# APIs and Requests - Types and Response Codes

There are several different types of API. Here's what you need to know for now:
- __REST APIs__ are by far the most common type of API. REST is an acronym for REpresentational State Transfer. They expect HTTP requests. Read more [here](https://en.wikipedia.org/wiki/Representational_state_transfer)
- __HTTP APIs__ are a legacy version of REST APIs.
- __Websocket APIs__ enable not only the client to be able to initiate requests to the server, but for the server to initiate requests to the client. This is 2-way communication is commonly used in instant messaging applications, where a server sits between two (or more) users listening for messages from one user and then sends the intended recipients the message by initiating a request to them.

Despite how much we have talked about HTTP, but we are actually going to exclusively working with REST APIs. Still, many concepts also apply to other types of API.

## Response Codes

If we print our API response, we will see that is comes with a number.

We can access the status code using the `.status_code` attribute of the response.

That is the "__status code__".

In [None]:
import requests

response = requests.get('https://pokeapi.co/api/v2/pokemon/pikachu')
print(response)
print(response.status_code)

You've probably seen a `404` response on a browser before. That's a status code. Do you recognise any others in the table below?

![response codes](images/http-codes.png)

## Headers

> Headers are pieces of information sent along with a request

Headers can be sent from the client to the server as part of a request, or from the server to the client as part of a response.

### What are some common headers?
- Authentication tokens
- Media types
- CORS headers (see below)

Read more about headers [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)


### Authentication tokens

The APIs we have seen so far are free. However, some other APIs require a token to access them, if we don't provide one, we will get a `403` error. Basically, we need to identify ourselves to the API, otherwise the server will deny us access.

> <font size=+1> An Authorization token is a credential in the form of a string that represents the authorization granted to the app.</font>

Many APIs will ask you to write the token in the header of the request. But other APIs will ask you to write the token in the parameters of the request.

### Token in the parameters

For example, let's take a look at the [Yandex translator API](hhttps://yandex.com/dev/translate/), where you can translate text from one language to another.

<p align=center><img src=images/yandex.png width=800></p>
<figcaption align="center"><cite>Yandex Translator API</cite></figcaption>

So, it's as simple as adding the token to the url of the request as one of the parameters.

Let's take a look at an example with a request through the browser:

<p align=center><img src=images/yandex_200.png width=1000></p>
  <figcaption align="center"><cite>Example Request</cite></figcaption>

Notice that the token is in the parameters of the request. If we don't add it, we get an error:

<p align=center><img src=images/yandex_502.png width=1000></p>
<figcaption align="center"><cite>Error code 502</cite></figcaption>

In this case, the API is asking us to add the token to the parameters of the request.

### Token in the header

Another way you have to identify yourself to the API is to add the token to the header of the request. As mentioned, in the header of the request we add information about the client, so instead of adding the token to the parameters of the request, we add it to this information.

To see an example, let's take a look at the Github API. Some requests to this API don't require authentication, for example, the following request returns the list of repositories of the user:

In [None]:
!curl https://api.github.com/users/IvanYingX/repos

You can do the same using the requests library from Python

In [None]:
import requests

r = requests.get('https://api.github.com/users/IvanYingX/repos')
r.text

However, if you want to create a repository, you need to be authenticated. 

To create a repository we need to post data to the API. Let's see how to do it

In [None]:
import json
r = requests.post('https://api.github.com/user/repos', data=json.dumps({"name": "Repo-From-Python"}))
r

We can see that we are _unauthorized_. We need to add the token to the header of the request. We need to use a token from Github. You can create a token for yourself in the Github developer portal. First, go to your profile setting:

<p align=center><img src=images/github_setting.png width=300></p>
<figcaption align="center"><cite>Github Profile Settings</cite></figcaption>

Then, click on Developer settings

<p align=center><img src=images/Dev_setting.png width=600></p>
<figcaption align="center"><cite>Github Developer Settings</cite></figcaption>

And then, in Personal access tokens, click on Create new token:

<p align=center><img src=images/PAT.png width=600></p>
<figcaption align="center"><cite>Github - Create a New Token</cite></figcaption>

Finally, copy the token to use it in your request:

<p align=center><img src=images/PAT2.png width=600></p>
<figcaption align="center"><cite>Github - Copy Token</cite></figcaption>

In [None]:
r = requests.post('https://api.github.com/user/repos', data=json.dumps({"name": "Repo-From-Python"}), headers={'Authorization': 'token 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', "Accept": "application/vnd.github.v3+json"})
r.status_code

Good! A status code of `201` means that the request was successful. Let's check the repo:

<p align=center><img src=images/repo.png width=600></p>
<figcaption align="center"><cite>Github Repository</cite></figcaption>

Success! You can check more information about the Github API [here](https://docs.github.com/en/rest). Now you have a greater understanding of how powerful APIs are!

### CORS (Cross Origin Resource Sharing)

> CORS is a mechanism for restricting which computers (domains or IP addresses) are allowed to access an API resource

Read more on CORS [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)

## Websites vs APIs & Front-end vs Back-end

You guessed it, most websites these days are simply a pretty user interface wrapped around an API. When you press a button, change your profile picture, or send a message, it probably makes a request to an API.

An API is typically the interface between the __front-end__ (the user interface) and the __back-end__ (the underlying infrastructure like the database). The front-end is what an end user interacts with, and the back end is the software that they don't see running in the background.

## Key Takeaways
- The most common types of APIs used in industry include: REST (the most widely used), HTTP and Websocket
- Each API response comes with a number called the _response/status code_
- Some typical response codes include `404` (not found), `500` (internal server error) and `400` (bad request)
- A _header_ is a piece of information sent along with an API request 
- Common header information includes: authentication codes, media types and CORS
- One way for a user to identify themselves is to use a _token_ and add it to the header of the request. Tokens are used for authentication. 
- Websites typically have a front-end and a back-end. The front-end is the user interface, and the back-end is normally a database or similar tool. 