If your company is building or adding functionality to an app, you’ve probably heard your developers throw around the term “SDK.” SDK stands for software development kit (sometimes called a devkit). As the name suggests, it’s a set of tools and instructions developers use to build apps. SDKs save developers from having to do every tedious bit of coding themselves. They help standardize the development, so apps can work more easily on different hardware, operating systems, and in cooperation with other apps.
So, why does this matter if you’re not a software developer? Because your app’s architecture is directly related to its business value, and when you choose what components to use (Stripe vs. PayPal for payments, for example), your choice should be informed by SDKs. Here, we’re providing a basic rundown of what SDKs are, how they work, and how to compare them by quality.
Software Development Kit (SDK) Definition and Examples
An SDK is a toolkit that app developers use to build apps using some prebuilt components instead of having to build each of those components themselves. SDKs are designed to work with specific operating systems, hardware, or computing languages.
Here’s a real-world analogy — if you’re trying to build a bookshelf, an SDK would be everything in the box you get from IKEA: prebuilt parts, tools, and instructions on how to put it all together. To build a desk without an SDK, you’d have to go into the forest and chop down your own lumber using an ax you built yourself.
For example, if you’re creating a mobile app, you’ll need to download Apple’s iOS SDK. This gives you access to whichever iPhone tools you want to use in your app, like connecting to the camera, the Siri interface, or enabling push notifications. Likewise, if you want to implement Auth0’s platform on both your mobile and web apps, you’d download the iOS SDK, Android SDK, and web SDK.
What’s in an SDK?
Virtually all SDKs contain a few basic ingredients:
- Code libraries: This is the raw code that developers plug in to make the app do what they want it to do.
- Application programming interfaces (APIs): These allow the app to easily connect to other services (more on this later).
- Integrated development environment (IDE): This is the interface through which developers do their programming. It includes a compiler, which translates the high-level programming language of the SDK’s source code into a lower-level language that can be used to build applications.
- Documentation: These are the instructions that explain how developers should use the code. Clear, thorough documentation is an important criterion for a good SDK.
- A debugger: Debugging automatically corrects minor errors, smoothing out the app development process.
- Code samples: These get developers started by giving them some examples of the code in action and helping them use it in simple ways.
Some SDKs also include tutorials and other support tools.
Types of SDKs
Most apps are built with a variety of SDKs; for example, a 2019 study found that the average Android app uses 18.2 SDKs. Some SDKs optimize an app for a specific device or operating system, and some let developers insert various tools.
- SDKs by hardware: SDKs aren’t just for web and mobile apps; they’re also used for programming in the Internet of Things (IoT). So if you purchase a set of solar panels, for example, the hardware provider might include an SDK, so developers can program them as desired.
- Mobile device operating system: As we mentioned, designing an app that works on both Android and Apple phones requires an SDK for each.
- Programming language for web apps: Developers need SDKs that let them build web apps in the programming language they choose, like Python, Ruby, JavaScript, or PHP.
- Open source SDKs: These SDKs are free to use and invite developers to modify them as they choose. This can confer advantages when it comes to customizability but may also introduce security risks.
- Proprietary SDKs: Unlike open source SDKs, proprietary or commercial SDKs require a license to use and don’t permit developers to change the source code.
SDKs Versus APIs
It’s easy to be confused by the difference between an SDK and an API, but the distinction is both simple and crucial.
APIs are the parts of code that communicate between two pieces of software. So, if you’re building a ride-sharing app, you need APIs that connect it to a user’s phone and messaging capabilities, payment platform, and GPS. All these elements might have different back ends, but an API lets them communicate and provide a seamless user experience.
The majority of SDKs contain APIs, so developers can build apps that are designed for easy connectivity. Without APIs, connecting apps is a little like that famous scene from Apollo 13.
But it’s not as simple as saying that APIs are components of SDKs since you can use an API without an SDK. And in some cases, developers have to choose between using an SDK or an API to handle integration with a particular service. The advantage of an SDK is that it’s simpler and faster to integrate (like the IKEA desk; most of the work is already done for you). The advantage of an API is that it’s leaner (not full of code libraries for functionalities you don’t need), and there’s more room for customization (if you build your own desk, you can design it to whatever dimensions you’d like).
The Elements of a Good SDK
If you’re building an app, chances are you’ll use SDKs for some of your functionality, like payment, messaging, or authentication. Those components are extremely difficult for developers to build in-house, and any errors can lead to major security issues. When you’re choosing which provider to use for those services, you’ll compare prices and features, but you should also be comparing their SDKs.
Here’s what to look for in a good SDK:
- Lightweight: You want an SDK that does what you need it to do with as little code as possible. Otherwise, a mobile app can eat up too much space on a user’s phone, and the apps will run more slowly. If you’re replatforming or rearchitecting a legacy app, it’s worth looking at how much code your existing solutions use and whether an SDK would be more lightweight. For example, Auth0 customer Kiva was able to eliminate over 20,000 lines of legacy code by switching to Auth0 for authentication.
- Good documentation: Two SDKs could be virtually identical, but if one has thorough documentation that shows developers how to use it, and the other leaves them on their own, then they’re hardly equal. In fact, this issue is one of the most common reasons Auth0 customers give for choosing us over our competitors.
- Customizable: Some SDKs are resistant to customization, meaning you can only implement them with their out-of-the-box settings. That’s an issue if your developers want to tweak a product for their unique needs or insert original branding or graphics.
- Secure: It’s essential to use SDKs that come from trusted sources to ensure that you’re not unwittingly inserting malicious or otherwise unwanted code into your app. In SafeDK’s report, “58% of the examined apps still have at least 1 SDK that accesses private user data.” In the age of data privacy laws, this collection may get your app into legal hot water.
- Easy to use: A good SDK should provide tutorials and sample code and also let developers connect to a trusted community or support services if they run into any problems.
SDK: Not Just Another Confusing Acronym
Any company building new applications or adding new features will use SDKs as part of the development process. But SDKs aren’t just esoteric programming concepts; they have a direct impact on an app’s security, customizability, and time to market. If you’re not an app developer, you don’t need to understand the finer points of those discussions, but you do need to be able to ask the right questions.
About Auth0
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.
About the author
Martin Gontovnikas
Former SVP of Marketing and Growth at Auth0
Gonto’s analytical thinking is a huge driver of his data-driven approach to marketing strategy and experimental design. He is based in the Bay area, and in his spare time, can be found eating gourmet food at the best new restaurants, visiting every local brewery he can find, or traveling the globe in search of new experiences.View profile