# APIs and requests

> APIs are computer programs that know what to do and how to respond to requests sent to them over the internet

You will see lots of far more complicated definitions online, but it's really as simple as that. We'll talk about what API stands for later.

Before we get into it, here's a taster. Below, we make a request to the Pokemon API to get information about Pikachu.

In [None]:
import requests

response = requests.get('https://pokeapi.co/api/v2/pokemon/pikachu')

We'll come back to this later


## Communication Protocols

A protocol is a predefined set of rules for communicating. The protocol tells computers how to format the message when sending it and how to interpret the raw data when recieving it.

Here are some common computer protocols which you might have heard of.

- __HTTP__ (HyperText Transfer Protocol) is one of the most common protocols
- __HTTPS__ is a secure implementation of HTTP. It encrypts messages using a protocol called TLS (Transport Layer Security). When you see a padlock next to the URL in your browser, you're recieving data from that website via HTTPS. When your browser gives you a scary warning, you're probably connecting over HTTP. The security provided by TLS was formerly implemented by another protocol called SSL (Secure Sockets Layer).
- __SSH__ (Secure SHell) is a protocol that allows secure communication over an insecure network (where other devices may see your messages), like the internet. It does this by encrypting messages using a public and private key, where both are required to decrypt the message.
- __IP__ (Internet Protocol) is a protocol which ensures that packets (basically chunks) of a message get sent to the correct computer
- __DNS__ (Domain Name Server) is a protocol that maps human readable urls like `https://www.theaicore.com` to their IP address, such as `192.0.2.1`

## Requests

A __request__ is a message sent from one computer to another. Typically a __response__ is returned in the opposite direction. A request must be sent using a protocol, which tells both computers the rules for how to send and interpret messages.

In this notebook, we will be making HTTP requests to existing APIs.



## Client vs server

You will commonly hear about the __client__, which is the computer initiating the request (asking for the Pokemon), and the __server__ which is the computer handling the request (returning the Pokemon info).

In reality, there is no difference in the two computers. The server and the client just represent two different software programs. They could be running on the exact same hardware. In fact, they could be running on the exact same computer! This is commonly the case when developing an API or web application locally.


## Making HTTP requests

We can make requests to an API from the terminal using the `curl` (Client URL) command.


In [None]:
!curl https://pokeapi.co/api/v2/pokemon/pikachu


We can use the python library `requests` to send messages to an API.


In [1]:
import requests

response = requests.get('https://pokeapi.co/api/v2/pokemon/pikachu')

The response variable has the information of the received object. However, the variable itself doesn't reflect the information, but the status of the request. We will get to that shortly. For now, remember that you can read the content of a request using the `.json()` method, or the `.text()` attribute.

In [2]:
response.json()

{'abilities': [{'ability': {'name': 'static',
    'url': 'https://pokeapi.co/api/v2/ability/9/'},
   'is_hidden': False,
   'slot': 1},
  {'ability': {'name': 'lightning-rod',
    'url': 'https://pokeapi.co/api/v2/ability/31/'},
   'is_hidden': True,
   'slot': 3}],
 'base_experience': 112,
 'forms': [{'name': 'pikachu',
   'url': 'https://pokeapi.co/api/v2/pokemon-form/25/'}],
 'game_indices': [{'game_index': 84,
   'version': {'name': 'red', 'url': 'https://pokeapi.co/api/v2/version/1/'}},
  {'game_index': 84,
   'version': {'name': 'blue', 'url': 'https://pokeapi.co/api/v2/version/2/'}},
  {'game_index': 84,
   'version': {'name': 'yellow',
    'url': 'https://pokeapi.co/api/v2/version/3/'}},
  {'game_index': 25,
   'version': {'name': 'gold', 'url': 'https://pokeapi.co/api/v2/version/4/'}},
  {'game_index': 25,
   'version': {'name': 'silver',
    'url': 'https://pokeapi.co/api/v2/version/5/'}},
  {'game_index': 25,
   'version': {'name': 'crystal',
    'url': 'https://pokeapi.co/a

In [None]:
response.text

Observe that the content is very similar in both cases, but the data type is what changes.

