Three Painful Lessons You Can Avoid with Your APIs and Mobile Apps
Take a look at this advice from a seasoned developer about some of the things you should avoid when it comes to APIs and API management.
Join the DZone community and get the full member experience.Join For Free
In the 25 years, I have spent in the development world, a few of my projects have failed.
But whether it was an API or mobile app, what I gained out of those failures was the lessons learned.
Yes. Sometimes they were painful lessons. And no, I didn't have to see my failures broadcast on national television. I guess I was lucky in that regard.
About 8pm EST on February 3, 2020, citizens in the United States started hearing stories about usability and other issues with the mobile app used in the Iowa Democratic Caucus. Within a couple of hours of that, all major news networks were reporting that results were delayed and that the mobile app used in caucus was the cause of the delay.
By the next morning, news agencies and websites around the world had reported what we now know:
Mobile apps are tricky.
If something goes wrong with a website or even an API, you can publish an updated version without the end user even being aware of it.
Not so with mobile. If you release a new version, Apple and Google could take hours or days to approve and publish it. Even if you get it fast-tracked, and it is in the App Store hours later, you have no guarantee that the end-user will install the updated version with the fix.
Which is why it is absolutely critical to have an API and mobile strategy and follow best practices when designing, developing, and publishing your mobile apps and APIs.
You might not get a second chance.
My dad always said he hoped I would be able to learn from his mistakes and not have to experience them for myself. This advice has served me well so let's see what we can all learn from this so you and I are not the next making headlines (for all the wrong reasons)!
The Iowa Democratic Caucus has received a lot of attention this year because reporting of results was delayed due to issues with the mobile app used. This was not only a wake-up call to other US Primaries and Caucuses that were considering using this app but also to enterprises globally as nobody wants to be in the headlines for this kind of avoidable mistake. The damage to your reputation after something like this cannot be easily repaired.
Here Is Some of What We Know
Platform: Android Name: IowaReporterApp Description: Distribute results of primary caucus to centralized location Mobile Framework: React Native Publisher: Shadow, Inc. Distribution: TestFairy (as opposed to the Google Play App Store) Development Time: 2 Months
So what are the smart choices my enterprise can make to be safe and avoid this?
1. Know the Maturity of Your Mobile Framework
A very high percentage of iOS and Android mobile apps are written using cross-platform native mobile frameworks. The reasons for this are many but the short story is it saves companies resources (and money) while giving them the performance advantages of platform-native solutions. While this is smart and the right choice, not every cross-platform native mobile framework is at the same maturity level.
React Native (created by Facebook) has not yet reached the "
1.0" milestone status and is currently at version 0.61 at the time of publication. What this can mean there are still things that make this not quite "ready for prime time". Still, a lot of enterprises will take that risk because it is Facebook or they want to use the latest hot thing. Compare that with Titanium Native mobile framework which is part of Axway's AMPLIFY Platform.
Titanium SDK is currently on version
8.3.1 and is coming up on 10 years as a solid choice for cross-platform native mobile development.
The point, however, is not that the app failed because it was written in React Native but that enterprises (knowingly and unknowingly) expose themselves to risks every day by using mobile frameworks that are not fully vetted and mature.
2. Understand APIs and Integrations
You have got to realize that you are just looking at the tip of the iceberg when you look at the mobile app. If you fail to understand that, you will be in for a surprise. A big surprise. APIs are how non-humans (websites, mobile apps, and everything in "the cloud") talks to each other. APIs run the world and they are used for authentication, messaging, financial data, video, content, commerce, B2B, B2C... this list goes on and on. There are a LOT of things you need to be aware of when publishing APIs but a few top concerns are:
- Security (How am implementing policies so that my APIs and data are safe.)
- Scalability (How do I scale my APIs if I suddenly have a lot of users)
- Integrations (How do my APIs integrate with other APIs in a way that is fast and reliable)
If you don't have an API strategy when designing, developing, and publishing your APIs, something is going to fall through the cracks. When things fall through the cracks, it might end up on CNN and Fox News.
But I am not sure I need API Management!
The Titanic didn't think it needed lifeboats either. Seriously though, if you are a medium to large enterprise business and don't have a plan for API management, get one.
Start small, if you need to, but the point is: START .
I have worked with a lot of enterprises over the years and you don't want to be playing catch-up when demand for your product is high but the strength of your APIs is not. Trust me. Your competition is already thinking about this. This is probably one of the biggest reasons for the Iowa failure that drew so much attention.
Because APIs and integrations are a silent and invisible part of a mobile app or websites success (or failure), they are often not given enough ❤️ until it is too late.
I can't emphasize this enough.
3. Testing, Testing, Testing
When projects start going over-budget or over-time, proper testing is often one of the first things that gets cut or reduced. Your APIs and Mobile Apps need
You need a plan for this as well because having a few people randomly using the app IS NOT TESTING!
As an enterprise business, you absolutely must have thorough test plans. This needs to be created by an experienced, senior QA Architect. If you are outsourcing your testing, get involved to see who is creating the plan and have a 2nd (or 3rd) set of eyes on the draft and final plans to be sure it is a solid and thorough plan.
Here a few clues that your API and Mobile App Test plans might be missing something:
- It doesn't include all the scenarios the user may take in mobile app.
- It doesn't include all the scenarios the API might be used.
- It only includes the "happy path" (the tasks most likely used by users).
- It is missing a lot of negative tests (what happens if bad input is used with mobile/api)
- It doesn't address security.
- It doesn't include a plan for load testing your APIs with numbers far greater than you would ever expect to use it.
- You do not feel completely overwhelmed after looking at the sheer number of things that need to be tested ��
API and Mobile Strategies are journeys that you take with many milestones along the road. They will continually grow and mature just as your enterprise will as well. The same way you adapt to the changing business landscape, your API and Mobile Strategies will need to adapt to new technologies and threats that appear every day.
Published at DZone with permission of Brenton House, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
The SPACE Framework for Developer Productivity
Getting Started With the YugabyteDB Managed REST API
Operator Overloading in Java
How To Use Pandas and Matplotlib To Perform EDA In Python