On Designing an API for our Cloud Hosted Solution

This is my first post for quite a while - I've been quite busy in my new company, so this took a lot of my attention...

One of the items that was on my list ever since I joined Astoria Solutions was to figure out how to best empower integration into our Azure-hosted solution astorSafe. The solution is in the Cloud for several reasons, most prominently that its data and dashboards should be available from anywhere using (virtually) any device.

Connectivity-wise, it has a good number of different components already talking to it:

  • Users accessing it through a variety of web browsers
  • Smart Device apps on different platforms (Android, iOS, Windows Phone, Windows 8 Tablets)
  • RFID readers (LINUX-based, running a custom firmware)
  • Some of our other applications also integrate into the data provided by astorSafe
  • On top of those, we also wished to add access for 3rd party solutions

Until recently, all of these options each used different ways of communication, from direct database access up to WCF WebServices and different authentication mechanisms, which I wanted to reduce as much as possible.

I managed to actually find a great solution that proved to be able to unify all communication paths in a standardized manner - Web Api (www.asp.net/web-api), enhanced by HMAC-SHA256 request authentication, which is actually possible to implement in all of the platforms that connect to our system. In the end, this is actually quite elegant as it creates an open and transparent, yet fully secured way to access services from any platform (which is most likely why Microsoft Azure and other players like AWS use the same kind of method for publishing their APIs as well).

What makes Web Api particularly cool is that all of the items like Authentication, input/output formatting can be designed separately from the actual code servicing the requests, so once that is dealt with centrally, it becomes fully transparent to all other code. The only thing you have to do is define the data model for input and output, all the parsing and formatting is handed off to the relevant other components.