I have had experienced with iOS development but no Client Server type applications.
I have heard about HTTPS, REST, JSON, etc. I am confused on the differences.
My app that I want to build is getting a list of data to output to the user and also sending a form to the server to be processed. E.g. A Membership Application to the Server with personal information and other pertaining information to be stored in the server. I also need the connection to be secure and the user must logon to the server with a username and password.
How does my app communicate with the server? Is it using NSURLRequest?
What is the best method or protocol to accomplish this?
Thanks!
HTTPS, REST, and JSON are different tools you can use when performing networked operations (more specifically, a secure protocol, a web service architecture, and a method of object serialization, respectively). If you don't know what these mean, I would do a little reading before attempting to build an iOS app that functions as a client. The link johnathon posted in the comments is a little low-level for what you're wanting to do, but searching around for "consuming a web service with iOS" might be good.
Also, does the service already exist? If so, your task is essentially to understand how to communicate with the server.
Once you're a little more up-to-speed on the fundamentals, however, the AFNetworking library is phenomenal.
Related
I'm just starting iOS app development with Swift (and in general) and I'm looking to get some information on popular practices when creating apps that require communication over arbitrary networks (i.e. not necessarily on the same network). I tried searching this on google but the answers weren't entirely what I was looking for; hopefully somebody can point be in the right direction. I wouldn't mind paying for a service, but unfortunately I don't know the first thing about backends and don't want to end up overpaying for services that I don't need. For example, I found an API called Parse, but I think it has far too many features that wouldn't benefit my app. Here's the main premise of the app:
There are two versions of the app - one for Admins and one for Employees
The Admins have the ability to post notes to a central list of notes for the employees to see
The Employees can access this list and scroll through it to pick which one they want to open. After a certain number of time, the notes expire and are removed from the list automatically
It's as simple as that. There likely won't be too many notes getting sent at once, so a large database isn't needed. My questions are as follows:
Do I need a database to store the notes, or can I handle it in some other way?
How is communication generally handled? The only things I've come across are ways to communicate when you're on the same WiFi or Bluetooth, but I haven't seen anything outside of that. How does an app like GroupMe communicate to users?
This is more of a general question, but how can you tell if you need a backend or not? I'm still kinda confused on the interaction between the frontend and backend.
Any help for any of the questions is greatly appreciated. I feel as though I don't even know where to start with a project like this.
EDIT: To clarify, I'm just looking for a place to start, not code or any implementation.
It's as simple as that. There likely won't be too many notes getting sent at once, so a large database isn't needed. My questions are as follows:
Do I need a database to store the notes, or can I handle it in some other way?
Yes you need some kind of database. That could be something complex like MySQL or something simple like writing a txt file for each note to the disk, with the filename being the date of the note.
You could use a service like Parse or run your own PHP server and write the software yourself. Parse is cheaper for a small database, running your own PHP server is cheaper for a big one and it gives you more control.
(You don't have to use PHP, but that is the most popular language for these things and it's what I use).
How is communication generally handled? The only things I've come across are ways to communicate when you're on the same WiFi or Bluetooth, but I haven't seen anything outside of that. How does an app like GroupMe communicate to users?
Usually your the phone sends a HTTP POST request to the server with some text in JSON format in the body of the HTTP request.
The server then responds with more text in JSON format in the response.
On the phone you use NSURLSession to handle to do the network communication and NSJSONSerialization to encode/decode the content. On the server, there will be something equivalent available.
Usually there would be a username and password or some other authentication system in the HTTP POST JSON text that tells the server wether or not the user is allowed to do whatever they're trying to do.
All communication between the phone and the server must be encrypted using SSL to protect your users. Do your homework and make sure you get this part right before you deploy your app to the store.
Parse will handle all of that stuff for you, but it's good to at least understand what's going on.
This is more of a general question, but how can you tell if you need a backend or not? I'm still kinda confused on the interaction between the frontend and backend.
You know you need a backend if you want two devices to communicate without being on the same WiFi/Bluetooth network. This is a security feature that cell network carriers (and home broadband ISPs) enforce to prevent malicious activity.
Generally only a commercial internet connection (and commercial router) will allow anonymous incoming network packets to get through to a phone/computer connected via that internet connection. Consumer internet connections only allow traffic coming in from a known source (for example, if you ask Google for some data, the router will temporarily allow Google to send some data to you. But if Google just sends some data without a phone/computer in your home asking for it, then it will be rejected).
