# **API**

API stands for Applicaion Programming Interface. It is a set of rules/protocols that let softwares/apps communicate with each other. It acts as an intermediatery between the two, allowing one to request/perform from other without needing to understand the internal working of it.

There are 2 sides, client (requests for data or performs an actions) and the server (receives the request and sends back a response.

An API call is a message sent from client to server asking for something

## **REST API**

REST stands for Representational State Transfer, a design stype in which APIs are built. It has following properties:

1.**Client-Server Architecture**:
REST seperates the client from server allowing each to evolve independently.

2. **Stateless**:
Each API request is independent of the previous.

3. **Cacheable**:
Server can store request and use it to respond in the future request more quickly, thus improving performance and reducing server load

4. **Uniform Interface**:
Resource is accessed in a standard and consistent way. It uses the standard HTTP methods, resource is identified by an URL, and the info set and received is in format understandable by both the parties.

It is scalable and has widespread use.

APIs following REST architecture are called RESTFul APIs

We will use [fakestore api](https://fakestoreapi.com/) for understanding the REST API through the request library

In [61]:
import json
import pandas as pd
import requests as re

### GET Method

#### Make an API call

In [62]:
url = 'https://fakestoreapi.com/users'
response = re.get(url)

In [63]:
#Print the URL 
response.url

'https://fakestoreapi.com/users'

##### .text : Prints the contents of the request in string format

In [64]:
response.text

'[{"address":{"geolocation":{"lat":"-37.3159","long":"81.1496"},"city":"kilcoole","street":"new road","number":7682,"zipcode":"12926-3874"},"id":1,"email":"john@gmail.com","username":"johnd","password":"m38rmF$","name":{"firstname":"john","lastname":"doe"},"phone":"1-570-236-7033","__v":0},{"address":{"geolocation":{"lat":"-37.3159","long":"81.1496"},"city":"kilcoole","street":"Lovers Ln","number":7267,"zipcode":"12926-3874"},"id":2,"email":"morrison@gmail.com","username":"mor_2314","password":"83r5^_","name":{"firstname":"david","lastname":"morrison"},"phone":"1-570-236-7033","__v":0},{"address":{"geolocation":{"lat":"40.3467","long":"-30.1310"},"city":"Cullman","street":"Frances Ct","number":86,"zipcode":"29567-1452"},"id":3,"email":"kevin@gmail.com","username":"kevinryan","password":"kev02937@","name":{"firstname":"kevin","lastname":"ryan"},"phone":"1-567-094-1345","__v":0},{"address":{"geolocation":{"lat":"50.3467","long":"-20.1310"},"city":"San Antonio","street":"Hunters Creek Dr"

##### .json() : Prints the contents of request in json format

In [65]:
response.json()

[{'address': {'geolocation': {'lat': '-37.3159', 'long': '81.1496'},
   'city': 'kilcoole',
   'street': 'new road',
   'number': 7682,
   'zipcode': '12926-3874'},
  'id': 1,
  'email': 'john@gmail.com',
  'username': 'johnd',
  'password': 'm38rmF$',
  'name': {'firstname': 'john', 'lastname': 'doe'},
  'phone': '1-570-236-7033',
  '__v': 0},
 {'address': {'geolocation': {'lat': '-37.3159', 'long': '81.1496'},
   'city': 'kilcoole',
   'street': 'Lovers Ln',
   'number': 7267,
   'zipcode': '12926-3874'},
  'id': 2,
  'email': 'morrison@gmail.com',
  'username': 'mor_2314',
  'password': '83r5^_',
  'name': {'firstname': 'david', 'lastname': 'morrison'},
  'phone': '1-570-236-7033',
  '__v': 0},
 {'address': {'geolocation': {'lat': '40.3467', 'long': '-30.1310'},
   'city': 'Cullman',
   'street': 'Frances Ct',
   'number': 86,
   'zipcode': '29567-1452'},
  'id': 3,
  'email': 'kevin@gmail.com',
  'username': 'kevinryan',
  'password': 'kev02937@',
  'name': {'firstname': 'kevin', '

In [66]:
pd.DataFrame(response.json()).head(3)

Unnamed: 0,address,id,email,username,password,name,phone,__v
0,"{'geolocation': {'lat': '-37.3159', 'long': '8...",1,john@gmail.com,johnd,m38rmF$,"{'firstname': 'john', 'lastname': 'doe'}",1-570-236-7033,0
1,"{'geolocation': {'lat': '-37.3159', 'long': '8...",2,morrison@gmail.com,mor_2314,83r5^_,"{'firstname': 'david', 'lastname': 'morrison'}",1-570-236-7033,0
2,"{'geolocation': {'lat': '40.3467', 'long': '-3...",3,kevin@gmail.com,kevinryan,kev02937@,"{'firstname': 'kevin', 'lastname': 'ryan'}",1-567-094-1345,0


##### .status_code : Check the status of the request

In [8]:
response.status_code

200

#### **params Argument**

The params parameter in a GET request is used to send query parameters — extra information that tells the server how you want to fetch or filter data.

