NOTE: This is not a sponsored post. These opinions are my own, based on my own research and testing!
There was the olden days of websites and mobile technology. There were proprietary silos of technology. Then, there was an awkward transition phase. I argue we are still in that phase, and what the future is – to me, beyond the shadow of a doubt, is the following:
Every application will have an “API” backend, first. That is, a set of REST-based services which are protected by some common, universal technology like OAuth. This is called API-First Development and I’m convinced it’s the future.
Why? Because this solves ALL of the problems! This gives you:
- A common way to do security for all consumers of your service, including adding the ability to include social logins (logging in from: Twitter, Facebook, LinkedIn, Github, Google, Microsoft, etc).
- A common way to access data for your website – via AJAX calls, and databinding with technologies like AngularJS or jQuery.
- A common way to access data for your native mobile apps (Android, iOS, etc).
- A common way to access data for your Universal Windows Platform (UWP) apps (a.k.a Windows 10 “universal” apps)
- A public, secure, appropriate way for consumers or other businesses to interact with the data of your business.
But if all of this is true, why isn’t this already the standard? I think, it’s because this has been very difficult. Nay, it is still very difficult. The technologies for these are still in their infancy, so it’s hard to do this easily or do it right.
BaaS is at most, a complete backend for your web and mobile apps. It is (but is not limited to):
- An OAuth-protected security layer for authentication, and a mechanism for authorization.
- A set of REST-based API’s to access data, securely (e.g. /Products/3).
- A web portal to set up this backend, including configuring OAuth and social logins.
- A web portal for creating/editing your database, including Create-Read-Update-Delete (CRUD) screens for modifying your application data.
Before I understood this concept or the term, I first learned of this from Azure Mobile Services. In fact I wrote about it here, about a year ago. However, last week I colleague Allan Gagnon posted a link to www.backand.com, for a BaaS provider. I dug in and was blown away at how cool it was!! More on that in a minute.
Build vs Buy:
Now, the first you might think is: why am I going to shell out money to pay for some service when I can whip up a backend using ASP.NET Web API, or perhaps the Django REST Framework for Python?
That, to me, IS the right question. Why, indeed?
Looking at build…
Well, if you lay it all out – and let’s look at Web API, what kind of work do we have in front of us?
- Set up a database.
- Set up Entity Frameworks to communicate with the database.
- Set up some Web API endpoints for each Entity Frameworks entity.
- Try to get OAuth working (I’m still not sure I can repeatedly do this – the available frameworks are junk!)
- Build CRUD screens for each entity in the database – this includes field validation.
- If this is publicly-facing, make sure you have the server hardened, and security locked-down!
- Set up backups of the database.
- Create and maintain SSL certificates for the site.
Then, and hopefully you got the security right, you have an endpoint that a website or a mobile app could use. Think for a minute how long this would take. Depending on what was in the database, this could easily be 80-160 person-hours. That is a LOT of time just to do mundane work so that you have a backend for your application.
Looking at buy…
What is the alternative? Well for providers like Backand and Azure Mobile Services, about the only thing you need to do is:
- Set up a database.
- Put in some values for your OAuth setup.
- Start building your site…
Right out of the gate, you get ALL of that other functionality for free. It can literally take you :05 minutes to setup a complete, secure backend for your website and all of your mobile apps.
So, these pre-built solutions make an extremely compelling option.
That is just talking generally, let me share what I found, specifically.
Some BaaS providers:
As discussed, I’ve looked at length into at least two – but from a brief market scan, here is an overview of the top ones I could find:
Azure Mobile Services:
This is a BaaS that is proprietary to Azure. Even your development environment must be hosted (which costs money).
As noted in my blog post about it, it does all the main things you want. It handles security, it offers REST endpoints which are protected with OAuth, and it has a web portal for letting your set up database and/or view/modify the data within.
The only real downside is the cost and how locked-in you are with Azure. Well actually, the downside is making sense of the product and pricing. Looking now, it looks like this is called “App Service”, I believe?
If so, they do have a free tier of pricing which limits how much CPU you use (just like a mainframe!). So, the good part is you can leverage all of this power for free, to start. However, if your app scales up – you’d better hope your monetization scheme matches how much this service will cost you!
If that’s not a concern, the portal pages for this explain in detail how to use it – and it’s pretty straight-forward.
