Solved

Website development when using HTTPS API calls to get/put information

Posted on 2014-03-17
15
34 Views
Last Modified: 2016-05-21
My client wants to have a website developed that will get/put information using HTTPS API calls. The app is in Google APP Engine. Most API calls require basic auth like ADMIN and REST. User credentials are delivered in request header.

Website version 1.0 should have at least these functions (most using API):

- browse images
- users can register an account
- login: no specific login request is needed as the API is stateless. User credentials are required in all request headers (device_token or username & password)
- user can upload an image to server which max dimension are checked
- website is in different languages
- website has an backend to handle things with admin credentials
- website has an full blogging system

I am in no means a web developer (mainly I provide design and basic functionality) so my question is that what would be the best way to handle this kind of scenario? I will of course need to use a developer but I'm unsure what to ask from him. I have been using WordPress for almost all of my client projects and most things like different languages, blogging, facebook, twitter and other integrations are easy to do with it. Unfortunately I don't have any idea how to proceed on rest of the things.

Suggestions with good arguments are appreciated :)
0
Comment
Question by:streenj
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Please tell us a little more about this, "The app is in Google APP Engine."  Thanks, ~Ray
0
 

Author Comment

by:streenj
Comment Utility
I don't really know anything more just now. I have just a list of all possible API calls and credentials to use the API. An example API function:

POST /user/register

Create new user

Accept form POST parameters:
Parameter Type required Description & restrictions

device_token String yes You can register without user_id and password with
device_token. If device token is upgraded to use user_id & password it can’t be used to login anymore and gives error.
user_id String
password String
nick String
profile_text String
email String
fist_name String
last_name String
phone_number String

Mobile app uses the same API in the future and I don't have anything to do with developing it. Developer said to me that every functionality that mobile apps or website needs to do (like to get images, register, login, get information from the db and save it to there) will be built to the API.

If more information is needed I will ask from the API developer tomorrow.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
OK, let me see if I can paraphrase.  You have the task to develop a web site that will use an API.  Another developer is building the API.  Your part of things may upload files, etc., and will transmit these files to the API for permanent storage.  Does that sounds about right?

If so, PHP makes a lot of sense.  WordPress is written in PHP, so the blogging platform is already built.

A little of the theory and practice of APIs is in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_12239-Introduction-to-Application-Programming-Interfaces.html
0
 

Author Comment

by:streenj
Comment Utility
Yes, that sounds exactly like this situation. So if I decide to use WordPress when creating the theme and blog + custom PHP for API functionality, will for example a new custom plugin for this situation be something to consider? Plugin would show relevant information (like registered users and their profiles) on the WordPress backend and provide functionality for changing/adding info as needed.

Also user authentication (login) on the frontend would be handled by custom API calls and maybe use WP sessions to show for example custom form only to logged in users or that specific user?

What about sorting information when presented in the frontend? Like 1000 pictures with different information fields and user want's to see the biggest amounts first.

I just try to think how this all could be accomplished using WP and what to ask without cornering myself in the future :)
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Like 1000 pictures with different information fields and user want's to see the biggest amounts first.
That would suggest to me that your part of the app would want to store the images or at least thumbnail versions of the images.  You would not want to transmit 1,000 images from API storage to your server whenever you wanted to generate a web page.

I expect that custom pages could handle a lot of the application.  A good WP developer would know.  To that end, I'll mark this question "neglected" and highlight the WP Zone.  Perhaps we can get another set of eyes on the issues.
0
 
LVL 32

Accepted Solution

by:
DrDamnit earned 500 total points
Comment Utility
To specifically address something you raise:

I am in no means a web developer (mainly I provide design and basic functionality) so my question is that what would be the best way to handle this kind of scenario? I will of course need to use a developer but I'm unsure what to ask from him. I have been using WordPress for almost all of my client projects and most things like different languages, blogging, facebook, twitter and other integrations are easy to do with it. Unfortunately I don't have any idea how to proceed on rest of the things.

You'll have to hire a developer (you know that), but before you do, you'll need to iron out exactly what the website is supposed to do. These are called use cases. This will form a basic "checklist" that you can use to manage the work product from a developer.

