In [None]:
import requests

# Bonus lecture - Flask 
April 26th 2022, Vítek, Inspired by MIT lecture: https://designftw.mit.edu/lectures/apis/index.html


* So far, we have studied how to take advantage of existing data sources for your analysis/application.
* But programming is about *exchange* of data.
* You want to communicate with your users or other programs
* Best way to communicate is using an your own interface: an API
* We will also see how we can create our own webistes

## Why do you set up an API (or a website)
* Share access to your program with others
* Share access to your data with others
* Coordinate your application with other apps => **Microservice architecture**
* Component developers can only cares about their jobs




### Microservice architecture examples

#### Videostreaming service
![microservice architecture](./img/microservices.png)


#### Golemio
![golemio architecture](./img/microservices.png)




## Examples of APIs
>
> Task: Suggest an API structure for Airbnb microservice architecture
> * List endpoints and functional modules that do separate jobs
> 

* [GOLEMIO API](https://operator-ict.gitlab.io/golemio/documentation/cs/architektura/architektura/)
* GitHub API




In [None]:
requests.get('https://api.github.com/repos/vitekzkytek/PythonDataIES').json()

## API == `Application Programming Interface`
* The way your code can ask the application/library/service to do things
* The boundary of the application

### Components:
    * Data model
    * Methods
    * Syntax

## HTTP
* API for talking to web servers
* Originally, hu
* Predefined structure
* Main methods:
    * GET
    * POST
    * DELETE
    * PUT
* see [CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete)


## Request and response structure
### Request
- long string with components. Serialization necessary.
#### URL
- identification of the resource
- object your ask for
- contains 
    * address (hostname) 
    * method identification (route) 
    * parameters
#### Headers
- Referer: Identification of requester
- Accept: Format of data - json, text, pdf, image, etc.
- Cookie: User-specific data
- Authentization: Security
#### Body
- Content of the request
- not necessary
### Response
#### Status code
- see [list](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes)
#### Body
- Content of request

## Why RESTful?
* RESTful API is stateless
* In the "old way" servers kept state of its users:
    * their identity
    * so far activity
* Modern apps leaves emphemeral information on client's side - role of cookies
* Server is just a server - for precise question gives precise answer.
* Server only keeps **persistent** data - files, forms, etc.
* Scalability
* Performance
* Managing code

## Security
* Privacy 
* Limited resources
* Economic reasoning - selling data etc.
* Always use HTTPs - encrypts communication

### Authentization
* Never in URLs - public information
* Possibly using cookies - but again can be compromised/faked etc.
* Sometimes authorization using standard user:password (HTTP Basic Auth header), perhaps hashed (HTTP Digest Auth)

#### HTTP Bearer Auth
* Using arbitrary string server can recognize
    * Most often server also generates them
    * But how to deliver to client ?
* Decouples identity from authorization

In [None]:
endpoint, token = 'https:{hostname}/{route}','<FILLINHERE>'
headers = {f"Authorization": "Bearer {token}"}
requests.get(endpoint, headers=headers)

## Flask examples

## Deployment

* Heroku - https://realpython.com/flask-by-example-part-1-project-setup/
* AWS Lambda - https://towardsdatascience.com/deploy-a-python-api-on-aws-c8227b3799f0'
* Use Serverless framework - https://faun.pub/aws-lambda-serverless-framework-python-part-1-a-step-by-step-hello-world-4182202aba4a
* Use your own virtual machine anywhere and start learning Linux and Bash etc. You will need it anyway.