REST API development for mobile app

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
REST API development for mobile app
Medium
from 1 week to 3 months
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Developing REST API for Mobile Application

REST API for mobile app isn't just endpoints. Mobile client operates in conditions absent for web clients: unstable connection, limited traffic, multi-version support (App Store has 2-year-old versions). This impacts architecture from day one.

Designing for Mobile Client

Response granularity. Common mistake — endpoints returning too much data. Profile screen shouldn't fetch entire user object with nested relations if only avatar and name needed. BFF (Backend for Frontend) pattern solves: separate API layer optimized for mobile screens. Alternative — fields parameter in request (?fields=id,name,avatar).

Pagination. Offset-based (?page=2&limit=20) fails for real-time feeds — when new records added, offset shifts, user sees duplicates. Cursor-based (?after=eyJpZCI6MTIzfQ==) lacks this problem. Must return hasMore flag and nextCursor in response.

API versioning. Start with version in URL (/api/v1/). Mobile doesn't force update — 15–20% stay on old versions months. v1 must live alongside v2 minimum 6–12 months.

Network Layer on Client

Android (Kotlin): Retrofit 2 + OkHttp + Kotlin Coroutines — established stack. OkHttp Interceptor for Authorization header, logging (debug only) and retry:

class AuthInterceptor(private val tokenProvider: TokenProvider) : Interceptor {
    override fun intercept(chain: Chain): Response {
        val request = chain.request().newBuilder()
            .addHeader("Authorization", "Bearer ${tokenProvider.getToken()}")
            .build()
        val response = chain.proceed(request)
        if (response.code == 401) {
            tokenProvider.refresh()
            // retry with new token
        }
        return response
    }
}

iOS (Swift): Native URLSession or Alamofire. For type-safe requests — Codable models. RequestInterceptor in Alamofire for auto token refresh analogous to OkHttp Interceptor.

Flutter: dio package with Interceptor — same logic. retrofit_dart generates type-safe client from annotations like Retrofit.

Error Handling

Structured error codes more important than HTTP status for client logic:

{
  "error": {
    "code": "USER_NOT_FOUND",
    "message": "User with specified ID does not exist",
    "field": null
  }
}

code — machine-readable, client switches by it. message — for developer, not user. Client shows localized strings by code, not raw API message.

Validation errors should return field — field name that failed. Allows highlighting specific field in form.

Caching and Offline

HTTP caching via Cache-Control and ETag reduces load and speeds UX. OkHttp supports HTTP cache out of box with directory and size. But for offline work need separate layer: Room (Android) or CoreData/SwiftData (iOS) as local data copy. Repository pattern separates data sources.

Security

  • Certificate Pinning: OkHttp.CertificatePinner on Android, URLSessionDelegate with didReceive challenge on iOS. Complicates MITM but requires certificate rotation plan.
  • Don't store JWT in SharedPreferences (Android) or UserDefaults (iOS). Use EncryptedSharedPreferences / Keychain.
  • HTTPS everywhere, no exceptions. No cleartext in production.

What's Included

Design endpoints with mobile specifics, implement client network layer with interceptors, error handling and retry, configure caching. Document API via OpenAPI/Swagger for mobile team convenience.

Timeline: 5–12 days depending on endpoint count and backend necessity.