Once you have this checklist, you can cross off items that are typically performed by Wordpress - no reason to re-create the wheel.

Then, you'll need a developer's assistance to decide what functionality should be written as a plugin, and what functionality should be written as a stand alone script.

For example, using Wordpress plugins to write POST / REST API style coding is a nightmare because Wordpress and it's plugins rely on the loop to execute. When you are sending / uploading information via an API, the Loop is not only unnecessary, but it is clunky. The loop is designed to display posts on a page, and many Wordpress classes and objects are only available while in "the loop". So, you would need stand-alone scripts that instantiate a class of the loop in order to gain access to some things and manage the backend directly otherwise.

As far as where to find and hire developers, you typically need a team of no more than 5 people for large projects. Larger than 5 has diminishing returns because you start having to have meetings about meetings (I call them meta-meetings) so everyone is in the loop and efficiency takes a nosedive. You could hire a single developer to do this type of work, but single-shingle guys are typically hard to manage because they get overloaded with other work, and the overwhelm causes project delays.

In my business I have multiple 5-man development teams that do work like this for clients. (I am not doing a commercial here, but conveying how it works). We don't touch a project without a use case list because that is the key to never ending change orders and a bucket of missed deadlines and angry clients. That use case list is where you start. If they client doesn't have one, he's got to pay to have us create one for him.

As a designer, you need to do mock ups and show the client how it will work. "When you click here, you get this" type of visual demonstrations are also key in making a project like this successful - the first time.

Sometimes, the use case list will come after the mockup. Sometimes, it's the other way around. It just depends on the type of project.

There's a lot of minutia that go into managing developers. It's not as easy as going to a freelance website and hiring someone with good reviews. The impetus of the project, and the crux of success will lie squarely on your shoulders and your ability to prepare for the project and then manage it.

Ray is an excellent programmer and can probably shed some great light on how to get this done as well.
0
 

Author Comment

by:streenj
Comment Utility
Thank you from your insights Ray and Michael! As this upcoming website is relying heavy on API functions, I also talked briefly with my coder friend (PHP, Ruby on Rails etc.) and he said that these kind of built functions with custom design could be "easily" done using Ruby on Rails. Any ideas about this?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Yes, it often makes sense to prototype with Ruby on Rails.  It's much more "convention" than "configuration" (whereas PHP is the opposite) and the conventional nature makes for faster prototypes.
0
 
LVL 32

Expert Comment

by:DrDamnit
Comment Utility
"Easy" is a matter of perspective. They can be "easily" done in PHP as well.

I am in the same boat as Ray as far as using Ruby to Prototype. But, as far as Ruby for production projects, I am in the same boat as this:

http://youtu.be/5GpOfwbFRcs?t=1m30s

I am a proponent of PHP / MySQL because it is a proven pair with decades of maturity.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Good video!

Yeah, some of the early troubles at Twitter are probably directly ascribable to Ruby on Rails.  There's not a lot of flexibility in the data base structure.  Actually there's probably not a lot of flexibility in any part of it, and that's a double-edged sword.
0
 
LVL 33

Expert Comment

by:Slick812
Comment Utility
greetings streenj, What Michael Munger says about a "Case List", or a recording of what is needed in the finished web site, is really, really important for me. I call it "goal oriented" development, If you have a client, and you are the lead developer that has others to do things (code, images (art, icons), api help-reference writers), then you have to be able to tell everyone what results (pages display and site operation) they are working towards. I have seen too many coders, and graphic-artists submit great work for what they made it for, BUT it was Not what was needed for the site page they were assigned. No one ever clearly gave them the specs and requirements for their work to "Fit INTO" the mix of many things required for the end (goal) result web page-site. If the several many people building the site, do not know where they are going, then how can you get there?
If you are the lead developer you Have To find a good balance of telling what they need to have in their work, and at least some about how and where it is affected and affects the other pieces of the mix (wordpress), in the site.
 One last point, in development, the goal-final result site always changes, due to client suggestions (demands), code, frameworks, mobile compatibility, crap page looks-use. You need to be able to pick up on what to enforce (demand to happen), and what to allow to change, to keep things moving time wise. To many will buckle easily to others demands, suggestions,  and have development time go far too long.  As Michael says -"squarely on your shoulders and your ability to prepare for the project and then manage it". Be sure to really listen to what others say, but keep the time spent to get things done to a reasonable amount.
0
 

Author Comment

by:streenj
Comment Utility
Thank you guys so much for feedback! I got so much good information on how to handle this project that I won't (probably) be screwed :)

Technical aspects are though still blurry. Mainly on what language/platform use -> what kind of developer to ask to do this job. PHP+MySQL got some votes and that could probably work in WordPress environment also.