Amazon Mobile Hub:
Admittedly, I’m not nearly as familiar with AWS offerings. However, as a newb using their portal, it looks like the “Mobile Hub”, using Cognito for authentication is the functional equivalent.
What makes me so unsure is that on the setup screen, the only option for data is the “User Data Storage”, which only lets me store flat files or key/value pairs. So, I don’t know how to tie in a database with this:
Now, you might say “Rob, why aren’t you a big fan of AWS?” Well, it’s primarily because I find it to be super confusing. First, I spent quite a while trying to find out if this is the right Amazon product for BaaS – and even if I did, good luck trying to figure out how much it will cost, using their calculator. It’s just mind-numbing and incomprehensible (to me).
Maybe I’m just being a whinny baby, but this is the main page of the portal – which lists all of the AWS service offerings:
Each ONE of those is an enormous product all it’s own. It’s a bit overwhelming, to me. Is it obvious to you where to even start?
With that said though, AWS does have a Free Tier of use, see here: http://aws.amazon.com/free/ – so if you are up for exploring, I would encourage you to check it out. In fact, I wrote about there here, too. The fact that you can get started for free and play around could help you get more familiar with these offerings.
By the way, after a second look – it looks like the “Amazon API Gateway” might be part of an offering too, although it only seems to be for routing REST endpoints to other AWS services? I’m not sure.
No more beating-around-the-bush, here is a straight-up BaaS provider who just charges you money.
Their lowest tier costs $27.99/month for 10GB of storage and unlimited API calls and push notifications. You might notice there is a free/open source version where you can host their service on-prem. Looking at the .zip you download, it’s a Java application with several external dependencies. Java is not really my wheelhouse (nor do I want it to be), so I didn’t investigate further. If you are fluent with Java, you may want to take a look though – as this looks pretty good, otherwise.
Finally, we get to BackAnd. After being initially intrigued, I decided to dig into it over this past weekend. I found that I was REALLY pleasantly surprised.
The craziest part was that after watching a few short videos, I spent maybe :10 minutes creating a “database” via the web portal. I then wrote some AngularJS code to connect – and it just worked! I could register a new account, login, and access data – all via these REST endpoints. I’ve never in my life set up any kind of “database” for any application that quickly!
So of any of these BaaS options I looked at, this was the most-complete, most-mature offering (see here for the features). But what about the cost?
Since this in beta, it’s free to use right now. In fact, if you create a free account (no CC required), you get a “free-forever” account. This means a limit of 500 connections and 10GB of data transfer per month. If not, their lowest tier will be $19/month.
Why all of these effort? Why did I spend so much time digging into all of this? Well, I realized I’ve been stuck for a while. I see now, and am convinced on what the “next generation” of application architecture is going to be. However, I haven’t found an easy way to implement; I haven’t found a “system” that I can easily re-use. I have several apps/websites that I’d like to work on – but I’ve been stalling because I haven’t been able to solve this problem yet. So – what will I do?
Well – this has two parts: 1) what will I do for work, at my day job and 2) what will I do for internet-facing applications that I work on outside of work?
For work, we are severely limited on what new technology or innovations we can leverage. I work for a very large enterprise and it’s remarkably difficult to introduce the smallest new efficiency. So, that means it would take less time for me to build an ASP.NET Web API solution that it would be for me to navigate all the red tape to get any of these other solutions approved. So, I think I’ve drawn the conclusion that this is the path that I need to follow for work. There still are unanswered questions – like, I still haven’t found an easy way to handle OAuth, so security is still a major problem.
For outside of work, I’m going to go as far as I can with BackAnd. It was remarkably easy – even compared to Azure Mobile Services. So unless or until it becomes a problem, I’m going to go full-steam and see if I can build out some backends for some apps I want to release. Once I create the BackAnd endpoint, then I can easily build a mobile-friendly web front-end in AngularJS and Bootstrap, then I’ll likely move onto a Windows Universal app, then finally a PhoneGap/Cordova Android/iOS app.
If I can accomplish this over the next few months, I’ll finally have a “system” that I could then use to “crank out” applications. That is, until technologies start to shift and change again!
What do you think? Is there a BaaS offering that I’m missing? Is there a better way to fix this problem, than above? If so, please leave a comment below – thanks!