These are passed after the ? in the URL. Also referred to as **Query Parameters**

Most commonly used with GET method

In [9]:
params = {'limit':3, 'sort': 'desc'}
res = re.get(url, params = params)

In [10]:
res.url, res.status_code

('https://fakestoreapi.com/users?limit=3&sort=desc', 200)

In [11]:
pd.DataFrame(res.json())

Unnamed: 0,address,id,email,username,password,name,phone,__v
0,"{'geolocation': {'lat': '30.24788', 'long': '-...",10,jimmie@gmail.com,jimmie_k,klein*#%*,"{'firstname': 'jimmie', 'lastname': 'klein'}",1-104-001-4567,0
1,"{'geolocation': {'lat': '40.12456', 'long': '2...",9,kate@gmail.com,kate_h,kfejk@*_,"{'firstname': 'kate', 'lastname': 'hale'}",1-678-456-1934,0
2,"{'geolocation': {'lat': '50.3456', 'long': '10...",8,william@gmail.com,hopkins,William56$hj,"{'firstname': 'william', 'lastname': 'hopkins'}",1-478-001-0890,0


**IMPORTANT NOTE**

Not all API calls will suport filtering or sorting (by fields). It depends on the backend of how the API is designed. So even if we add for user id=1 and get all user ids instead, it's because the API does not support filtering. Make sure the read the documentation of API before using. There might be the case where we have to use it in PATH 

In [12]:
product_url = 'https://fakestoreapi.com/carts'
pro = re.get(product_url, params = {'user': 1})
print(pro.url)
a = pd.DataFrame(pro.json())
a

https://fakestoreapi.com/carts?user=1


Unnamed: 0,id,userId,date,products,__v
0,1,1,2020-03-02T00:00:00.000Z,"[{'productId': 1, 'quantity': 4}, {'productId'...",0
1,2,1,2020-01-02T00:00:00.000Z,"[{'productId': 2, 'quantity': 4}, {'productId'...",0
2,3,2,2020-03-01T00:00:00.000Z,"[{'productId': 1, 'quantity': 2}, {'productId'...",0
3,4,3,2020-01-01T00:00:00.000Z,"[{'productId': 1, 'quantity': 4}]",0
4,5,3,2020-03-01T00:00:00.000Z,"[{'productId': 7, 'quantity': 1}, {'productId'...",0
5,6,4,2020-03-01T00:00:00.000Z,"[{'productId': 10, 'quantity': 2}, {'productId...",0
6,7,8,2020-03-01T00:00:00.000Z,"[{'productId': 18, 'quantity': 1}]",0


In [14]:
product_url1 = 'https://fakestoreapi.com/carts/user/1'
pro = re.get(product_url1)

pd.DataFrame(pro.json())

Unnamed: 0,id,userId,date,products,__v
0,1,1,2020-03-02T00:00:00.000Z,"[{'productId': 1, 'quantity': 4}, {'productId'...",0
1,2,1,2020-01-02T00:00:00.000Z,"[{'productId': 2, 'quantity': 4}, {'productId'...",0


## **POST METHOD**

Used when creating a new record. Data that we will be sending depends on the backend API design again:

1. Required fields only like name/passwords. Rest of the fields are auto filled like id, created/at etc
2. Allow you to send fields that we care about, while the rest of the values are set to default
3. Strict APIs expect all fields, failing to provide generates 400 error

**Important to check the documentation to understand what fields are required in payload**

We can post  the payload either via **data** or **json** parameter

**json** automatically converts the payload into a json formatted string before sending. Most REST apis accept json


In [15]:
user_data = {'username':'Adi', 'email': 'adi123@gmail.edu', 'password': 'fgda124'}
res_post = re.post(url, data = user_data)

In [16]:
res_post.json(), res_post.status_code

({'id': 11}, 201)

In [17]:
res_post.request.headers['Content-Type']

'application/x-www-form-urlencoded'

In [18]:
res_post = re.post(url, json = user_data)
res_post.json(), res_post.status_code

({'id': 11}, 201)

In [19]:
res_post.request.headers['Content-Type']

'application/json'

## **PUT METHOD**

Used to updated an existing resource or creates if it doesnt exists.