I read an article on modern web application design with WordPress in blattchat: http://blattchat.com/2012/11/30/modern-web-application-design-with-wordpress-part-1/

Do you think that I could tackle this project by using WordPress as a base, handling API calls with AJAX and get the caching, user management capabilities, blogging platform and everything else WordPress provides?

My concern here is that I choose the wrong "route" in this project that it will be very costly and/or difficult to maintain.

As you clearly know by now I'm not a developer but this needs to be done and handled by me. That's why I need a strong basis on how to proceed/who to hire. Insights on "how would I do this/what platforms I would use" are much appreciated. And if you know someone/group/firm who would have the resources and knowledge (and time) to do this kind of work I would be greatly interested.
0
 
LVL 32

Assisted Solution

by:DrDamnit
DrDamnit earned 500 total points
Comment Utility
I completely understand you wanting to spearhead this. And, judging by the fact that this question is now a couple days old, you are getting to the point where you're going to have to answer the client or give an update.

But, you're stepping into dangerous territory. I'll illustrate why with a simple analogy: how many times has a client gone and "googled" a strategy for web design, and then tried to "educate" you on how they think their site should be done? I'll guess.... more than once.

You admitted above that you're not a developer, and so it will probably be counter productive to try and choose platforms just because they came up in a search for "wordpress rest api."

The post that you have above includes backbone.js, which is useful for creating a RESTful API while someone is on the site, but not so much if the request is coming from a third party application. To this point, I (we) still don't know what the API will be used for. If it is for providing a sandbox interface so a mobile app can access it, backbone.js will probably be utterly useless because it requires javascript, whcih runs in a browser, and which a mobile app cannot use.

The other pluging referenced (http://wordpress.org/plugins/wp-mvc/) hasn't been updated in two years. Unlike crypto, where I fear change because it likely produces a weakness, Wordpress plugins that aren't maintained are destined for disaster. And, while I am a fan of MVC in Java, I think it is ridiculous for PHP - it makes the code overly complicated, harder to document, and harder to maintain.

So, let me (instead) focus on how to hire a programmer - in the interest of full disclosure, I am currently writing a book on these subjects, and folks like you are dead center in the target market. So, portions of this are from the unpublished manuscript, and portions will likely be included in it.

To quote Bjarne Stroustrup, the father / inventor of C++ "No one should call themselves a professional [programmer] if they know only one language." (Citation)

If you throw a rock in today's market place, you will be able to hit a programmer squarely in the face. But, trying to find a competent professional programmer with more than one arrow in his or her quiver is a much more difficult task. There is a reason for that: becoming competent in a single language takes years of education, coding participation, and experience. To become skilled in multiple languages takes a considerably larger amount of effort. Granted, learning the second language is not as difficult as learning the first. And, to a great extent, learning each subsequent language is progressively easier, but being proficient in multiple languages where each one suits a specific purpose is exponentially more difficult to source.

A software design project essentially functions like a restuarant. you have "front of the house" staff, which focuses on customer interaction, presentation, and asthetics, and you have back of the house staff that focuses on processes, food prep, and management. You cannot have a restaurant missing either component: if you're missing food from the back, there is nothing for the front to serve. If you're missing servers in the front, the dishes that have been immaculately prepared in the back will just sit there and get cold.

Likewise, a software project like this needs a front of the house and back of the house division. The front of the house - the web design - seems to be handled fairly well by you. And, you know that you are a front of the house person, which is a great advantage. (Many web designers do not realize they are not programmers). So, you're problem is simple: you need back of the house staff.

