# API: What is it?

A contract between the "server" and the "client"

We need to agree on:

1. What data is exchanged, what the "server" knows, what the "client" knows
2. How the data is transmitted (protocol)

Protocols:

1. HTTP/1.1 (1997)
1. HTTP/2 (2015)
1. HTTP/3 (2022)
1. WebSocket (2011)

...

# HTTP/1.1 Protocol

Key characteristics:
1. Interaction through verbs — GET, POST, PUT, DELETE, ...
2. The server stores no client state between requests (no sessions, no operation history, etc.)

More details: https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview


<img src="request_response.png" width="50%" height="50%" />

# Key points when building an API

What to think about when writing an API:

1. Format: REST, RPC, etc.
2. Technologies (language, libraries, etc.)
3. Documentation
4. Testing
5. Validation of permissions and user data
6. Error messages
7. Extensibility and versioning
8. Security
9. Scalability
10. And much more...

Let's build a small REST API.

Along the way we'll look at different libraries and discuss best practices for building APIs.

# Part 0. REST API characteristics

REST API is an old style of protocol. 

Its history starts with the PhD dissertation <a href="https://w...rtation/top.htm">Roy Thomas Fielding - Architectural Styles and
the Design of Network-based Software Architectures</a>.

REST API is not a strict standard but a set of principles. There is no single ready-made solution here. 

REST API is based on the idea of using the HTTP protocol to build APIs.

Principles:
1. Client and server interact via some interface. They do not know each other's internal implementation. 
2. The server stores no client state between requests (no sessions, no operation history, etc.)
3. All interaction happens by operating on resources that are identified by URLs.
4. Resources have a clear structure.
5. A URL is a unique identifier of a resource.
6. Interaction with resources happens via HTTP methods: `GET`, `POST`, `PUT`, `DELETE`, `PATCH`, etc.
7. The server indicates what and how to cache

Since REST API is based on the HTTP protocol, the core of this protocol consists of two entities: Request and Response.

REST API assigns certain semantics to HTTP methods. `GET` — fetch a resource, `POST` — upload a resource, etc.
You can find REST APIs that use only `GET` and `POST`, and others that use many more HTTP methods. 

There is no single right option here. We will discuss later the specifics of using different HTTP methods for APIs.

# Part 2. Framework for APIs

There are many different libraries and frameworks for writing REST APIs.                           
Here are some of them:
1. AIOHTTP
2. Django, Django Rest
3. Flask, Flask RESTX (ex. Flask-RESTplus), etc
4. Falcon
5. Pyramid
6. FastAPI

We'll settle on FastAPI because:
1. Supports asynchrony
2. Easy to test
3. Generates documentation out of the box

<img src="https://fastapi.tiangolo.com/img/logo-margin/logo-teal.png" width=500px>

# Part 3. FastAPI

Code demo

Launch command:
```
uvicorn main:app --reload
```

`reload` — automatically reload the server when the code is changed.

Important! The examples used plain uvicorn.

It cannot fully restart workers.

For real deployments you should use the Gunicorn + Uvicorn combo.

More details: https://fastapi.tiangolo.com/deployment/server-workers/

# Part 4. A bit more about HTTP

An HTTP request looks like this:

`VERB /url`

What HTTP verbs are there? There are many:
1. `GET`
2. `POST`
3. `PUT`
4. `DELETE`
5. `PATCH`
6. `HEAD`
7. `OPTIONS`
8. `CONNECT`
9. `TRACE`

Why are there so many methods? 

Methods are:
* Safe and unsafe
* Idempotent and non-idempotent
* Cacheable and non-cacheable

A safe method — no side effects. Does not change the state of the resource.

An idempotent method — when the same request is repeated, it does not change the state of the resource.

A cacheable method — the client and intermediate proxies are allowed to cache the result of a request.

What the HTTP/1.1 standard (RFC 2616) says about methods:

`GET`

* Returns a resource (more formally, its representation)
* Must be safe, idempotent, and cacheable

`POST`

* Sends some data to the server related to the given resource
* Can create a new resource with its own address. If a new resource is created, the response is recommended to include a redirect to it.
* Unsafe, non-idempotent, non-cacheable

`PUT`

* Stores the object sent in the request at the given URL
* Can either update the current resource or create a new one
* Unsafe, idempotent, non-cacheable

`DELETE`

* The inverse operation to `PUT`: deletes a resource by URL
* Unsafe, idempotent, non-cacheable

`PATCH`

* Alternative to `PUT`: partially modifies a resource
* You can provide a partial description of the resource
* Unsafe, possibly non-idempotent, non-cacheable

Relationship between `GET`, `PUT`, `DELETE`.

* If `PUT` was executed, then `GET` must return the same representation
* If `DELETE` was executed, then `GET` must return an error

## Useful links
1. https://cloud.google.com/apis/design
2. https://github.com/microsoft/api-guidelines
3. https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design
4. https://geemus.gitbooks.io/http-api-design/content/en/
