Getting Up to Speed on Web Services

I was listening to the latest episode of Core Intuition, and around 42 minutes 30 seconds into the episode, I heard my name mentioned. It caught me off guard - when I replied to Manton on Twitter, I didn’t expect such a direct response on the program. Thank you, Manton and Daniel, for addressing my question:

My inquiry was in response to something Manton wrote:

I’ve always advocated for iOS developers to also be good at web services. Customers expect sync everywhere now, and you can do things with your own server that will give you an advantage over competitors who have a simpler, standalone iOS app. But being forced to migrate server data isn’t fun, especially on someone else’s schedule.

Web infrastructure largely remains a mystery to me. I’ve learned a bit about servers by migrating this site from Scriptogr.am to a self-hosted WordPress installation at Digital Ocean, but I don’t know any server-side scripting languages, and I’m intimidated by the prospect of server security. I want to learn more, but it’s tough to even sort out how to start:

  • How do I choose a language to tackle?
  • What’s the best way to manage servers, to be able to consistently spin them up quickly and securely?
  • How do you manage development versus production environments?
  • What about backups?
  • How do you monitor traffic and system status?

Daniel and Manton had a great high-level discussion about both using and building web services, with some solid advice. In particular, Daniel, around 54 minutes in, suggested taking on a small project as a first step. The example he gave was of a small trampoline-type URL redirection service he built to manage some of the web requests his apps generate.

This was an idea that had been kicking around in my mind for a while, too. Snow Day, my very simple weather app, makes direct requests of the Forecast.io API. This requires embedding my API token in the app, which puts me at risk of having someone extract it. I would greatly prefer having the app make a call to a server I run, which could then make the API request on the behalf of the app. This would allow me to keep the token private1, and it seems like a great starter project.

I think that’s what I’ll tackle. And I’ll try to document the process here as I move forward. So again, thank you, Manton and Daniel, for taking the time to respond to my question. I really appreciate the advice!


  1. …But requires me to figure out how to identify valid requests from the app…