You need a cook to prepare the food, an expo to make sure all the food is put on the plates correctly and that the food matches the orders on the ticket, a manager to make sure everyone shows up to work and an assistant manager to make sure inventory is ordered properly and no food spoils.

The cooks are your developers. Just like a cook cannot make every dish out of chicken, so to does a developer need to know more than one programming language. The problem with most developers today is that they don't understand that "bacon" on the label does not necessarily bacon make. Turkey bacon, for example, is a lie. It looks like bacon in the picture, but definitely does not act, feel, or taste like good 'ol hickory smoked pork.

And so, hiring a programmer who is only skilled in one language is like hiring a chef that makes all food out of turkey. Your clients will be very angry when they get a turkey steak in place of the Fliet Mignon they ordered.

Your chef needs to be able to look at the menu and say: "A beef dish is appropriate here. A chicken dish is appropriate there." and more importantly - they need to be able to pair the side dishes to the entre and wines to the meal as a whole. That's why developers need to know more than one language.

In my opinion, a developer must know an entre language (Java, PHP, C++, C, etc...). They must also know at least one scripting (side dish) language (Perl, Bash, vbs for Microsoft, Python, etc...) and they must know at least one client side scripting language (Javascript is the defacto client side scripting language these days, there are others, but I'll leave JS as the client side language). These are the minimum three requirements, but I tend to require my staff know at least more than that. I personally know 7 spanning two platforms of Linux and Microsoft.

So, here, we have the cook for the back of the house. We still need an assistant manager who keeps track of food and inventory. In our fictional programming firm, this is the database engineer. They understand how to build truly relational database, not flat tables with more columns than all of ancient Greece. The engineer can do the administration, but the reverse is not true.

So, it's not enough to get someone "who knows databases" you need someone who can design them. And, like the cook, you can't just pick a one-trick pony. If all they know is MySQL, or MSSQL, they are valuable, but not during the initial phase where you're ironing out the requirements. When putting requirements together, you need access to someone who understands that there is a different between perishable goods that must be stored in a freezer, semi-perishables that should be stored in the walk-in refridgerator, and dry goods that shouldn't waste space in either of those appliances. In the database world, you need someone who can recommend PostGRES (an object oriented database server) over MySQL / MariaDB where it's appropriate. You also need to know when a SQLite database would be more approrpiate. Or, in your case, someone who understands how a database works AND how to store information as optional values in Wordpress (if that was appropriate, which (given the description thus far... it probably isn't).

So, let's assume you have found a firm (or a marvelous person) who can be the cook and the assistant manager. You still need a manager to make sure the restaurant doesn't go bankrupt.

You might be tempted to think you're it, but you're not. The manager in a restaurant has typically worked their way up the chain. They can do the cooks job if he calls in sick. They know how the inventory works and can spot an assistant manager who is stealing lobsters in the middle of the night. Most importantly - the manager does not do the work. They manage it. The manager's job is to support the rest of the staff so they can do their work. If the manager tries to micromanage the project, it's doomed to fail because the driver of the bus is trying to sit in the back while it's barreling down the highway.

So, with this basic understanding of how a software development firm should work, we can move on to how to hire a firm.

First, you have to ask open ended questions that do not lead the person to the answer. Of course, you cannot be coy or cryptic. A good programming house will run from someone who is cryptic because they will make for a very poor client.

Some example questions would be:

1. How do you handle database design? What considerations to you put into choosing a database server.

2. Given what I have told you thus far about my project, please compare and contrast two languages and platforms that you'd recommend.

and after they have answered this question...

3. Which one of your choices would you recommend and why?

4. How many people do you typically put on a team? (Reference my comment above about the max number of people

5. What's your quality assurance process? (This is a separate topic all together, but I will tell you that the QA team MUST have a Chinese wall between them and the project because if they are part of the development team, they will miss a lot of bugs and usability issues for the simple reason that they "know" how it "should" work.)

6. Do you do projects based on a retainer? Pay as you go? or fixed price / fixed schedule?

(There is really only one acceptable answer here: fixed price / fixed schedule. That's how our firm bills for projects. If you're worth a salt and getting the requirements and understanding the project, you can do it this way. It's also a self-correcting system. If I make a mistake in pricing the project, I have to pay for the mistake because I won't get any 'extra' money. If we come in under budget, we are rewarded for doing a good job the first time around. I mean... really... you're buying a project based on a fixed budget, and you have a deadline in mind. Why would you choose any other method of payment?)

