Skip to content

[Humberto Alcantara] lab-api-scavenger #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
humbertoalcantaraluna wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Humberto Alcantara] lab-api-scavenger #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
189 changes: 189 additions & 0 deletions your-code/.ipynb_checkpoints/Learning Advanced APIs-checkpoint.ipynb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Advanced APIs\n",
"\n",
"\n",
"\n",
"\n",
"Lesson Goals\n",
"\n",
" Understand HTTP Communication Protocol\n",
" Learn about the Request-Response Cycle\n",
" Differentiate between GET and POST requests\n",
" Familiarize with http headers\n",
" Learn about oAuth authentication\n",
" Familiarize with a few tools to work with APIs\n",
"\n",
"# Introduction - HTTP Protocol\n",
"\n",
"HTTP v1 protocol was introduced in 1991, it's this protocol that has driven the advance we've seen in the past two decades in information sharing as it's the basis for websites and we can argue that nowadays is the basis for most of the comunications that people needs in a daily basis. When you pay with your VISA online, the transaction travels via secure HTTP comunication known as HTTPS, HTTP is also the protocol choosen in quite different applications that range from synchronize traffic lights in a city to receive a video when you visit Youtube, quite powerful. I hasn't seen many updates over this years, nowadays the most recent version is HTTP2 as defined in RFC7540 that is the document that defines how the standard works. But let's deep a bit on how HTTP works in following sections.\n",
"\n",
"\n",
"\n",
"# Request-Response Cycle\n",
"\n",
"In an overview, the HTTP protocol consists on one participant computer making questions to a source of information that is in another computer (but it can be the same one). The one that makes the question is known as the CLIENT and the one responding to those questions is named the SERVER. For each question there must be always an answer, even if the answer is \"i don't have an answer for what you are asking for\", this is what we call the request-response cycle. If both parties CLIENT and SERVER can communicate, they should be able to complete this cycle. For sure there are corner cases, for example when the CLIENT cannot sent a question to the SERVER because maybe the SERVER is offline.\n",
"\n",
"In fact, the proper way to refer when a CLIENT makes a question to a SERVER is known in HTTP jargon to say we are making a REQUEST, and for each request the server sends a RESPONSE.\n",
"HTTP Url\n",
"\n",
"The URL is an important part of the protocol, it contains information of which resource whe are asking the SERVER for. It shoudld follow this format:\n",
"\n",
"Format:\n",
"scheme:[//authority]path[?query][#fragment]\n",
"\n",
"Example:\n",
"http://www.ironhack.com/learning/1234?user=pepe\n",
"\n",
"This is readed as the following:\n",
"\n",
" scheme: in this case it's http, but it can be also https in case we are connecting securely.\n",
" authority: In this case www.ironhack.com this is the server we are connecting to send the REQUEST.\n",
" path: Also known as the RESOURCE we are aksing for, in this case /learning/1234. Normally a server holds multiple pieces of information and serves the REQUESTS primarily based on the path of the url.\n",
"\n",
"Side note: To understand the format [someting] means something is optional and can be present or not.\n",
"Request\n",
"\n",
"As we've said, the request is a question we formulate to a SERVER in order to receive a piece of information. This piece of information can be anything, is not defined in the HTTP standard what information the SERVER should answer with. It can be anything: an image, a video, a HTML page, a PDF file, etc.\n",
"\n",
"The format of the REQUEST contains two main parts, the VERB of the request and the HEADERS. The verb contains information on which type of request we are making, and the headers contain metadata for the request, for example who is making the request, at what time, if is a known user, cookies, etc.\n",
"\n",
"\n",
"\n",
"# Http Verbs\n",
"\n",
"There are quite a few VERBS, but the main ones are GET and POST:\n",
"\n",
" GET: Just expreses that we want some resource from a SERVER. For example, let's assume you are asking about the twitter timeline. As you are just refering to the timeline, twitter will send you the global timeline for the whole world.\n",
"\n",
"This is how a raw GET http REQUEST is sent over the wire:\n",
"\n",
"GET /timeline HTTP/1.1\n",
"Host: www.twitter.com\n",
"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) Chrome/71.0.3578.98 Safari/537.36\n",
"Accept: text/htm\n",
"Accept-Language: en,es\n",
"\n",
"You can note that we are asking for the /timeline resource. But what if we want just the timeline for the users i'm following. Then i have to make a POST request.\n",
"\n",
"POST verb requests are different from GET requests as they contain information for the SERVER to respond according to it.\n",
"\n",
"POST /timeline HTTP/1.1\n",
