Paulo Renato, an experienced Software Developer has been working on an exciting project using Elixir and has kindly shared it with us as well as some very helpful tips for Developers just starting out with Elixir.
Abbie: Firstly, thank you so much for taking the time to share your project with us. It would be great to find out more about it! Please could you give a brief introduction to yourself and your tech background?
Paulo: My name is Paulo Renato, known as Exadra37 everywhere on the internet. I am a self-taught Developer and my passion for programming started when I was a teenager as I was learning Basic and Pascal at school, in the equivalent of High School in the UK, but I only went back to coding 20 years later with the intention of building an online store. The project went to a roadblock, but by that time I had already acquired enough knowledge in PHP to start a Freelance career with e-commerce clients using the Prestashop platform.
Later I came to the UK to pursue a professional career, impossible to achieve without a degree in Portugal, my home country. In Scotland I found work as a Backend API Developer for a company doing the APIs for the mobile apps of some of the biggest high street retailers in the UK and US.
Being in Edinburgh allowed me to attend many events related to programming and expand my knowledge immensely in several areas, and it was in one of these meetups that I discovered Elixir, and got hooked into it from that first moment. I tried to make the switch to work in Elixir but I was too Junior on it and didn’t find any roles, neither was I able to convince my current employer to use it, despite Elixir being a great match to solve our issues and limitations with using PHP to ingest and process a lot of data.
I was always known to be just a little paranoid about security, enough to get me interested in accepting my current role as Developer Advocate for Mobile API Security. I am a very strong believer of security as opt-out instead of opt-in as current practice in our industry. At my current role I have been exposed to many programming languages, including Elixir, due to the fact of building quickstarts, examples and demos for Approov, my current employer, where I also publish some very technical and educational blog posts around Mobile API Security, and the most relevant ones can be found in this twitter thread. I am also very active in Stackoverflow at the security tag, where I earned most of my reputation points.
This history of how I became a Developer is also well explained in my timeline at https://exadra37.com where you will find more details. Feel free to ask for clarifications on anything.
Abbie: What has been your experience with Elixir so far?
Paulo: Since I met Elixir in 2016 I have been playing with it in my free time, doing some pet apps, where a lot of them were never finished. Three of them survived my derails into other new project ideas and ended up being good enough to published as a pet app on my personal website:
I have been active in the Elixir community since 2018 and I have been nominated as one of the several members of the year numerous times, including the last year of 2022.
Abbie: API BaaS sounds really interesting, please could you give us an overview of the product?
Paulo: The goal of API BaaS is to provide a state of the art platform for Frontend Developers to use as the backend for their mobile apps without the need for them to write the code to build such a big endeavour.
With API BaaS Frontend Developers will achieve time to market with their API in no time, because it will be very quick to get one up and running. They can spend some minutes to some hours to have one ready, depending on the number of API endpoints and their complexity. The flow to get one API up and running consists in providing which Resources and Actions they want to expose to the internet, and which roles and rules will apply to each API endpoint, but we will have safe and secure defaults to get them started without the need to customise them. They can also connect an existing database or provide a dump of its schema and we will generate the API for it on the fly, that they then need to configure which API endpoints and fields that are public or private. This will be done via the Admin user interface by following a wizard where they will need to fill in all the required information. Another alternative is for them to provide the API specification in the OpenAPI Spec or AsyncAPI format, that they may already have written before coming across with API BaaS.
We will support RestAPIs, GraphQL APIs and Websockets for Real-time communication. No matter which type of API the developer will always have the possibility to add business logic to accommodate the needs of the business.
To make Frontend Developers life easier, we will provide SDKs for each of the main stream web and mobile frameworks, that will do all the heavy lifting on communicating with API BaaS in a secure way. In mobile apps it will be possible to use certificate pinning and mobile app attestation with the SDK and in web apps browser fingerprinting and recaptcha will be available via the SDK.
The focus on the API BaaS backend is having secure real-time and distributed backends to allow the requests for the apps to be served from the nearest backend to the user, which is a must nowadays to keep users engaged with real-time events and allow for async communication between app and backend, giving a better user experience, without blocking the user into a spinner while the app waits for the backend response.
Abbie: What would you consider to be the key benefits of API BaaS and how will it help others?
Paulo: The main value proposition for API BaaS for a Frontend Developer is to have the API backend for their app where they need it, close to their app users location, without the hassle of spending months or years building such complex solutions and infrastructure, because to have an API for their apps they only need to connect an existing database or simply providing an API specification, and all this without losing the possibility of adding some small bits of code to customise the API for specific needs of the business.
Abbie: Who is your target audience for API BaaS?
Paulo: Developers, IndieHackers, Entrepreneurs, Small Businesses and Startups that don’t want to lose time on building their backend and/or don’t have the bandwidth or resources to do so. This may be a Mobile/Frontend Developer building their own mobile or web app, an Entrepreneur that can only afford to hire Frontend Developers or a Startup that wants to move fast and focus on the app, not on the backend.
Abbie: Have you faced any challenges so far?
Paulo: The main challenge so far has been the time to focus on API BaaS, because I have to work and also need to spend time with my wife and family.
The main technical challenges I anticipated is keeping data synchronised in a distributed system, but I have seen some projects being kicked in the open-source community that will help me with that.
Abbie: I understand API BaaS is in the early stages of development, what are your future plans for it?