7. How do you handle bug reports? (they should have an open system where you can file bug reports at any time without having to track down your "rep".)

8. What's your average turn around time for bug acknowledgement?

This is a HUGE issue. I have had clients tell me that the previous firms they worked with were a nightmare. The developer would come to their office, and spend the entire day there writing down all the things that need to be fixed. Then he'd leave, and they wouldn't hear from him for a month. When the month was up, they had made progress on some, but not all bugs, and very few were fixed properly.

I believe that you should be able to track a bug's progress like you track a package at FedEx. you get a number, and you can watch it's progress at any time via the web. That's the correct answer, but then again, I am probably biased at this point because it's how we do things.

also, it is completely OK for time-to-acknowledgement to be vastly different from time-to-resolution. Acknowledging a bug is easy and should have a guaranteed time window. Ours is 12 hours max. (Usually, it's less than 4). Resolutions vary depending on the issue, how well the bug was explained, whether or not we can reproduce it, etc...

9. Do you have the resources / bandwidth to take on this project? When could you start to work on this?

This is the only question where there is not a right or wrong answer, and you can trust your gut. I will tell you, however, that professional firms RARELY answer this question off the cuff. And, I would be wary of anyone who says they can start "tomorrow." There is just more too it than that. My typical answer is that they have to go through our blueprinting process so everyone is clear on what a "feature complete" version of the site looks like. Until they complete that, I can't answer the other questions because to do so would be to answer based on gut feeling instead of hard fact. And, if you're paying to ahve a project completed, you are going to want a rock solid project not a gut feeling project because you're spending hard-earned money, not monopoly money. (Unless it's a government project. They always spend like it's monopoly money).

10. How do you handle change orders and feature requests?

A change order is when the client says: "I know I said I wanted X, but I really meant I wanted Y."

A feature request is: "I forgot to mention that the software / site needs to be able to X."

A good firm is flexible on how these are handled, but they should ALWAYS be handled as INDIVIDUAL and separate projects. Trying to accomodate these mid-stream in developement is like trying to transfer an additional passenger into a car flying down the highway at 70mph. Sure, you can do it, but you run the risk of killing the new passenger. The better way to add the passenger to the car is to slow down the car, pull over, stop completely, and let the person safely enter the car before you re-join traffic. But if you do this, the car will NEVER make it to the destination on time.

Instead, that passenger is going to have to ride in their own car to the destination. It uses more gas and more resources, which increases the cost, but that's the proper way to do it. That's also the "consequences" that extra passenger must face because they didn't arrive at the starting point in time to be included in the first car.

Now, depending on the distance the cars are traveling, and amount of resources (read: expense) are involved in having that second car tail the first to the destination, you might do the math and decide it is worth it to pull over and do the passenger exchange. For example, if you are driving from Atlanta to Los Angeles, catching the first car when it is in Alabama makes sense to do a passenger exchange. But if the first car has already reached Nevada, it would be insane to have the first car wait for 4 days while the second car catches up so a passenger exchange can be made. It's better the second car arrives in California whenever it gets there and the first car makes it on time.

Using these 10 questions, and the background I gave you, you should be well-primed to hire a firm. Don't get stuck on needing someone "local". Many people make this mistake because they have some unfounded belief that if they can walk across town and "choke" the guy who is working on their stuff, they will feel better. But the reality is, you're building a team. Choking isn't part of the equation. Winning is. Winners are found in a lot of places, but not always in your local town or city.

There are a lot of winners on EE. Many of which have contact information in their profiles (Ray is one of them, and I think mine is in there too). Interview more than one. Write down your requirements. Compare, contrast. Hire slow. Choose well based on the insider information I gave you above, and you should be just fine.
0
 
LVL 32

Expert Comment

by:DrDamnit
Comment Utility
Did you ever get this sorted out?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

If I have to fix slow responding website my first thoughts are server side optimizations: the database may not be optimized or caching is not enabled, or things like that. We often overlook another major part of our web application: the client. We o…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now