Usually you will get a JSON object as a response. These JSON objects are usually huge, so make sure you know how to navigate through the JSON object. For example, how can you get all the keys of this JSON object?

## We can do more than just `GET` information

API stands for "Application Programmable Interface", so, as the name suggests, it should not only allow us to get information, but also to modify it

## Resources and methods

In the example above, we used the `requests.get` function to make a "__`GET` request__" request to the `/api/v2/pokemon/pikachu` "__resource__" of the API.

APIs can be programmed to respond to other types of requests too, which should roughly be used as follows:

- `GET` - get some data
- `POST` - insert some new data
- `PUT` - update some data
- `DELETE` - delete some data

These are some examples of the most common HTTP __methods__. Read about them in detail [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods).

Read further and compare GET and POST methods [here](https://www.w3schools.com/tags/ref_httpmethods.asp). One particular thing of interest is that GET request responses can be cached, whereas POST responses cannot.

Below we show how to make different types of requests to the API using Python.

In [3]:
requests.get('https://pokeapi.co/api/v2/pokemon/pikachu')
requests.post('https://pokeapi.co/api/v2/pokemon/pikachu')
requests.put('https://pokeapi.co/api/v2/pokemon/pikachu')
requests.delete('https://pokeapi.co/api/v2/pokemon/pikachu')
requests.patch('https://pokeapi.co/api/v2/pokemon/pikachu')

<Response [404]>

Check this [webpage](https://rapidapi.com/blog/put-vs-patch/) to check the difference betwwen PUT and PATCH


To get information about a different pokemon, we could make a `GET` request to a different resource, such as `/api/v2/pokemon/squirtle`. We need a different resource because an API can only implement 1 method of each type on any given resource.

We commonly use talk about these HTTP methods by saying something like "Make a `DELETE` request to the `/profiles` resource".


Side note: What is a browser?

> A browser is a program that displays information in a way that is easy for a human to understand.

It doesn't just show you the raw binary data. When you search for a webpage, it will render the HTML. When you open an image in a new tab, it will display the image. When you search for an API endpoint with a `GET` method implemented that returns JSON, it will print the response JSON.

> Did you know that, when you search something in your browser, it makes a `GET` request to that URL?

![browserGET](images/browserGET.png)


## Types of API

There are several different types of API. Here's what you need to know for now:
- __REST APIs__ are by far the most common type of API. REST is an acronym for REpresentational State Transfer. They expect HTTP requests. Read more [here](https://en.wikipedia.org/wiki/Representational_state_transfer)
- __HTTP APIs__ are a legacy version of REST APIs.
- __Websocket APIs__ enable not only the client to be able to initiate requests to the server, but for the server to initiate requests to the client. This is 2-way communication is commonly used in instant messaging applications, where a server sits between two (or more) users listening for messages from one users and then sends the intended recipients the message by initiating a request to them.

Despite how much we have talked about HTTP, but we are actually going to exclusively working with REST APIs. Still, many concepts also apply to other types of API.

## Response Codes

If we print our API response, we will see that is comes with a number.

We can access the status code using the `.status_code` attribute of the response.

That is the "__status code__".

In [4]:
import requests

response = requests.get('https://pokeapi.co/api/v2/pokemon/pikachu')
print(response)
print(response.status_code)

<Response [200]>
200



You've probably seen a 404 response on a browser before. That's a status code. Do you recognise any others in the table below?

![response codes](images/http-codes.png)

## Headers

Headers are pieces of information sent along with a request

Headers can be sent from the client to the server as part of a request, or from the server to the client as part of a response.

### What are some common headers?
- Authentication tokens
- Media types
- CORS headers (see below)

Read more about headers [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)


### Authentication tokens

The APIs we have seen so far are free. However, some other APIs require a token to access them, if we don't provide one, we will get a 403 error. Basically, we need to identify ourselves to the API, otherwise the server will deny us access.

