iPhone Web service using Zend framework

Question

I am very new to both iPhone APP development and PHP development though I have around 8 years of experience in .NET technologies. We have started developing an iPhone app which will talk to various third party API's like facebook, twitter, four square, google geo-code.

Now a lot of these interactions will have to happen from within APP itself for instance the initial authentication with facebook, posting messages to facebook etc. But we need some of the interactions to happen at the server for a variety of reasons and since I am a .NET developer the obvious means I could think of was web services.

We didn't want to use SOAP for a variety of reasons and we tried developing our own framework for web services using JSON but realized it would be too much of an effort to add features like security to the framework we are creating.

So we decided to go with an established framework like Zend where we could implement security and other features out of box. We also have to decide between using Zend Json-RPC and using Zend REST. The questions I have are multi-fold please understand I am very new to PHP development so some of my questions might be very basic.

1. I would like to know from any one who has developed iPhone app's interacting with a lot of third party API's how much interaction have you put in the server and are there any other efficient ways to communicate to a server other than using web services?
2. Between Zend REST and Zend RPC which is more secure and which will take less development effort I am guessing Zend REST will be more secure and Zend RPC will take less development effort.
3. Is it a good idea to use established framework like Zend for your development where we consider performance to be of utmost importance will using Zend add a over head in terms of performance?
4. How secure is Zend Json-RPC calls, how can I make the service calls more secure when using Zend Json-RPC.

I am a .NET developer transitioning into APP and PHP development so hoping to get some guidelines on the whole approach we are planning to take from some one experienced in these areas.

Answer 1

Lets see how to best answer this one.

Answer to 1

Haven't done an iPhone app. At work I build/maintain an Adobe AIR client side application that doing lots of services calls. My rule of thumbs is to do anything that makes sense on the client (take advantage of their resources) instead of nagging the server consistently. Usually our application loads all the info it needs from the server upfront and has enough data to do lots with. Every once in a while it needs to send that information back to the server to be stored in a secure location but most of the logic of how things work are in the client side app.

Since we are using Adobe technologies, we are using AMF as the transport protocol to send data back and forth between the client and server.

Answer to 2

Security will be up to you to handle. I talk more about this in step 4. For REST you are just passing a get/post/delete/etc with values that are not hidden. XMLRPC you are just passing an xml which anyone can see as well. Now, REST is a discussion on it's own. As there is no real standard it's hard to define what REST is when people are talking about it. If you want to use REST, I don't think Zend_Rest does a good job at really handling it. There are other frameworks that focus on REST that might work better for you. Also, if security is important use HTTPS instead of HTTP.

If you choose to do REST (the right way) I think it'll take you long to implement.

Answer to 3

It's all about how you architect it. I use Zend for the services I've described above at work. I've built it in a way where you can all the API using JSONRPC or AMF (and I can easily add XMLRPC or others if I want) and consume the same resource. I use AMF for our AIR application and I use JSONRPC for my PHP sites/tools. I like JSON better as I feel it's lighter weight than xml and for me it's easier to work with.

Next, I have cron jobs scheduled where every night I cache thousands of queries worth of data from the db into memory. Data that I know won't change in the next day and will be used quite often. Anything not cached by this process will be cached individually as it's requested by a client with a specific expiration time. What does this all mean, all my service calls are extremely fast and efficient. Many times I don't even have to hit the db so the time to process a request on the server side is a split second.

Also, if you use Zend, don't use the framework for an API, just use the server module as a standalone piece. Don't use the whole MVC stack, just create a standalone file for each protocol you want to use. I have a json.php which handles the JSONRPC requests and an amf.php file that handles AMF request. Both files inside are pretty lightweight, they just need to initiate the Zend_Json_Server or Zend_Amf_Server, assign the class path to where my classes are and handle the request.

Answer to 4

Which ever protocol you use, you'll have to build security into it like you would with anything. You can use the Zend authentication modules and acl as well. If you are passing sensitive data back and forth, whether it's json, xml, rest, you'll need to encrypt that data or some one will see it. AMF is a binary format making that a bit harder to do but that's besides the point. Which ever protocol you choose, you still need to build some authentication mechanism to make sure others don't use it without access.

If you are looking for more info on the different ways to build webservices using Zend I think the book Zend Framework Web Servicces is a good resource to start with. I hope this helps getting you started.