You should be able to take what I've written and do a bunch of research.
If you decide to go with writing your own system in PHP, it comes pre-installed with OS X (just has to be enabled) and you can access it by IP address from the phone as long as you're on the same IP address. That should get you started for testing/development purposes at least.
The only part you won't have is SSL. Starting in iOS 9 (it's almost here!) you will need to disable NSURLSession's built in check for SSL or else it won't let you connect to the test server.
I a thinking of creating an iPhone/iOS app that would include a feature where one user could create a list of words and then save them to their account on a server. Also (and this is very important), the user could share their list with other users by giving them permission.
So my question is, how can I go about creating such a server? For right now, I have a home computer (running Windows XP that just stores data for my music system) which I can use to host the server. I am also open to the use of other online storage services like Google Drive or Dropbox (I can't remember if Amazon does anything like that). However (and I know this may complicate things a bit), but at least for now, I want/need to stick with free services/options.
Just to recap, the key features that I am looking for are:
create users/accounts (on the server)
eventually I may [try] to incorporate the use of other services to log users in like with their email account, OpenId, etc.
the ability to access (log in to) the server (with credentials) from my app
the ability to send/receive data between the server and my app
the ability to share data between users
I know this is a lot to ask for, but if anyone has any suggestions or can get me going in the right direction, it would be much appreciated.
The basic setup would be as follows:
Backend: Database (MySQL), Web server (Apache), with server side scripting (PHP).
Client: iOS device with developed app.
Communication: use HTTP client/server model, communicating with something like JSON.
This is much the same setup as a web server, but instead of serving html/css/javascript etc the results will be JSON.
As far as implementing specifics such as login in, and sharing data between users, this is purely dependent on your implementation. This is not trivial, and not something that can be easily stated in a single post.
Hope this helps.
You could build your own webservice in PHP, Ruby or Python. If you do so I would recommend building a RESTful webservice (http://en.wikipedia.org/wiki/Representational_state_transfer) and then use RestKit (http://restkit.org/) to handle the data in the iOS app. Especially RestKit's CoreData integration is nice in my opinion.
Another solution would be using a service like Parse (https://parse.com/products/data). The first million or so requests per month are free but after that it could get pricy. I personally have not tried it so I couldn't tell you if it is any good.
I'm currently building a mobile application (iOS at first), which needs a backend web service to communicate with.
Since this service will be exposing data that I only want to be accessed by my mobile clients, I would like to restrict the access to the service.
However I'm in a bit of a doubt as to how this should be implemented. Since my app doesn't require authentication, I can't just authenticate against the service with these credentials. Somehow I need to be able to identify if the request is coming from a trusted client (i.e. my app), and this of course leads to the thought that one could just use certificates. But couldn't this certificate just be extracted from the app and hence misused?
Currently my app is based on iOS, but later on android and WP will come as well.
The web service I'm expecting to develop in nodejs, though this is not a final decision - it will however be a RESTful service.
Any advice on best practice is appreciated!
Simple answer: You cannot prevent just anybody from acecssing your web site from a non-mobile client. You can, however, make it harder.
Easy:
Send a nonstandard HTTP header
Set some unique query parameter
Send an interesting (or subtly non-interesting) User Agent string
(you can probably think of a few more)
Difficult:
Implement a challenge/response protocol to identify your client
(Ab)use HTTP as a transport for your own encrypted content
(you can probably think of a few more)
Of course anybody could extract the data, decompile your code, replay your HTTP requests, and whatnot. But at some point, being able to access a free Web application wouldn't be worth the effort that'd be required to reverse-engineer your app.
There's a more basic question here, however. What would be the harm of accessing your site with some other client? You haven't said; and without that information it's basically impossible to recommend an appropriate solution.
I am new to iOS app development and am interested in developing an app that needs to utilize existing technologies to sync app specific data across multiple i-devices (iPhone, iPad, Touch, etc.). As an example, the app can be installed on multiple devices. On one device, the user will initially create an account. Then in subsequent logins, the user may create a task list, and each task item may possibly include a captured photo image. On the user's second i-device, as he logs in, he would be able to see and access the list and images (locally). Can someone explain to me what technologies I can leverage on to implement such an app?
