make no mistake, your users will not take kindly to any breach of their data security. If you needed a proof, compare Facebook stock price between 25th July and 26th July! The 20% drop is directly attributed to the Facebook Cambridge Analytics data privacy scandal.

Read How We Helped a Marketing Company to Build a Back-Office Custom Ads Dashboard

A basic HTTP is simply not enough. Well, HTTPS is certainly better, and the hosting providers I listed above will all enable you to use that. However, it may not be enough.

Most mobile apps ask for user permission for certain access, and your APIs will most likely need to do that as well. While the security improves with HTTPS, it doesn‘t enable your API to ask for user permission.

You need OAuth 2.0 for that. It‘s a reputed authentication framework, and the version 2 has significant improvement and simplification over OAuth 1.0. You need HTTPS as a precondition, for communication between a client and an authorization server because of sensitive data. Read more about OAuth 2.0 in “The Simplest Guide To OAuth 2.0”.

Please pay special attention to how you store your users‘ password. You should strongly consider encryption of it, and use well-established password encryption approaches, for e.g. ’salted password hashing‘. Read more about it in “Salted Password Hashing – Doing it Right”.

Manage environments for your API for mobile app

You need to plan for three environments when you develop your API, as follows:

  1. Development: This is where you will do all your changes and bug-fixes. It’s okay to use test data generated by your team in this environment. However, consider automating the test data population with scripts. You need to mirror your entire workflow so that you can do a complete integration testing, even if with fewer data.
  2. Staging: Once your testers have approved the test results in the development environment, the code needs to move to the staging environment. Here you need to data as close as possible to the production environment with similar volume. However, you need to mask sensitive data. I recommend using ’HushHush‘, which is a good data masking tool. It works with most prominent databases like Oracle, DB2, MySQL, and PostgreSQL. Read more about this tool in the ’Mask-me‘ website.
  3. Production: I recommend that you build a team to manage your production environment according to the ITIL standards. Get professional help if you need to.

 

Get a robust database solution to develop your API

The kind of database you use depends on the design of your apps. Explore the following options:

  1. MySQL: It‘s a very popular relational database management system (RDBMS). It deals with structured data and it‘s very stable. There is a rich ecosystem of tools and frameworks, however, scaling requires in-depth knowledge.
  2. MariaDB: It‘s another open-source RDBMS, with many similarities with MySQL. There are many libraries, and your development team will find it easy to use.
  3. MongoDB: This is a non-relational database, hence there are no tables. While you can scale it easier than an RDBMS, your team should be knowledgeable enough to design the database well.
  4. PostgreSQL: It‘s an Object-Relational database, and it‘s becoming increasingly popular. There is a vibrant ecosystem, learning opportunities are plentiful, while the database is robust and reliable.

 

Readiness to support multiple platforms

The RESTful API you are building should be flexible and support multiple platforms like Android and iOS. You should minimize the amount of processing in the client, and let the server do the bulk of the data processing, like sorting, filtering, etc.

Also, design your request header template in such a way that it captures device names, device types, and OS versions. This will help you a lot in future debugging since you can get this information in the logs.

Design of URL paths for the RESTful API for mobile app

Your API URL endpoints should clearly indicate what the request is about. This will help you in maintaining your API in future. For this, you need to effectively use the verbs and nouns.

Verbs are actions like GET, POST, PUT, DELETE etc. Use them to instruct the server about the action it should take. Also, the URL should contain the nouns, which correspond to the resource-types. Check out this “Creating a REST Web Service With Java and Spring (Part 1)” guide for more details.

Design effective rules for requests and responses

You need to follow certain best practices when setting up rules for requests and responses. I cite a few such rules; however, this isn‘t an exhaustive list:

  1. Let the client send the full object in the request but design your server-side logic to handle a request even it has fewer data. Don’t assume “null” for missing values, instead you need to have code to identify null.
  2. Design your status codes with consistency and clarity. Create an effective naming convention.
  3. Be consistent with date and time formats, use ISO 8601 format and UTC values. The client should show the date and time value to the user according to the users’ time zone, and the server shouldn’t calculate it.

Consult “RESTful API Design Tips from Experience” for more such design rules.

A RESTful API for your mobile app is a significant investment on your part. You are developing it on your own because you have valuable information that you can monetize. Otherwise, you would have probably used a suitable one from many APIs already available. Now that you have decided to develop it on your own, plan the project well, and execute the plan with diligence. Get professional help if you need to.

Download Our Project Specification Template