Enterprise apps often have the greatest need for offline functionality. Apps must function regardless of whether a user has a network connection, and common use cases such as field work might see a majority of the app's usage in places with poor or non-existent network connectivity.
The first consideration when building an offline-enabled app is how to store data on the device. We recommend first consulting the Storage guide for a breakdown of popular storage options and the tradeoffs between each.
The unique challenges of offline-enabled enterprise apps with heavy usage is the size and importance of the data. Because of this we strongly recommend a storage option with high-performance query support and encryption for data at rest, which we fully support in the Secure suite of Ionic enterprise solutions.
Monitoring for Network changes
After deciding a storage engine, the next consideration is monitoring for network status changes. This can be done in Capacitor using the Network API or in Cordova using the Network Information Plugin.
Network request buffering
One common approach for building an offline-enabled app is to buffer network requests that are performing a mutation (
DELETE) since these are the requests that will end up making modifications on the server. Once the network is back up, those requests can be replayed or sent to the server in a batch depending on the sever-side implementation.
Security of data at-rest
Data generated while offline can be highly sensitive depending on the application. For example, data could contain proprietary company data, Personally Identifiable Information (PII) or Protected Health Information (PHI). In many cases, companies have an obligation or legal requirement to encrypt that data at rest (HIPAA compliance, for example).
This means a data store with encryption support is likely a requirement, and a library to correctly manage encryption keys is a must. Explore the Storage guide and Biometrics and Token Storage guide for information on storing large volumes of data encrypted at rest, and correctly managing encryption keys.
Apps storing any kind of sensitive data will likely need to lock the app when not in use and enable unlocking it only when the correct user that has an active session in the app is present.
On mobile, the only way to achieve this is by using Biometric authentication features available on modern mobile devices and operating systems. Explore the Biometrics and Token Storage guide for a deep dive into how to implement this feature safely to ensure full adherence to security best practices.