Building an Andriod app: Back End and Twilio
Yesterday, I described the challenge that I had laid out for my self to build an Android app in six months. I’ve actually been working on the project for several days basically spiking out different features to learn how it’s all going to work. Two areas in particular, the back end and Twilio integration. I like to do a bit of research before jumping in head-first because it helps me see the big picture before I get wrapped up in the details. Here’s some of the things that I’ve discovered and learned so far.
My current protoype, in the form of a web application, uses Twilio for messaging capabilities and I need to port that functionality over to the mobile application. However, all of the Twilio functionality is all in one place in the web application. When you want to add Twilio to a mobile application, it requires that you have some functionality in the mobile side and other functionality in a back end somewhere.
I had started this project thinking that, like a web application, all of the Twilio integration would be in one place. Since that’s not the case, I’ll have to plan on a more robust back end for my Android application then I had planned on. Basically, most of the Twilio integration will be in the back end but with a little bit in the mobile application.
The code to retrieve the capability token as mentioned in the above image looks like this:
Notice that there must be a way for the client (the mobile app) to authenticate to the back end. I know this is obvious but it creates another question of what’s the best way to handle the authentication.
After doing some researched, I think I’ve settled on using oAuth. Google supports this so that should my make task easier (at least I would think!). So my plan is to use oAuth to have the user authenticate in the app. Once the user is authorized, I plan to send an authorization token to the back end over SSL (to avoid man-in-the-middle vulnerabilities). Once the back end receives that token, it will know to generate the Twilio capability token and proceed with the user’s desired action.
From what I’m reading, it looks like once the user is authenticated, I can store their user id or some sort of token in a Shared Preference so they don’t have to log in again. When they return the app, you can check to see if their token is there. If so, they continue into the application. Otherwise, they’ll be directed to authenticate again.
As I’ve mentioned before, this is all new ground with me. If you have any suggestions or think I’m headed down the wrong road, let me know!