1. Mobile Apps & Enterprise SaaSJeremy Glassenberg – Platform Manager at Box
2. Agenda Background Overview of mobile trends (quickly) Summary of API trends (quickly) Technical recommendations Strategic recommendations 2 **Mostly for Platform providers
3. Background Cloud content management Founded 2005 Released first API in 2007 Now we have 90+ integrations
4. Who Am I Platform Manager (APIs, etc) Worked with these guys And these platforms
Phones, tablets, and other stuff good too.First came the phones, then came the developer platforms. And during this time, a shift from consumer to bus.Tablets also lead to more bus/enterprise apps. Wwdc 2 years ago was more gaming focused, before ipad.
Same time, growth in apis. Also started off as more consumery, just like saas. More users, free, etc, plus saas generally wasn’t moving into enterprise other than sfdc. But now, others like jive and yammer are taking off. And of course, as a consequence,the two can combine.
The result is an obvious point of synergy, where mobile apps connect to the web, via api. And we can see the types. Most companies have official apps using their own apis, sometimes private apis. Then open apis lead to other integrations. Some of those are differentiated apps that just connect, others built entirely on an api. And of course they merge, such as tiwtter’s controversial acquisitions of apps as their own. I’ll make fun of them some more later.Then finally, as we see businesses entirely running on apis, some services are mobile-focused apis. The service is about mobile, and not just one mobile app.But that’s just mobile in general. We’re focusing on enterprise in mobile, so what’s going on in business & enterprise saas in general
Less noticed is that internal apps are being built on mobile by companies. Consultants are being hired for this. And when working with these types of developers, you may need to treat them differently, as they’re building on a different business model.notes, consulting and SI do happen on mobile now. So keep a lookout.
Some quick general tips for working with business customers. Not just for the app developers, but for those managing platforms to help encourage those in their developer communities. Pretty obvious, but good to advisedevs, and keep a lookout for the right kind of devs. Remember customers too. SMBs are more forgiving, actively supportive. Enterprises are more demanding.Security: will get into this more, but can be a way of identifying those experienced with bus, and those that may be more of a challenge for your enterprise customers. Not to discourage an open platform – ideally just helps to guide apps in a recommended direction.
From the apps we’ve worked with, here are some first tips to make sure your API is mobile-friendlyPursue a REST framework. As John Musser of ProgrammableWeb pointed out mid-year, REST is overtaking other protocols such as SOAP and XML, so this makes sense anyway. It’s the simplest and generally most appealing. Especially on mobile. Salesforce is starting to move this direction, so obviously it’s not absolutely necessary, but then again, they are moving on it…JSON – our own mobile product manager gives me looks for this, since admittedly Box doesn’t have this yet. Our output is restricted to XML for REST. But JSON isn’t just for the web anymore. iPhone parses JSON more easily and efficiently. I can say that we’re working on it…Java Libraries – BlackBerry and Android are gonna be using Java. I’ll get into a little more on this in a moment, and for any Android developers here who have been using our API, yeah, I’ll be apologizing for our own mistakes.Objective-C – You know where that goes. iPhone… it’s a must.
So, in addition to some of the clear items to build, keep these things in mind:First, some API methods will be more frequently used on mobile. We found that our more advanced collaboration methods, and detailed methods like commenting, aren’t popular on mobile because they’re just that… too complicated. They’re used more for very custom integrations at the moment.This can be different for all platform designers, but across the board, keep a lookout for the authentication process for users.Secondly, to re-iterate, you’re gonna need an Objective-C library. For a while Box just had web libraries like PHP, Python, flash, Java, then some desktop code for C# and .NET from a community developer. And when you do, consider it being more than a way of easily grabbing API calls. And… think beyond a series of API sample snippets. Consider UI samples. Why? Because you can. First, developers love it since there’s even less effort for them to do. In our case, prompting users to login, then showing the users a list of folders in their account to choose a file export, then finally uploading the file, is a breaze. And for us, we encourage consistency in the apps that use our API, so users know what to expect when interacting with Box.Android – here’s a mistake I’ll admit. We just had a Java API. It wasn’t made for Android. We’ve seen that later versions of Android (2.0 and up) work well for our library, but it was inconvenient. And we didn’t provide methods that we knew were preferred to most mobiel use cases.Set a position – companies have different opinions about this. Twitter recently changed their ToS regarding the use of Twitter in an app name. Others don’t like sharing logos. Box’s stance is to just make it clear that an app is not officially supported by Box. We’re more liberal, but have to keep a lookout. Just make sure you know what you need, and make it clear to developers so that there are no hard feelings later.And one more for enterpreise apps – make it easy to use. Benioff is quoted as emphasizing that enterprise services should be like facebook – for utility but also simplicity of getting goals accomplished. A good saas service can have the rep for being as simple as a consumer service, not just for users, but for developers too.
(Opinion) Don’t let auth tokens expire too quickly Harder to re-authenticate on mobile More important to avoid direct login Allow users to remove tokens from interface, and let admins have control
Sometimes Oauth just isn’t an option anyway, in addition to it being more challenging for developersAlso, and this is really more opinion, the handling of token expiration. They should be deletable, more importantly than expiring over time. But maybe give admins a choice.