## Restful API

# API Test Cases

This document outlines the test cases for a REST API using `curl` commands.



## Public Endpoint

### Test `/api/data/summary/` (Public)

* **URL:** `http://127.0.0.1:8000/api/data/summary/`
* **Method:** `GET`
* **Command:**

    ```bash
    curl -X GET http://127.0.0.1:8000/api/data/summary/
    ```

* **Django code:**

    ```python
    import requests
    from django.http import JsonResponse
    
    def access_api(request):
        url = 'http://127.0.0.1:8000/api/data/summary/'
        
        # Make a GET request to the API
        response = requests.get(url)
        
        # Check if the response is successful (status code 200)
        if response.status_code == 200:
            data = response.json() 
            return JsonResponse(data)  
        else:
            return JsonResponse({"error": "Failed to fetch data"}, status=400)
    ```

## Restricted Origin Endpoint

### Test `/api/data/sensitive/` (Restricted Origin)

* **URL:** `http://127.0.0.1:8000/api/data/sensitive/`
* **Method:** `GET`
* **Origin Header Required:** `http://allowed-origin.com`
* **Command (cURL):**

    ```bash
    curl -X GET http://127.0.0.1:8000/api/data/sensitive/ -H "Origin: http://allowed-origin.com"
    ```

* **Django Code (to access the API from a view):**

    ```python
    import requests
    from django.http import JsonResponse

    def access_sensitive_data(request):
        url = "http://127.0.0.1:8000/api/data/sensitive/"

        # Set the headers, including the required Origin header
        headers = {
            "Origin": "http://allowed-origin.com"
        }

        # Make a GET request to the restricted API with the specified headers
        response = requests.get(url, headers=headers)

        # Check if the response is successful (status code 200)
        if response.status_code == 200:
            data = response.json()  # Parse the JSON data from the response
            return JsonResponse(data)  # Return the data in a JsonResponse
        else:
            # Handle error case if API call fails
            return JsonResponse({"error": "Failed to fetch sensitive data"}, status=400)
    ```

## Token-Required Endpoints

### Get Access Token

* **URL:** `http://127.0.0.1:8000/api/token/`
* **Method:** `POST`
* **Data:** `username=admin&password=admin`
* **Command:**

    ```bash
    curl -X POST http://127.0.0.1:8000/api/token/ -d "username=admin&password=admin"
    ```

* **Example Response:**

    ```json
    {  
        "refresh": "eyJhbGciOiJ2JVrVfdX16bHJyp5A",
        "access": "eyJhbGciOiJIUzI1NiS_26JJ8p8GyJsj_mOQ"
    }
    ```

* **Django Code (to access the token from a view):**

    ```python
    import requests
    from django.http import JsonResponse

    def get_access_token(request):
        url = "http://127.0.0.1:8000/api/token/"
        
        # Prepare the data to be sent in the POST request
        data = {
            'username': 'admin',
            'password': 'admin',
        }
        
        # Make the POST request to get the access token
        response = requests.post(url, data=data)
        
        # Check if the request was successful
        if response.status_code == 200:
            # Return the token in the JSON response
            return JsonResponse(response.json())
        else:
            # Handle failure case (e.g., invalid credentials)
            return JsonResponse({"error": "Failed to retrieve token"}, status=400)
    ```

### Access `/api/data/confidential/` with Token

* **URL:** `http://127.0.0.1:8000/api/data/confidential/`
* **Method:** `GET`
* **Authorization Header:** `Bearer <access_token>` (replace `<access_token>` with the actual token)
* **Command:**

    ```bash
    curl -X GET http://127.0.0.1:8000/api/data/confidential/ -H "Authorization: Bearer <access_token>"
    ```

* **Django Code (to access the API with token):**

    ```python
    import requests
    from django.http import JsonResponse

    def access_confidential_data(request):
        url = 'http://127.0.0.1:8000/api/data/confidential/'

        # Get the access token (this would be dynamically set, e.g., from the session or token storage)
   <access_token>our_access_token_here'

        # Prepare headers with the token
        headers = {
            'Authorization': f'Bearer {access_token}'
        }

        # Make the GET request to fetch confidential data
        response = requests.get(url, headers=headers)

        # Check if the response was successful (status code 200)
        if response.status_code == 200:
            data = response.json()  # Get the data from the response
            return JsonResponse(data)  # Return the data in JSON format
        else:
            return JsonResponse({"error": "Failed tnt is accessible at `http://127.0.0.1:8000`.

    ```


### Refresh Access Token

* **URL:** `http://127.0.0.1:8000/api/token/refresh/`
* **Method:** `POST`
* **Data:** `refresh=<refresh_token>` (replace `<refresh_token>` with the actual refresh token)
* **Command:**

    ```bash
    curl -X POST http://127.0.0.1:8000/api/token/refresh/ -d "refresh=<refresh_token>"
    ```

* **Example Response:**

    ```json
    {
        "access": "new_access_token_here"
    }
    ```

* **Django Code (to refresh the token):**

    ```python
    import requests
    from django.http import JsonResponse

    def refresh_access_token(request):
        url = 'http://127.0.0.1:8000/api/token/refresh/'

        # Replace this with the actual refresh token
        refresh_token = 'your_refresh_token_here'

        # Prepare the data to be sent in the POST request
        data = {
            'refresh': refresh_token,
        }

        # Make the POST request to refresh the token
        response = requests.post(url, data=data)

        # Check if the request was successful
        if response.status_code == 200:
            # Return the new access token in the JSON response
            return JsonResponse(response.json())
        else:
            # Handle failure case (e.g., invalid refresh token)
            return JsonResponse({"error": "Faien endpoint is accessible at `http://127.0.0.1:8000`.


## Data Manipulation Endpoints

### Create Data

* **URL:** `http://127.0.0.1:8000/api/data/`
* **Method:** `POST`
* **Authorization Header:** `Bearer <access_token>` (replace `<access_token>` with the actual access token)
* **Content-Type Header:** `application/json`
* **Data:** `{"REGION": "Region 12", "FIRST_NAME": "Juan", "LAST_NAME": "Dela Cruz", "AGE": 30}`
* **Command:**

    ```bash
    curl -X POST http://127.0.0.1:8000/api/data/ \
        -H "Authorization: Bearer <access_token>" \
        -H "Content-Type: application/json" \
        -d '{"REGION": "Region 12", "FIRST_NAME": "Juan", "LAST_NAME": "Dela Cruz", "AGE": 30}'
    ```

* **Django Code (to create data):**

    ```python
    import requests
    from django.http import JsonResponse

    def create_data(request):
        url = 'http://127.0.0.1:8000/api/data/'

        # Get the access token (this would be dynamically set, e.g., from the session or token storage)<access_token> = 'your_access_token_here'

        # Prepare headers and data
        headers = {
            'Authorization': f'Bearer {access_token}',
            'Content-Type': 'application/json'
        }

        data = {
            'REGION': 'Region 12',
            'FIRST_NAME': 'Juan',
            'LAST_NAME': 'Dela Cruz',
            'AGE': 30
        }

        # Make the POST request to create the data
        response = requests.post(url, headers=headers, json=data)

        # Check if the request was successful (status code 201 for created)
        if response.status_code == 201:
            return JsonResponse(response.json())  # Return the response from the API
        else:
            return JsonResponse({"error"e API endpoint is accessible at `http://127.0.0.1:8000`.


### List Data

* **URL:** `http://127.0.0.1:8000/api/data/`
* **Method:** `GET`
* **Authorization Header:** `Bearer <access_token>` (replace `<access_token>` with the actual access token)
* **Command:**

    ```bash
    curl -X GET http://127.0.0.1:8000/api/data/ -H "Authorization: Bearer <access_token>"
    ```

* **Django Code (to list data):**

    ```python
    import requests
    from django.http import JsonResponse

    def list_data(request):
        url = 'http://127.0.0.1:8000/api/data/'

        # Get the access token (this would be dynamically set, e.g., from the session or token storage)
        access_token = '<access_token>'

        # Prepare headers
        headers = {
            'Authorization': f'Bearer {access_token}'
        }

        # Make the GET request to list the data
        response = requests.get(url, headers=headers)

        # Check if the request was successful (status code 200)
        if response.status_code == 200:
            return JsonResponse(response.json())  # Return the response from the API
        else:
            return JsonResponse({"error": "Failed to fetch data"}, status=400).


### Retrieve Data (ID = 1)

* **URL:** `http://127.0.0.1:8000/api/data/1/`
* **Method:** `GET`
* **Authorization Header:** `Bearer <access_token>` (replace `<access_token>` with the actual access token)
* **Command:**

    ```bash
    curl -X GET http://127.0.0.1:8000/api/data/1/ -H "Authorization: Bearer <access_token>"
    ```

* **Django Code (to retrieve data by ID):**

    ```python
    import requests
    from django.http import JsonResponse

    def retrieve_data(request, data_id):
        url = f'http://127.0.0.1:8000/api/data/{data_id}/'

        # Get the access token (this would be dynamically set, e.g., from the session or token storage)
   <access_token>our_access_token_here'

        # Prepare headers
        headers = {
            'Authorization': f'Bearer {access_token}'
        }

        # Make the GET request to retrieve the data by ID
        response = requests.get(url, headers=headers)

        # Check if the request was successful (status code 200)
        if response.status_code == 200:
            return JsonResponse(response.json())  # Return the response from the API
        else:
            return JsonResponse({"error": "Failed to fetch data"}, status=400)
    ```


### Update Data (ID = 1)

* **URL:** `http://127.0.0.1:8000/api/data/1/`
* **Method:** `PUT`
* **Authorization Header:** `Bearer <access_token>` (replace `<access_token>` with the actual access token)
* **Content-Type Header:** `application/json`
* **Data:** `{"REGION": "Updated Region", "FIRST_NAME": "Pedro", "LAST_NAME": "Santos", "AGE": 35}`
* **Command:**

    ```bash
    curl -X PUT http://127.0.0.1:8000/api/data/1/ \
        -H "Authorization: Bearer <access_token>" \
        -H "Content-Type: application/json" \
        -d '{"REGION": "Updated Region", "FIRST_NAME": "Pedro", "LAST_NAME": "Santos", "AGE": 35}'
    ```

* **Django Code (to update data by ID):**

    ```python
    import requests
    from django.http import JsonResponse

    def update_data(request, data_id):
        url = f'http://127.0.0.1:8000/api/data/{data_id}/'

        # Get the access token (this would be dynamically set, e.g., from the session or token storage)<access_token> = 'your_access_token_here'

        # Prepare headers
        headers = {
            'Authorization': f'Bearer {access_token}',
            'Content-Type': 'application/json'
        }

        # Data to be updated
        data = {
            'REGION': 'Updated Region',
            'FIRST_NAME': 'Pedro',
            'LAST_NAME': 'Santos',
            'AGE': 35
        }

        # Make the PUT request to update the data
        response = requests.put(url, headers=headers, json=data)

        # Check if the request was successful (status code 200)
        if response.status_code == 200:
            return JsonResponse(response.json())  # Return the response from the API
        else:
            return JsonResponse({"error": "Failed to update data"}, status=400)
    ```


### Delete Data (ID = 1)

* **URL:** `http://127.0.0.1:8000/api/data/1/`
* **Method:** `DELETE`
* **Authorization Header:** `Bearer <access_token>` (replace `<access_token>` with the actual access token)
* **Command:**

    ```bash
    curl -X DELETE http://127.0.0.1:8000/api/data/1/ -H "Authorization: Bearer <access_token>"
    ```

* **Django Code (to delete data by ID):**

    ```python
    import requests
    from django.http import JsonResponse

    def delete_data(request, data_id):
        url = f'http://127.0.0.1:8000/api/data/{data_id}/'

        # Get the access token (this would be dynamically set, e.g., from the session or token storage)
   <access_token>our_access_token_here'

        # Prepare headers
        headers = {
            'Authorization': f'Bearer {access_token}'
        }

        # Make the DELETE request to delete the data
        response = requests.delete(url, headers=headers)

        # Check if the request was successful (status code 204 means no content, but successful)
        if response.status_code == 204:
            return JsonResponse({"message": "Data deleted successfully"})
        else:
            return JsonResponse({"error": "Failed to delete data"}, status=400)
    ```


## Admin Panel

To access the Django Admin Panel, follow these steps:

1. **Start the Django development server** if it's not already running:
    ```bash
    python manage.py runserver
    ```

2. **Open your web browser** and navigate to the following URL:
    ```
    http://127.0.0.1:8000/admin/
    ```

3. **Login credentials:**
   - **Username:** `admin`
   - **Password:** `admin`

4. **After logging in**, you will be able to manage models, users, and other aspects of your Django application through the Admin Panel.