> <font size=+1> An Authorization token is a credential in the form of a string that represents the authorization granted to the app.</font>

Many APIs will ask you to write the token in the header of the request. But other APIs will ask you to write the token in the parameters of the request.

### Token in the parameters

For example, let's take a look at the [Yandex translator API](hhttps://yandex.com/dev/translate/), where you can translate text from one language to another.

<p align=center><img src=images/yandex.png width=800></p>

So, it's as simple as adding the token to the url of the request as one of the parameters.

Let's take a look at an example with a request through the browser.

<p align=center><img src=images/yandex_200.png width=1000></p>

Notice that the token is in the parameters of the request. If we don't add it, we get an error:

<p align=center><img src=images/yandex_502.png width=1000></p>

In this case, the API is asking us to add the token to the parameters of the request.

### Token in the header

Another way you have to identify yourself to the API is to add the token to the header of the request. As mentioned, in the header of the request we add information about the client, so instead of adding the token to the parameters of the request, we add it to this information.

To see an example, let's take a look at the github API. Some requests to this API don't require authentication, for example, the following request returns the list of repositories of the user:

In [2]:
!curl https://api.github.com/users/IvanYingX/repos

[
  {
    "id": 424088439,
    "node_id": "R_kgDOGUcTdw",
    "name": "Actions",
    "full_name": "IvanYingX/Actions",
    "private": false,
    "owner": {
      "login": "IvanYingX",
      "id": 58112372,
      "node_id": "MDQ6VXNlcjU4MTEyMzcy",
      "avatar_url": "https://avatars.githubusercontent.com/u/58112372?v=4",
      "gravatar_id": "",
      "url": "https://api.github.com/users/IvanYingX",
      "html_url": "https://github.com/IvanYingX",
      "followers_url": "https://api.github.com/users/IvanYingX/followers",
      "following_url": "https://api.github.com/users/IvanYingX/following{/other_user}",
      "gists_url": "https://api.github.com/users/IvanYingX/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/IvanYingX/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/IvanYingX/subscriptions",
      "organizations_url": "https://api.github.com/users/IvanYingX/orgs",
      "repos_url": "https://api.github.com/users/IvanYingX/repos

You can do the same using the requests library from Python

In [None]:
import requests

r = requests.get('https://api.github.com/users/IvanYingX/repos')
r.text

However, if you want to create a repository, you need to be authenticated. 

To create a repository we need to post data to the API. Let's see how to do it

In [6]:
import json
r = requests.post('https://api.github.com/user/repos', data=json.dumps({"name": "Repo-From-Python"}))
r

<Response [401]>

We can see that we are unauthorized. We need to add the token to the header of the request. We need to use a token from github. You can create a token for yourself in the github developer portal. First, go to your profile setting:

<p align=center><img src=images/github_setting.png width=300></p>

Then, click on Developer settings

<p align=center><img src=images/Dev_setting.png width=600></p>

And then, in Personal access tokens, click on Create new token:

<p align=center><img src=images/PAT.png width=600></p>

Finally, copy the token to use it in your request:

<p align=center><img src=images/PAT2.png width=600></p>

In [None]:
r = requests.post('https://api.github.com/user/repos', data=json.dumps({"name": "Repo-From-Python"}), headers={'Authorization': 'token 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', "Accept": "application/vnd.github.v3+json"})
r.status_code

Good! A status code of 201 means that the request was successful. Let's check the repo:

<p align=center><img src=images/repo.png width=600></p>

Success! You can check more information about the github API [here](https://docs.github.com/en/rest). Now you have a greater understanding of how powerful APIs are!


### CORS (Cross Origin Resource Sharing)

> CORS is a mechanism for restricting which computers (domains or IP addresses) are allowed to access an API resource

Read more on CORS [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)

## Websites vs APIs & Front-end vs Back-end

You guessed it, most websites these days are simply a pretty user interface wrapped around an API. When you press a button, change your profile picture, or send a message, it probably makes a request to an API.

An API is typically the interface between the __front-end__ (the user interface) and the __back-end__ (the underlying infrastructure like the database). The front-end is what an end user interacts with, and the back end is the software that they don't see running in the background.