Paulo: Currently I only have the apibaas.io website running and have played around with the architecture that I plan to use to implement all the features I have in the website and others that came into my head. This is a very complex project that needs to start with some solid foundations, not as a rushed minimal viable product or proof of concept that will later hinder and limit development as I have experienced before first hand at a professional capacity.
The plan is to start developing some parts of the tooling required to build API BaaS for each customer as open-source projects where I will ask to be sponsored in order to try to achieve enough monthly income to eventually be able to work full-time on the project. I may also launch a fundraising campaign when I get far enough with the tooling for the API BaaS project, but I’m not sure yet about that. One thing I don’t want for sure, is venture capital because you are still working for someone else, and the pressure to go to market will not be easy to handle while trying to develop a solid code base.
Abbie: Are people able to see a demo of API BaaS?
Paulo: Unfortunately it's still very early days to be able to provide a demo, but I'm thinking of developing a simple product idea I have had for a long time as a production demo of the capabilities of API BaaS, and also as a form of validating the service as I build it.
Abbie: Why did you choose Elixir above other languages?
Paulo: Mainly because of the VM it runs on, the Erlang Virtual Machine, also known as the BEAM. I am talking about a technology developed 30+ years ago that solved by design, not as an afterthought, the problem of running code concurrently on a distributed system and in a fault-tolerant way, where high availability is more important than pure speed. As Joe (RIP) used to say “Java runs everywhere, Erlang runs forever”.
No programming language that I am aware of, was able to solve these problems by design and so technically correct, but I may get beaten here by others, because I may not be aware of something else that achieves the same so well. All seem to have tried to solve it as an afterthought and with implementations that are prone to race conditions with write memory access, that are very hard to debug and to prevent at 100%, a problem not affecting the BEAM because of no memory is being shared between each mutation of the data. To validate how the Erlang approach is so well architected we have projects trying to port it to other programming languages, like into Rust, Java and DotNet, but they will never be able to achieve the same guarantees of the BEAM, because they lack this excellent runtime. They may be faster, but they will not be as fault-tolerant, available and performant under very high loads as the BEAM.
If I wanted to summarise my reasons in a video then the talk The Soul of Erlang and Elixir by Sasa Juric would do a great job, and in fact it is one of the best demos of Erlang and Elixir capabilities and guarantees.
Abbie: What would your recommendations be for people just starting out with Elixir? Do you have any advice for them?
Paulo: For any Developer starting their Journey in Elixir, I highly recommend reading/watching these books/videos in this order:
Elixir for Programmers, Second Edition - This was the course that clicked for me to switch my brain from thinking in an object oriented way to a functional programming way. On top of it you will notice that Dave Thomas is highly organised with the architecture of his code to allow for reusability and clear separation of concerns. I really loved it. If you are not a fan of video courses then you can buy his book Programming Elixir 1.6 that is very similar to the video course.
Elixir in Action, Third Edition - This book is very good to learn in more detail how to use message passing in Elixir to build fault tolerant systems that are highly available. This is a book of tremendous value and full of real-world lessons to learn from.
Real-Time Phoenix - A must read for any Developer wanting to build real time applications. Packed with a lot of lessons learned from production by Stephen Bussey.
Stuff Goes Bad: Erlang in Anger - You NEED to read this book to be able to debug production as effectively as possible. It’s packed with tricks and tips collected from many years of running BEAM production systems, and guess what is free when it’s worth is weight in gold.
Elixir Lang Collection of Learning Resources - Some of the above books are already in the collection but others may be of interest, like Concurrent Data Processing in Elixir and/or Designing Elixir Systems with OTP.
Designing Data-Intensive Applications - Not about Elixir but a very important read for anyone developing data intensive applications. Do not skip it if that's your case.
In addition I recommend that anyone starting in Software Development or already doing it, no matter for how long, to read/watch these books/videos in this order:
The Pragmatic Programmer, 20th Anniversary Edition - This a classic and a MUST read for any Developer, no excuses to not read it. A book by Prag Dave and Andy Hunt. This book literally changed how I look at Software Development and how I develop the solutions for the problems I am presented with.
Clean Code - Very important lessons to take from writing clean code that is testable. No need to follow it to the letter, but it's important to get the reasons why it's important to do so. While the examples are in Jave, the main principles can be applied to any programming language. This book literally changed how I write code, test it and organise it according to the SOLID principles.
Clean Architecture: A Craftsman’s Guide to Software Structure and Design - A clean software architecture is so important as clean code. The release of this book validated what I already had come up with, the Resource Action Pattern, that at a glance to the folder structure tells you which Resources and Actions your project uses, making very easy for developers to return to a code base after months or years or to onboard new Devs into the project.
Hack Yourself First: How to go on the Cyber-Offense - One of the most important and neglected skills in a Developer is the ability to think like an attacker. You cannot defend properly from them until you learn to think like one of them. Video course by Troy Hunt, a very reputable security researcher and the one that inspired me into starting to be more diligent in everything security related.
Hack Your API First - Another video course that contributes to reinforcing your ability to think like an attacker, but this time directed to APIs, not to web apps, as the previous one.
Abbie: Thank you for taking the time to answer these questions in such great detail, I really appreciate it, as I'm sure the Elixir community does also. It’s been brilliant to find out more about API:BaaS and we wish you all the best with it!