"Host: www.twitter.com\n",
"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) Chrome/71.0.3578.98 Safari/537.36\n",
"Accept: text/htm\n",
"Accept-Language: en,es\n",
"\n",
"username=pepe\n",
"\n",
"Here you can see that we are sending a parameter that is the username we want the timeline for the user pepe. The resource is the same ( /timeline) but the server will send us a different RESPONSE according to this parameter we are sending. Those parameters are named POST BODY and what parameters to send depends on who we are asking, this is not standarized.\n",
"\n",
"\n",
"# Request Headers\n",
"\n",
"Also in a request there are the headers, let's analyze some of it:\n",
"\n",
"GET /timeline HTTP/1.1\n",
"Host: www.twitter.com\n",
"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) Chrome/71.0.3578.98 Safari/537.36\n",
"Accept: text/html\n",
"Accept-Language: en,es\n",
"\n",
" User-Agent: The browser that is making the REQUEST.\n",
" Accept-Language: The language in which we've configured our browser.\n",
"\n",
"The headers can vary between requests, there are some standard ones. The WEB SERVERS following the HTTP standard agree on how to proceed depending on which headers are present in a REQUEST, but you can add personalized ones if you want.\n",
"\n",
"\n",
"# Response\n",
"\n",
"All responses follow the same structure. They have a HEADER section that contains metadata about what the behaviour of the server and a BODY that contains the desired piece of information.\n",
"Status Codes\n",
"\n",
"One important part of the RESPONSE HEADER is the status code. This code is a numerical code indicating the result of the server. There are different status codes depending if the server succedded to perform the REQUEST of didn't manage to do anything at all. This are some groups of status codes:\n",
"\n",
" 2xx Success: The most important status code here is 200 that means everything worked as expected and the resource is found on the SERVER.\n",
" 4xx Client errors: Those are codes for errors on the client side, meaning the client asked for a wrong resource or the one that overybody knows 404 that means resource can't be found on the SERVER.\n",
" 5xx Server errors: This means the SERVER itself chashed when processing your REQUEST. Maybe due to a bug on server's code or something related.\n",
"\n",
"For a complete list see Wikipedia\n",
"\n",
"\n",
"\n",
"# OAuth Authentication\n",
"\n",
"OAuth is simply a secure authorization protocol that works on top of HTTP. When you are consuming some external service via HTTP calls, servers want to take control over their service and maybe limit the numer of requests you can do, or ask you to pay for it. Or maybe they don't want you to see data from other users in the systems. For this purposes, you should authenticate yourself.\n",
"\n",
"The oauth authentication is a common used one among lots of API providers as it is a well known public standard. This learning is not meant to cover how oauth work, but just to introduce you an important aspect about those. When working with oauth, the service you are asking a REQUEST must provide you some authenticated credentials that normally have names like clientId or apiKey and apiSecret or apiToken or simply token. This will be used to authenticate instead of username+password. The reason? it is not as secure to be transfering your password up and down as credentials, also credentials can be revoked if lost or stolen.\n",
"\n",
"The credentials should be kept securelly, and must not be shared with anyone else, so, do not add it inside a git repo as there are online hackers that scan for them and make fraudulent use, possibly wasting lots of dollars in your name!\n",
"Tools to work with APIs\n",
"\n",
"\n",
"\n",
"# CURL - Making HTTP requests with your terminal\n",
"\n",
"Curl is a command-line tool that allows you to make HTTPrequests as easy as this:\n",
"\n",
"$ curl www.ironhack.com\n",
"\n",
"Calling curl like this will make a GET request to www.ironhack.com, you will see the RESPONSE BODY as text in your terminal. Try it!\n",
"\n",
"If you want to save the response to a text file, just redirect the output to a file like this:\n",
"\n",
"$ curl www.ironhack.com > index.html\n",
"\n",
"This redirection operation can be done with any command output, not just curl.\n",
"\n",
"Good news!, Curl is already installed by default on your terminal.\n",
"\n",
"\n",
"# Debug API calls using Charles Proxy\n",
"\n",
"Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).\n",
"\n",
"[Download it here](https://www.charlesproxy.com/)\n",
"\n",
"\n",
"\n",
"# Test API calls using Postman\n",
"\n",
"Postman is a great tool when trying to dissect APIs made by others or test ones you have made yourself. It offers a sleek user interface with which to make HTML requests, without the hassle of writing a bunch of code just to test an API's functionality.\n",
"\n",
"[Download it here](https://www.getpostman.com/)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.7.2"
}
},
"nbformat": 4,
"nbformat_minor": 2
}
Loading