REST API for Mobile App
Versioned REST API with OAuth2, queued jobs and Swagger docs powering an iOS & Android client (250k+ users).
- Industry
- Consumer mobile (iOS + Android)
- Duration
- 4 months + ongoing
- My role
- API architect
- Client
- Consumer mobile startup (250k+ MAU)

Challenge
A consumer mobile app with 250k users was outgrowing a Firebase backend — query costs were exploding and the team couldn't enforce complex business rules. They needed a versioned, well-documented REST API that mobile clients could consume safely across multiple app versions.
Solution
Designed a versioned REST API (`/v1`, `/v2`) on Laravel with OAuth2 (Passport) for auth, queued jobs via Horizon for heavy lifts, idempotency keys for mobile retries, and an OpenAPI 3 contract that doubles as the SDK source. Postman + Newman in CI catches contract drift before deploy.
Technology stack
Result
P95 latency under 180ms, zero auth incidents in 18 months, mobile teams ship faster because the OpenAPI contract removes ambiguity, and the Firebase bill dropped to a tenth.
Key metrics
- 250k+
- active users
- P95 < 180ms
- response time
- 100%
- OpenAPI coverage
Senior-level engineer who actually communicates. Our API project shipped two weeks early and passed security audit on first try.


