How to Build a High Performing and Reliable Mobile API Ecosystem
September 11, 2017

Shlomi Gian
PacketZoom

Application Program Interfaces (API’s) represent an effective way to build and manage mobile services. By using APIs — a set of routines, protocols and tools for building software applications — application developers no longer have to buy technology software or hardware. Instead, they can simply plug into a growing open ecosystem of API-driven services. It is simple to integrate, and saves time and money for new developers.

There are countless mobile API-based services. From authentication, ads and payment APIs to price comparison and reporting API based services. The availability of these APIs made mobile app development much simpler, but this simplicity comes with a price.

Unlike images, game assets, videos and other type of static content, APIs are dynamic in nature and their content cannot be cached at the edge of the internet to increase download speed. Often times the result of an API call is customized per user profile, its location and the activity he/she is trying to accomplish. A user searching for a Mexican restaurant in downtown San Francisco will get a unique (non cacheable) search result.

There are three main challenges with existing API configurations that directly impact any mobile app performance:

Response Time
Since API responses are usually personalized, its content cannot be cached by the CDN. Some of the responses could be sizeable and include dozens of images that will have to be downloaded on a slow mobile connection. This impacts the API response time and eventually the mobile app.

Reliability
Mobile networks are less reliable than wired networks with Packet Loss and error rates that are 10-20 times higher. This affects not only the app API response time but most importantly its failure rates. Mobile developers have to factor into their code fail conditions and a proper way to handle each one of them, which can complicate things.

Server Load
There are two sources for high server load: (A) Failed transactions due to network error will usually follow by API call retry, keeping the server busier than it should be; and (B) API calls over slow connections means that the server has to keep connections open longer, consuming more resources than needed.

How could mobile developers mitigate the risk when using APIs?

While caching is not possible, one could accelerate an API call using a few techniques:

■ Protocol Optimization: By avoiding slow starts, backoffs and other TCP hiccups, downloading a sizeable API response could become faster. Traditional CDNs offer such an optimization in the middle mile for a premium price.

■ Routing Optimization: Speeding up access to the origin server API can be achieved through better routing of the request/response in the first and middle miles. Traditional CDNs can offer this for a premium price.

■ Persistent Connections: To avoid the “TCP handshake” overhead one could keep the connection open/warm and save a few round trips for each new request. This technique should be used carefully since overusing it will once again increase server load.

Unfortunately, since all the above techniques take place in a wired network (as opposed to the wireless link) the performance impact is marginally low while the cost (to various vendors) is not.

Most importantly, none of these techniques can be technically integrated with 3rd party APIs, unless the vendor operating the service is cooperating.

Shlomi Gian is CEO of PacketZoom
Share this

Industry News

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.

April 30, 2025

Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.

April 29, 2025

vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.

April 29, 2025

Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.

April 29, 2025

Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.

April 29, 2025

Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).

April 28, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.

April 28, 2025

SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.

April 28, 2025

Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.

April 24, 2025

Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.