Specifically:
How do I set up and manage the user accounts? Do I Need a dedicated server and sql database set up for my entire user base? And what programming/scripting languages do I need to learn?
How about the mechanism of pushing and pulling app data from one device to another? Do I need some kind of cloud technologies (SaaS?) to handle the storage and transferring of the data?
Any specific open source or commercial products I can leverage on?
Thanks in advance.
Kenny
I personally have not have had a situation like this, but here is what I would recommend.
You will need to have a server set up with database software.
You will need to write an api for yourself based on HTTP POST (REST) or maybe you could write a SOAP service.
I would HIGHLY recommend purchasing an SSL cert. for your server that way you can send the username and password in your request and it will be encrypted automatically.
For the api, you have a whole selection of languages and databases at your disposal. I am personally biased towards asp net with an MSSQL server.
with your api you will need to write methods to authenticate the user, and then save and send your data.
In your app you will simply send web requests to the server (ASIHttpRequest maybe?) and you can receive JSON responses back, which you can then deserialize into workable objects and vice versa.
if you do use asp net, you can use the newtonsoft JSON library to convert your objects for sending and convert received objects.
I dont remember the name, but there also is a JSON library for obj-c that is usable on iPhone.
Use a SQL server and host a database of logins and passwords.
Then, from each device, create a connection to the server, and download the login information for the account.
Also, not to be rude but: Google it.
As I begin building the framework of my first iPhone app, I'd like to learn more about the "standard" or preferred approach for interacting with HTTP servers. I assume most of these iPhone apps initiate HTTP connections to send and receive data. What is the preferred data format and method for going about this task?
Secondary questions: Are there other ways of sending/receiving data to a server? Should I avoid using a PHP web server as the middle man in interacting with a few databases?
Current process:
Outbound: iOS -> Http request -> PHP -> MySQL Database
Inbound: MySQL -> PHP -> JSON Data -> iOS
I would use XML to communicate with your server unless you are doing something special (Video/Audio or packaging your own data). Cocoa has built-in support for XML so it would speed up the development process.
There are other ways to communicate with the server. You could write your own protocol which would only be understood by your client (Maximum security but could be hard to maintain or bugs could be discovered). You could use someone else's framework (like JSON).
For more details about JSON, please see this link iPhone/iOS JSON parsing tutorial
You could try NSURLConnection. It is usually your best bet. It's the preferred method to access web resources. Be sure to check out NSURLConnection SSL HTTP Basic Auth to see how to use SSL. If your're debugging and your certificate is not quite trusted, check out: How to use NSURLConnection to connect with SSL for an untrusted cert?.
As for your Database question.
I personally would use a PHP Webserver that communicates directly with my Database because
1. I can change web hosting companies and my iOS app will only need to know the domain name (www.example.com/?username=abc&password=0000&uuid=000000&data=PackagedData)
2. I can upgrade my DB plan from FREE to something that can manage more connections (or the type of DB) and I just need to update the connection strings in my PHP Script (no need to update client iOS app)
Here are some scary reasons why you don't want direct communication with your database server
1. If you are storing sensitive non public data (usernames, documents, passwords, etc) then you're taking a HUGE risk. A clever hacker can reverse engineer your app and find the strings you used to connect to the DB and then gain access to your DB (without your knowledge). Possibly use the data or sell it!
If you ever decide to choose a new DB server or if your hosting company decides to give you a new IP (or sub domain for your DB Server) then you will have to update ALL your clients immediately and you may need to send them Push notifications to inform them that your App will stop working unless they upgrade.
There isn't a preferred format. Personally I like using JSON but some people swear by plists because of the speed. You can also use XML if you are more comfortable with it. I've found working with JSON REST API's very enjoyable on iOS using ASIHTTPRequest and JSONKit. It's been pretty easy to get started and the flexibility allows for some really cool stuff.
You should definitely use a PHP Server as the 'middleman' because you'd want to validate your data on the server side as you receive it. Exposing your DB directly exposes it to attacks and using PHP you could save yourself a lot of headaches and issues. Of course you can use other frameworks and languages such as Ruby (RoR, Sinatra etc.), Python (Django) and others
Your current process looks just fine to me and is what many services on the Web use to solve this exact problem.