Geek Answers Handbook

IPhone Web Service Using Zend Platform

I am very new to developing applications for the iPhone and PHP, although I have 8 years of experience using .NET technologies. We started developing an application for the iPhone that will communicate with various third-party APIs such as facebook, twitter, four square, geo-code google.

Now, many of these interactions must come from the APP itself, for example, for initial authentication with facebook, sending messages to facebook, etc. But we need some of the interactions to happen on the server for various reasons, and since I am a .NET developer, the explicit tool I could come up with is web services.

We did not want to use SOAP for various reasons, and we tried to develop our own infrastructure for web services using JSON, but realized that it would be too much effort to add features such as security to the environment.

So, we decided to go with an established structure such as Zend, where we could implement security and other functions out of the box. We must also decide to use Zend Json-RPC and use Zend REST. The questions that I have are multiple, please understand that I am very new to PHP development, so some of my questions can be very simple.

  • I would like to know who has an iPhone application that interacts with a large number of third-party APIs, how much interaction you put on the server and are there any other effective ways to communicate with the server other than using web services?
  • Between Zend REST and Zend RPC, which is safer and which will have less development effort, I assume that Zend REST will be safer and Zend RPC will be less development effort.
  • Is it good to use an established framework such as Zend for your development, where we believe that performance is paramount, will Zend use to add overhead in terms of performance?
  • How secure are Zend Json-RPC calls, how can I make service calls more secure when using Zend Json-RPC.

I am a .NET developer, moving on to developing APP and PHP, so I hope to get some recommendations on the whole approach, which we plan to take from some of them experienced in these areas.

+4
source share
1 answer

Let's see how best to answer this question.

Answer to 1

There was no iPhone app. At work, I create / maintain an Adobe AIR client application that makes many service calls. My rule is to do something that makes sense on the client (use their resources), instead of constantly messing with the server. Usually, our application downloads all the necessary information from the server and has enough data to do business. From time to time, he needs to send this information back to the server, which will be stored in a safe place, but most of the logic of how everything works in the client application.

Because we use Adobe technology, we use AMF as the transport protocol for sending data between the client and server.

Answer to 2

Security will be up to you. I talk about this more in step 4. For REST, you simply pass get / post / delete / etc with values ​​that are not hidden. XMLRPC you just pass xml that everyone can see. Now REST is a discussion. Since there is no real standard, it is difficult to determine what REST is when people talk about it. If you want to use REST, I don't think that Zend_Rest really does a good job of handling it. There are other frameworks that focus on REST that may work better for you. Also, if security is important, use HTTPS instead of HTTP.

If you decide to do REST (the right way ) I think you will need a lot of time.

Answer to 3

All about how you create it. I use Zend for the services I described above at work. I built it in such a way that you can use the whole API using JSONRPC or AMF (and I can easily add XMLRPC or others if I want) and consume the same resource. I use AMF for our AIR application and I use JSONRPC for my PHP sites / tools. I like JSON better since I feel it is less weight than xml and it is easier for me to work.

Then I have a cron job where every night I cache thousands of requests that cost data from db to memory. The data that I know will not change the next day and will be used quite often. Everything that is not cached by this process will be cached individually at the request of the client with a specific expiration time. What all of this means, all of my business calls are extremely fast and efficient. Many times I don’t even have to hit db, so the server-side request processing time is a split second.

In addition, if you use Zend, do not use the framework for the API, just use the server module as a separate part. Do not use the entire MVC stack, just create a separate file for each protocol that you want to use. I have json.php that handles JSONRPC requests and an amf.php file that handles an AMF request. Both files inside are quite lightweight, they just need to run Zend_Json_Server or Zend_Amf_Server, assign the class path where my classes are located, and process the request.

Answer to 4

Whatever protocol you use, you will need to integrate security into it, as with any protocol. You can use Zend and acl authentication modules. If you transfer sensitive data back and forth, be it json, xml, rest, you will need to encrypt this data, or someone will see it. AMF is a binary format that is a little harder to do than that. Whichever protocol you choose, you still need to create an authentication mechanism to make sure others don't use it without access.

If you are looking for more information on the various ways to create web services using Zend, I think the Zend Framework Web Servicces book is a good resource to start with. Hope this helps you get started.

+4
source

More articles:


All Articles