Open in app

Sign in

Write

Sign in

How We Chose the OAuth Technology for Our Developer Portal

Muhammad Naveed Shahzad
motive-eng
Published in
4 min readFeb 4, 2020

In 2019, KeepTruckin realized our plan to support the self-service model and empower developers to quickly integrate KeepTruckin with third-party applications. We decided to build an interface connecting KeepTruckin’s APIs with developers — to accelerate developers’ building of integrations that add value to the KeepTruckin platform. We augmented our pre-existing public API with an OAuth 2.0 access layer and a Developer Portal.

In this blog post, we reveal how KeepTruckin’s engineering team made a technology-forward choice by adapting OAuth 2.0 for KeepTruckin’s Public API and Developer Portal.

Background

KeepTruckin’s Developer Portal is a platform that allows developers to use KeepTruckin’s public API to build web, mobile, or desktop applications. With the Developer Portal, anyone can sign up for a developer account, build applications using our public API, and publish directly to KeepTruckin’s App Marketplace.

KeepTruckin’s public API empowers businesses in the trucking and transportation industries to better serve mutual customers. There are many use cases for which applications can be developed. These include, but are not limited to:

  • Visibility — track vehicles and their locations
  • Vehicle Maintenance — use the fault code endpoints and vehicle odometers to notify customers of scheduled maintenance
  • Insurance — use the driver performance event endpoint to suggest insurance quotes to customers based on their driving history
  • Dispatching — using vehicle locations to monitor loads and suggest routes

Choice of Technology

KeepTruckin’s backend is a Rails application, and our public API is built using the Grape gem. Our Developer Portal introduced OAuth 2.0-based access to our public API. One major challenge was choosing the right technology for an OAuth provider from the multiple options available. The backend options we considered were: Doorkeeper, MuleSoft, Apigee, Tyk, and custom implementation. We chose Doorkeeper. We’ll walk you through a brief description of these choices.

Option 1: Doorkeeper

Doorkeeper is a Ruby gem that can add the capabilities of an OAuth provider in a Rails application. This was a natural choice for us, given that we had a Rails application. Doorkeeper only adds the OAuth layer and leaves us the flexibility to choose how to develop other components, such as our developer portal. You can find more details about Doorkeeper on their GitHub page.

Option 2: Apigee, Mulesoft, Tyk

This was a typical question of “build vs. buy,” and we considered several third-party API management services as possible solutions. Although all third-party management services advocate for buying, our use case was different.

We had an existing API management layer that we wanted to extend for OAuth support. Our API already had existing users, and our App Marketplace was also already live. Had we chosen a third-party solution, the amount of work required for integration would have been the same or more. We, therefore, decided to build the feature using Doorkeeper. Our needs were well served by the Doorkeeper gem, which we found to be good for use in production.

Option 3: Custom Implementation of an OAuth Provider

Another option was to implement all the capabilities of an OAuth provider in-house. We did not see value in this, given the availability of production-ready off-the-shelf options.

After thorough evaluation, we chose Doorkeeper to augment our API management layer with OAuth support.

Future Directions

Our recently launched Developer Portal is just the start of an amazing journey. We have many plans to extend its functionality in the future, and the following are just a few of them:

  • Open-source contributions to the Doorkeeper gem, to patch or enhance any gaps that we found in the course of our integration
  • JWT tokens
  • Extract this layer as a service (we may use Tyk for this, but it’s too early to say)
  • Integrate OpenID Connect

Keep an eye out for our upcoming blog posts, where we’ll keep you up to date with the exciting technology choices KeepTruckin makes in this area.

Every Business Solution Creates an Engineering Opportunity

KeepTruckin’s Developer Portal is a great opportunity for businesses in the trucking and transportation industry to build useful web, mobile, or desktop applications for their customers. The data they can retrieve via KeepTruckin’s public API can help them make better decisions to serve their customers’ needs. For example, an insurance company can use the data to help evaluate a customer’s eligibility for premium discounts by analyzing driver performance events. Similarly, a logistics provider can improve visibility by tracking vehicles and drivers by fetching vehicle locations and driver locations.

There are many opportunities with immense potential to help fleets build better ways to work; and these business opportunities translate into inspiring new challenges, skills, and successes for KeepTruckin engineers. The addition of OAuth 2.0 and the Developer Portal to KeepTruckin’s arsenal enabled our engineers to support these exciting product goals and created new opportunities for us to progress in the field of Identity and Access Management.

KeepLearnin :-)

Oauth
Rails
Engineering
Trucking
Access Management

--

--

Muhammad Naveed Shahzad
motive-eng

Written by Muhammad Naveed Shahzad

10 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams