# Client-Server Workflow

## API and Postman

- Navigate to https://excalidraw.com/
- Draw a "workflow" including:
    * Client
    * Server
    * Request / Response
    * Bonus: Postman

- Please include "what" is happening, what data is being sent/received, and how the process works.

In [None]:
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>API Workflow Diagram - Complete Guide</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            max-width: 1200px;
            margin: 0 auto;
            padding: 20px;
            background: #f5f5f5;
        }
        .container {
            background: white;
            border-radius: 8px;
            padding: 30px;
            box-shadow: 0 2px 4px rgba(0,0,0,0.1);
        }
        h1 {
            color: #2c3e50;
            text-align: center;
        }
        h2 {
            color: #2980b9;
            border-bottom: 2px solid #3498db;
            padding-bottom: 10px;
        }
        .workflow {
            display: flex;
            flex-direction: column;
            gap: 40px;
            margin: 40px 0;
        }
        .component {
            background: #e8f4f8;
            border: 3px solid #3498db;
            border-radius: 12px;
            padding: 20px;
            position: relative;
        }
        .component h3 {
            margin: 0 0 10px 0;
            color: #2980b9;
        }
        .component p {
            margin: 5px 0;
            line-height: 1.6;
        }
        .postman {
            background: #fff3e0;
            border-color: #ff6c37;
        }
        .postman h3 {
            color: #ff6c37;
        }
        .client {
            background: #e8f5e9;
            border-color: #4caf50;
        }
        .client h3 {
            color: #388e3c;
        }
        .server {
            background: #f3e5f5;
            border-color: #9c27b0;
        }
        .server h3 {
            color: #7b1fa2;
        }
        .database {
            background: #fff8e1;
            border-color: #ffa726;
        }
        .database h3 {
            color: #f57c00;
        }
        .arrow {
            text-align: center;
            font-size: 30px;
            color: #e74c3c;
            font-weight: bold;
            margin: -20px 0;
        }
        .request {
            background: #ffebee;
            border-left: 4px solid #e74c3c;
            padding: 15px;
            margin: 10px 0;
        }
        .response {
            background: #e8f5e9;
            border-left: 4px solid #4caf50;
            padding: 15px;
            margin: 10px 0;
        }
        .code {
            background: #263238;
            color: #aed581;
            padding: 10px;
            border-radius: 4px;
            font-family: 'Courier New', monospace;
            font-size: 12px;
            overflow-x: auto;
            white-space: pre;
        }
        .step {
            background: #fff9c4;
            border-left: 4px solid #fbc02d;
            padding: 10px 15px;
            margin: 10px 0;
        }
        .note {
            background: #e1f5fe;
            border-left: 4px solid #0288d1;
            padding: 10px 15px;
            margin: 15px 0;
        }
        .question-box {
            background: #f1f8e9;
            border: 3px solid #7cb342;
            border-radius: 8px;
            padding: 20px;
            margin: 30px 0;
        }
        .question-box h3 {
            color: #558b2f;
            margin-top: 0;
        }
        .answer-box {
            background: #fff;
            border-left: 5px solid #7cb342;
            padding: 15px;
            margin: 10px 0;
        }
        ul {
            margin: 10px 0;
        }
        li {
            margin: 5px 0;
        }
        .module-list {
            display: grid;
            grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
            gap: 15px;
            margin: 15px 0;
        }
        .module-card {
            background: white;
            border: 2px solid #3498db;
            border-radius: 8px;
            padding: 15px;
        }
        .module-card h4 {
            margin: 0 0 10px 0;
            color: #2980b9;
        }
        .flow-step {
            background: linear-gradient(to right, #667eea 0%, #764ba2 100%);
            color: white;
            padding: 15px;
            border-radius: 8px;
            margin: 10px 0;
            font-weight: bold;
        }
    </style>
</head>
<body>
    <div class="container">
        <h1>üîÑ Complete API Workflow Guide</h1>
        <p style="text-align: center; color: #7f8c8d; font-style: italic;">
            Understanding Client-Server Communication for Data Engineering Students
        </p>

        <!-- QUESTION 1: NAME THE MODULES -->
        <div class="question-box">
            <h3>üìã QUESTION 1: Name the Modules</h3>
            <div class="answer-box">
                <h4>The main modules in an API workflow are:</h4>
                <div class="module-list">
                    <div class="module-card">
                        <h4>1. Client Layer</h4>
                        <p><strong>Modules:</strong></p>
                        <ul>
                            <li>Web Browser (Chrome, Firefox)</li>
                            <li>Mobile App (iOS/Android)</li>
                            <li>Desktop Application</li>
                            <li>API Testing Tools (Postman, Insomnia)</li>
                        </ul>
                    </div>
                    
                    <div class="module-card">
                        <h4>2. Network Layer</h4>
                        <p><strong>Modules:</strong></p>
                        <ul>
                            <li>HTTP/HTTPS Protocol</li>
                            <li>DNS (Domain Name System)</li>
                            <li>TCP/IP</li>
                            <li>Load Balancer</li>
                        </ul>
                    </div>
                    
                    <div class="module-card">
                        <h4>3. Server Layer (Backend)</h4>
                        <p><strong>Modules:</strong></p>
                        <ul>
                            <li>Web Server (Nginx, Apache)</li>
                            <li>Application Server (Node.js, Python/Flask, Java Spring)</li>
                            <li>API Router</li>
                            <li>Authentication Module</li>
                            <li>Business Logic Layer</li>
                        </ul>
                    </div>
                    
                    <div class="module-card">
                        <h4>4. Database Layer</h4>
                        <p><strong>Modules:</strong></p>
                        <ul>
                            <li>Database Management System (MySQL, PostgreSQL, MongoDB)</li>
                            <li>ORM (Object-Relational Mapping)</li>
                            <li>Connection Pool</li>
                            <li>Query Engine</li>
                        </ul>
                    </div>
                    
                    <div class="module-card">
                        <h4>5. Middleware Modules</h4>
                        <p><strong>Modules:</strong></p>
                        <ul>
                            <li>Authentication/Authorization</li>
                            <li>Logging & Monitoring</li>
                            <li>Caching (Redis, Memcached)</li>
                            <li>Error Handling</li>
                        </ul>
                    </div>
                    
                    <div class="module-card">
                        <h4>6. Data Format Modules</h4>
                        <p><strong>Modules:</strong></p>
                        <ul>
                            <li>JSON Parser</li>
                            <li>XML Parser</li>
                            <li>Serialization/Deserialization</li>
                        </ul>
                    </div>
                </div>
            </div>
        </div>

        <!-- QUESTION 2: COMMUNICATION FLOW -->
        <div class="question-box">
            <h3>üîÑ QUESTION 2: Explain the Communication Flow</h3>
            <div class="answer-box">
                <h4>Complete Step-by-Step Communication Flow:</h4>
                
                <div class="flow-step">
                    STEP 1: Client Initiates Request
                </div>
                <p>‚Ä¢ User performs action (clicks button, submits form)</p>
                <p>‚Ä¢ Client application prepares HTTP request</p>
                <p>‚Ä¢ Request includes: Method (GET/POST/PUT/DELETE), URL, Headers, Body (if needed)</p>
                
                <div class="flow-step">
                    STEP 2: Request Travels Over Network
                </div>
                <p>‚Ä¢ DNS resolves domain name to IP address</p>
                <p>‚Ä¢ TCP connection established with server</p>
                <p>‚Ä¢ HTTP request sent through internet to server</p>
                
                <div class="flow-step">
                    STEP 3: Server Receives Request
                </div>
                <p>‚Ä¢ Web server (Nginx/Apache) receives the request</p>
                <p>‚Ä¢ Request forwarded to application server</p>
                <p>‚Ä¢ Router directs to appropriate endpoint handler</p>
                
                <div class="flow-step">
                    STEP 4: Authentication & Authorization
                </div>
                <p>‚Ä¢ Middleware checks authentication token/session</p>
                <p>‚Ä¢ Validates user permissions for requested resource</p>
                <p>‚Ä¢ Returns 401/403 error if unauthorized</p>
                
                <div class="flow-step">
                    STEP 5: Business Logic Processing
                </div>
                <p>‚Ä¢ Application processes the request</p>
                <p>‚Ä¢ Validates input data</p>
                <p>‚Ä¢ Applies business rules</p>
                
                <div class="flow-step">
                    STEP 6: Database Interaction (if needed)
                </div>
                <p>‚Ä¢ Server executes SQL queries</p>
                <p>‚Ä¢ Database retrieves/modifies data</p>
                <p>‚Ä¢ Results returned to application layer</p>
                
                <div class="flow-step">
                    STEP 7: Response Preparation
                </div>
                <p>‚Ä¢ Server formats data (usually as JSON)</p>
                <p>‚Ä¢ Adds appropriate status code (200, 404, 500, etc.)</p>
                <p>‚Ä¢ Sets response headers</p>
                
                <div class="flow-step">
                    STEP 8: Response Sent Back
                </div>
                <p>‚Ä¢ Response travels back through network to client</p>
                <p>‚Ä¢ Same route in reverse</p>
                
                <div class="flow-step">
                    STEP 9: Client Processes Response
                </div>
                <p>‚Ä¢ Client receives and parses response</p>
                <p>‚Ä¢ Checks status code for success/error</p>
                <p>‚Ä¢ Extracts data from response body</p>
                
                <div class="flow-step">
                    STEP 10: Display to User
                </div>
                <p>‚Ä¢ Client updates UI with received data</p>
                <p>‚Ä¢ Shows success/error messages</p>
                <p>‚Ä¢ User sees the result of their action</p>
            </div>
        </div>

        <!-- QUESTION 3: DATA TYPES -->
        <div class="question-box">
            <h3>üìä QUESTION 3: Describe What Type of Data is Sent and Received</h3>
            <div class="answer-box">
                <h4>DATA SENT (Request from Client to Server):</h4>
                
                <div class="request">
                    <strong>1. Request Line Data:</strong>
                    <ul>
                        <li><strong>HTTP Method:</strong> GET, POST, PUT, DELETE, PATCH</li>
                        <li><strong>URL/Endpoint:</strong> /api/users/123, /api/products</li>
                        <li><strong>Protocol Version:</strong> HTTP/1.1 or HTTP/2</li>
                    </ul>
                </div>
                
                <div class="request">
                    <strong>2. Headers (Metadata):</strong>
                    <div class="code">Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Accept: application/json
User-Agent: Mozilla/5.0
Host: api.example.com</div>
                    <ul>
                        <li><strong>Content-Type:</strong> Format of data (application/json, text/html, multipart/form-data)</li>
                        <li><strong>Authorization:</strong> Token, API key, session cookie</li>
                        <li><strong>Accept:</strong> What format client expects back</li>
                    </ul>
                </div>
                
                <div class="request">
                    <strong>3. Body Data (for POST/PUT/PATCH):</strong>
                    <div class="code">{
  "username": "anna_svensson",
  "email": "anna@example.com",
  "password": "securePass123",
  "age": 22,
  "courses": ["Data Engineering", "SQL", "APIs"]
}</div>
                    <p><strong>Types of body data:</strong></p>
                    <ul>
                        <li><strong>JSON:</strong> Most common for APIs</li>
                        <li><strong>Form Data:</strong> Key-value pairs</li>
                        <li><strong>XML:</strong> Older format, still used</li>
                        <li><strong>Binary:</strong> Files, images</li>
                        <li><strong>Plain Text:</strong> Simple strings</li>
                    </ul>
                </div>

                <h4 style="margin-top: 30px;">DATA RECEIVED (Response from Server to Client):</h4>
                
                <div class="response">
                    <strong>1. Status Line:</strong>
                    <ul>
                        <li><strong>Status Code:</strong> 200 (OK), 201 (Created), 404 (Not Found), 500 (Server Error)</li>
                        <li><strong>Status Text:</strong> "OK", "Not Found", "Internal Server Error"</li>
                    </ul>
                    <div class="code">HTTP/1.1 200 OK</div>
                </div>
                
                <div class="response">
                    <strong>2. Response Headers:</strong>
                    <div class="code">Content-Type: application/json
Content-Length: 256
Cache-Control: max-age=3600
Set-Cookie: sessionId=abc123; HttpOnly</div>
                </div>
                
                <div class="response">
                    <strong>3. Response Body (Actual Data):</strong>
                    <div class="code">{
  "success": true,
  "data": {
    "id": 123,
    "username": "anna_svensson",
    "email": "anna@example.com",
    "created_at": "2026-02-05T10:30:00Z",
    "courses": [
      {"id": 1, "name": "Data Engineering"},
      {"id": 2, "name": "SQL Fundamentals"}
    ]
  },
  "message": "User retrieved successfully"
}</div>
                    <p><strong>Common response formats:</strong></p>
                    <ul>
                        <li><strong>JSON Objects:</strong> Structured data with nested objects/arrays</li>
                        <li><strong>Arrays:</strong> Lists of items (e.g., all users, all products)</li>
                        <li><strong>Primitive Values:</strong> Strings, numbers, booleans</li>
                        <li><strong>Error Objects:</strong> {error: "User not found", code: 404}</li>
                        <li><strong>Binary Data:</strong> Images, PDFs, files</li>
                    </ul>
                </div>
            </div>
        </div>

        <!-- QUESTION 4: WHERE SQL IS EXECUTED -->
        <div class="question-box">
            <h3>üóÑÔ∏è QUESTION 4: Explain Where SQL Queries Are Executed</h3>
            <div class="answer-box">
                <h4>SQL Queries are ONLY executed on the SERVER SIDE</h4>
                
                <div class="note" style="background: #ffebee; border-color: #e74c3c;">
                    <strong>‚ö†Ô∏è IMPORTANT:</strong> SQL queries are NEVER executed on the client side for security reasons!
                </div>

                <h4>The Complete SQL Execution Flow:</h4>
                
                <div class="component server">
                    <h3>üñ•Ô∏è SERVER - Application Layer</h3>
                    <p><strong>Where it happens:</strong> Backend code (Python, Node.js, Java, etc.)</p>
                    
                    <div class="step">
                        <strong>Step 1: Receive Client Request</strong>
                        <p>Client requests: GET /api/users/123</p>
                    </div>
                    
                    <div class="step">
                        <strong>Step 2: Backend Constructs SQL Query</strong>
                        <p>Example code (Python with Flask):</p>
                        <div class="code">@app.route('/api/users/&lt;user_id&gt;')
def get_user(user_id):
    # This runs on the SERVER
    query = "SELECT * FROM users WHERE id = %s"
    result = db.execute(query, (user_id,))
    return jsonify(result)</div>
                    </div>
                    
                    <div class="step">
                        <strong>Step 3: Send Query to Database</strong>
                        <p>Application server sends SQL query to database server</p>
                    </div>
                </div>

# The Client-Server Workflow Explanation

| Position      | Component             | Visual / Icon Suggestion    | Labels & Details to Include                                                     |
| ------------- | --------------------- | --------------------------- | ------------------------------------------------------------------------------- |
| Far Left      | Client (Browser)      | üíª Computer / Laptop        | **Label:** Client (Browser)<br>**Action:** User clicks **‚ÄúSubmit‚Äù**             |
| Top Middle    | Request               | ‚û°Ô∏è Right-pointing Arrow     | **Label:** HTTP Request<br>**Method:** `POST`<br>**Body:** `{ "user": "Alex" }` |
| Far Right     | Server / API          | üóÑÔ∏è Server Rack or ‚òÅÔ∏è Cloud | **Label:** Server / API<br>**Action:** Processing & Database Lookup             |
| Bottom Middle | Response              | ‚¨ÖÔ∏è Left-pointing Arrow      | **Label:** HTTP Response<br>**Status:** `200 OK`<br>**Body:** `{ "id": 101 }`   |
| Below Client  | Postman (Test Client) | üì¶ Separate Box             | **Label:** Postman (Test Client)<br>**Note:** Directly tests the Server API     |

![8](../assets/8.png)

## 1. The Client (The Origin)
What it is: A web browser (Chrome, Safari) or an app.

What happens: The user triggers an action, like clicking a button or entering a URL. The client prepares an HTTP Request.

Data Sent: * Method: (e.g., GET to fetch data, POST to send data).

Headers: Metadata (e.g., "I accept JSON", "Here is my login token").

Body: The actual data (e.g., a username and password in JSON format).

## 2. The Request (The Journey)
Mechanism: The request travels across the internet using the HTTP/HTTPS protocol. Think of it as a digital envelope addressed to a specific IP address (the server).

## 3. The Server (The Brain)
What it is: A remote computer running code (Node.js, Python, etc.) and connected to a database.

What happens: It receives the request, authenticates the user, processes logic (like "save this post to the database"), and gathers the requested information.

## 4. The Response (The Journey Back)
What happens: The server sends a package back to the client.

Data Received:

Status Code: (e.g., 200 OK for success, 404 Not Found, or 500 Server Error).

Body: The content requested (HTML for a website, or JSON for raw data).

## 5. Bonus: Postman (The Developer's Tool)
Role: Postman acts as a specialized Client.

Why use it? 
**Unlike a browser which "hides" the complexity to show a pretty website, Postman allows developers to see the raw data. 
It lets you manually construct requests to test if the Server is behaving correctly before you even build the front-end interface.**