Businesses running multiple online shops under different brands look for shared technology to streamline their operations. In this case, CCC Group, the retailer and e-commerce leader in Central and Eastern Europe with 980 stores and approximately 90 platforms, needed a standardized API for their mobile apps.
Objectives
The main goal was to create a Mobile API Facade for CCC Group, the leading footwear retailer and e-commerce company. Considering that the client had a huge sales network operating in 23 countries under various brands, we knew the solution had to address the complex requirements of multiple systems. Building the Mobile Facade aimed to create a layer between a mobile app and the backend and provide a simplified, standardized API.
Expectations
To meet the client’s needs, our team developed the Mobile Facade—a solution that delivers a programming interface for the app while hiding the details of backend implementation. As a result, developers and designers could focus on the user experience without dealing with a complex infrastructure.
The Mobile Facade also provides additional features, such as authentication, authorization, and error handling. Moreover, it helps manage API versions and control access to the backend.
Outcomes
By implementing this technology, developers can integrate changes through a single interface, regardless of the number of backend versions and standards. The Mobile Facade manages the logic for selecting the appropriate infrastructure, which is controlled through the system’s configuration. This approach offers numerous advantages to the client.
Streamlined development
Implementing a standardized API allows the development team to update the backend systems without launching a new version of mobile apps every time. This not only accelerates the release cycle but also ensures a clear division of responsibilities among components. Thus, developers can focus on enhancing user experiences while the Mobile Facade handles backend integrations and updates.
Flexibility
The Mobile Facade streamlines backend management and consolidates different data and functionalities from various sources into a unified API. As a result, developers can work faster, spend less resources on maintenance, and build new features more efficiently. With centralized management of backend versions, the Mobile Facade ensures that applications always receive consistent, aggregated data.
Scalability
The Mobile API Facade tackles overloads and performance bottlenecks head-on. By leveraging advanced technologies such as dynamic load balancing and auto-scaling, the backend can adapt seamlessly to changing demands. This robust approach allows mobile apps to maintain optimal performance even during periods of heavy traffic and guarantees that services remain reliable under all conditions.
Security
The Mobile Facade enables robust protection that safeguards data exchanges between the mobile app and the backend. It features the mTLS protocol, which utilizes certificates for mutual authentication. This ensures all connections are encrypted and only verified users can access sensitive data.
Additionally, client certificate-based authorization and an internal JWT token exchange between services further bolsters the solution’s security and simplifies communication between all system components.
API versioning
The Mobile Facade supports API versioning, enabling the management of multiple APIs. This solution allows for the configuration of different backend versions, enhancing the adaptability and reliability of applications. Furthermore, it optimized load balancing, which handles efficient traffic distribution across servers, boosting overall mobile app performance.
Process
The project was divided into several parts. The first stage included the development of a unified interface aimed at integrating multiple Android and iOS apps. The solution automatically chooses the appropriate backend version for each mobile app.
The Mobile Facade was developed on the Google Cloud Platform (GCP) using a Cloud Native approach. The next step was providing the authorization and authentication layers and creating one standard API interface for multiple applications.
Challenges
The main challenge was developing a standardized, unified programming interface that could seamlessly integrate with various backends without any additional adjustments for individual applications. Our development team also had to ensure that the solution could handle complex tasks efficiently without compromising mobile applications’ performance.
Cooperation
The solution was delivered in three months, covering the full lifecycle, from requirements analysis, design, and implementation of core functionalities to security and integration. Our team implemented a microservices architecture focusing on observability and a well-thought-out division of services.
Throughout the project, we worked closely with the CCC team using Agile methods, iterative development, SOLID principles, and Test-Driven Development (TDD). We provided comprehensive documentation for smooth integration on the customer’s end. After we delivered all system components, the client’s team took over the testing phase.
Technology
Our team enhanced the client’s existing technology by integrating a robust security layer into the solution. By using GCP we ensured all necessary components were connected through the Mobile Facade with the mobile front end and the client’s back end. This platform choice also allowed for proper scalability and optimized solution performance.
Technology:
- Google Kubernetes Engine ensures logic, security, gateway, and matter components.
- Cloud SQL, Cloud Load Balancing, Cloud Key Management, and GCP Memorystore for cache.
- Kotlin was used to develop the solution.
Security:
- At-rest and in-transit encryption using mTLS (RFC-8120).
- Generating certificates according to standards (Certificate Signing Requests, PKCS #10).
- Limiting user access using Certificate Revocation List (CRL).
- Implementing TLS 1.3 and AEAD-compliant algorithm.
- Data was stored in an encrypted form following the 56-bit Advanced Encryption Standard (AES-256).
- Cache mechanism for necessary data storage using GCP Memorystore.
Results
The Mobile Facade helped avoid integration problems stemming from different backend systems. What’s more, it significantly reduced the time of mobile app development. Thanks to the standardized API, many features were handled on the back end side, so end users didn’t need to download a dedicated application version every time.
“This project has proved that Mobile API Facade is a valuable technology in enterprise e-commerce. For businesses using multiple backend systems, early adoption of the standardized API can significantly streamline the development process and improve system operation efficiency. In such cases, we recommend adding the Mobile API Facade as a foundational element in modern shopping platforms rather than as a later addition.”
— Andrzej Puczyk, Head of Delivery at Neontri