Ideally the payload should include all the fields, we can send a partital payload too (if backend is designed in this way).

Post will create a new resource, say you add a new user, it will assign the id automatically and each time we call, a new user and hence a new id will be created. Whereas Put will update an existing resource (create new if doesnt exists) and replace another one at the same location, each time we call same location will get updated.

We know the resource in PUT oppesed to POST

In [20]:
url = 'https://fakestoreapi.com/users'
uid = '3'
payload = {'username': 'adi', 'email': 'a@gmail.com', 'password': '123', 'gender':'M'}
res_put = re.put('/'.join([url, uid]), json = payload)
res_put.json()

{'username': 'adi', 'email': 'a@gmail.com', 'password': '123', 'gender': 'M'}

In [21]:
res_put.status_code

200

## **DELETE METHOD**

Remove an existing resource. Required to mention the id in the path in order to delete the resource



In [22]:
uid = '1'
res_del = re.delete('/'.join([url, uid]))
res_del.json(), res_del.status_code

({'address': {'geolocation': {'lat': '-37.3159', 'long': '81.1496'},
   'city': 'kilcoole',
   'street': 'new road',
   'number': 7682,
   'zipcode': '12926-3874'},
  'id': 1,
  'email': 'john@gmail.com',
  'username': 'johnd',
  'password': 'm38rmF$',
  'name': {'firstname': 'john', 'lastname': 'doe'},
  'phone': '1-570-236-7033',
  '__v': 0},
 200)

In [23]:
res_del.status_code

200

## **PATCH METHOD**

Used to partially update a resource, i.e. when you want to update specific fields of a resource. Not all APIs support Path, instead use partial PUT.

**Always check for documentation**

In [24]:
uid = '3'
payload = {'username': 'adi'}
res_pat = re.put('/'.join([url, uid]), json = payload)

In [25]:
res_pat.json(), res.status_code

({'username': 'adi'}, 200)

In [26]:
credentials = {'username': 'johnd',
  'password': 'm38rmF$'}
response = re.post('https://fakestoreapi.com/auth/login', json=credentials)
response.json(),response.status_code

({'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEsInVzZXIiOiJqb2huZCIsImlhdCI6MTc2MDQ3NTQ4NH0.rxlzGFG7GeVi3En8gtPhKpzKNXSrRjLfbMoCfzPvkD8'},
 201)

## **HEADERS**

Contain metadata about the request. Tell the server how to interpret your request and what extra info it needs to process it properly.

In [54]:
url = 'https://fakestoreapi.com/products'
head = {'Accept': 'application/json'}
response = re.get(url, headers = head)

print('RESPONSE HEADERS')
for i in response.headers.keys():
    print(i, ':', response.headers[i])

print('')

print('REQUEST HEADERS')
for i in response.request.headers.keys():
    print(i, ':', response.request.headers[i])

RESPONSE HEADERS
Date : Tue, 14 Oct 2025 21:28:34 GMT
Content-Type : application/json; charset=utf-8
Transfer-Encoding : chunked
Connection : keep-alive
access-control-allow-origin : *
etag : W/"2990-lZ2o94A2EDKiYW3/6/3oI74HHkw"
x-powered-by : Express
cf-cache-status : DYNAMIC
Nel : {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To : {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ce5%2Bk9kNjephkr9DRpBNVaZMcTc2Nnzj%2Fz7jcarI6%2Fe%2F%2FQ7%2FLn5VPEfyxfxjBfNhYLRDC29qMRxrd%2BTgXNmP8UIkwFxR76UvOAbDKcRKrNo%3D"}]}
Content-Encoding : zstd
Server : cloudflare
CF-RAY : 98ea2ad0cddce13b-ORD
alt-svc : h3=":443"; ma=86400

REQUEST HEADERS
User-Agent : python-requests/2.32.2
Accept-Encoding : gzip, deflate, br, zstd
Accept : application/json
Connection : keep-alive


##### Here are some of the keys in headers:

1. **Content Type**: Tells server response body is in json format

2. **Accept**: Format we want data to be received

3. **User Agent**: Identify the client 

4. **Authorization**: Sends credintials like key/token




## **Authorization**

**Basic Authentication:**
Uses username and password with every request. You can add it in the headers but needs to be in base64 format. Else use the auth parameter that will automatically convert

response = requests.get(url, auth = (username, password))

Not much samfe as credentials are sent in every request

**Tokens:**
Unique list of characters to identify client. These are valid over time/session and are expired, thus providing better safety. These can be passed in query params (using 'access_token') or in headers as *headers = {'Authorization': 'Bearer faaa1c97bd3f4bd9b024c708c979feca'}*