<img src="http://imgur.com/1ZcRyrc.png" style="float: left; margin: 20px; height: 55px">

# Introduction to Web Services and APIs

_Instructor: Aymeric Flaisler_

---
![](assets/opening.png)

### Learning Objectives
*After this lesson, you will be able to:*
- Describe APIs and how to make calls and consume API data.
- Access public APIs and get information back.
- Read and write data in JSON format.
- Use the `requests` library.

### Lesson Guide
- [Introduction to APIs](#intro)
- [What is an API?](#what-is-api)
- [Famous APIs](#famous)
    - [Facebook](#facebook)
    - [Yelp](#yelp)
    - [Echonest](#echonest)
- [Web APIs](#web-apis)
- [Separation of concerns](#mvc)
- [HTTP](#http)
- [Web applications](#web-app)
- [Demo: HTTP](#demo-http)
- [Independent practice: HTTP](#ind-http)
- [HTTP Request](#http-request)
    - [HTTP Request methods](#request-methods)
    - [HTTP Request structure](#request-structure)
- [HTTP Response](#http-response)
    - [Response types overview](#response-types)
- [JSON](#json)
- [Independent practice: validating JSON](#ind-practice)
- [Guided practice: pulling data from APIs](#guided-practice)
    - [Example 1: movies](#ex1-movies)
    - [Submit queries to the API](#submit)
    - [Example 2: Google Geocode](#ex2-geocode)
- [oAuth](#oauth)
- [Independent practice: python APIs](#ind-practice2)
- [Closing questions](#closing-questions)

### Intro checkout: What is an API? Give 2 different examples


## Has anyone used or is currently using an API?
<br>
_Warning Signs_:
<img src="assets/warning.png" style="float: left; width: 300px; margin: -5px 50px">
- _Random data found all over computer_
- _Withdrawls from friends and family_
- _Constantly iterating over nested JSON_
- _Lack of sleep_
- _Talks about JSON as if a real person_


<a name="intro"></a>
## Introduction to APIs

---

In this lesson we will be diving into the world of APIs and taking a tour of one of the most accessible sources of data on the internet.

- **What is meant by an "API"**
- **Common use cases**
- **How to read API documentation**
- **General development workflow with APIs**


<a id='what-is-api'></a>
## What is an API?

---

An API (Application Programming Interface) is a set of routines, protocols, and tools for building software applications. It specifies how software components should interact.

APIs are a way developers abstract functionality to data, devices, and other resources they provide. 

Some examples include:

- Connectivity to a variety of databases
- IoT (ie: Python modules that can turn LED lights on and off)
- Application that runs on native Windows, OSX, or Linux
- Libraries that post content on Twitter, Facebook, Yelp, or LinkedIn
- Web services for accessing currency or stock prices

More abstract examples:

- Pandas https://pandas.pydata.org/pandas-docs/stable/api.html
- Adding your own functions to Numpy itself
- Extending Python with C code
- Testing Frameworks

In the context of data science, APIs are a very common method to interact with data hosted by third parties and most commonly provided by **Web Service APIs**.

<a id='famous'></a>
<a id='facebook'></a>

### Famous APIs:  Facebook

Facebook provides a RESTful HTTP-based  API for interacting with their service.  At a glance:

- View your posts
- View websites, people, posts, pages that you've liked
- View activity on apps from you and your friends
  - Movies watched
  - Music listened
  - Games played
- View places traveled / check-ins
- Relationships
- but also much more: https://developers.facebook.com/products

#### Potential Project Ideas:

|   |   |   |   |
|---|---|---|---|
| Determining Latent Characteristics | Friends Activity | Political Classification | Text Mining |
| Friend Classifier | Trending Topics | Recommenders | Feature Importances |
| Taste Profiling | Hipster Detector | Sub-group Identification | Checkin-Prediction |
| Relationship Forcasting | Relationship Classification | Sentiment Analysis | Popularity Projection |
| Personal Analytics | Friend Similarity Prediction | N-Gram Analysis | Topic Modeling |

### What does RESTful API mean?

- REST = REpresentational State Transfer and is a style of software architecture. 
- The principles of REST are:
    - Resources expose easily understood directory structure URIs.
    - Representations transfer JSON or XML to represent data objects and attributes.
    - Messages use HTTP methods explicitly (for example, GET, POST, PUT, and DELETE).
    - Stateless interactions store no client context on the server between requests. State dependencies limit and restrict scalability. The client holds session state.

https://en.wikipedia.org/wiki/Representational_state_transfer
- This "architectural style" basically exploits the existing technology and protocols of the Web (GET, POST, PUT, and DELETE).
- RESTful is typically used to refer to web services implementing such an architecture.



<a id='yelp'></a>
### Famous APIs:  Yelp

Yelp provides a way for developers to access:

- Reviews
 - Services
 - Restaraunts / Bars / Cafes
 - Businesses
- Business meta-data

#### Potential Project Ideas

|   |   |   |   |
|---|---|---|---|
| Topic Modeling | Text Mining | Sentiment Analysis | Funny / Cool / Interesting Classification | 
| Music Genre Classification | Parking Index Classification | Characteristics Profiling | Hipster Index |
| Ideal Activities | Friend Recommender | Venue Recommender | Sports Bar Classifcation |
| Where is the best [whatever] in [neighborhood] | | |

<a id='web-apis'></a>
## Web APIs

---

![](assets/notify.png)

The prevelance of web APIs have increased 10x with the rise of Javascript and advent of web programming techniques allowing for the transmission of small pieces of data without having to refresh the entire page.

With the growth of highly interactive websites, provided by AJAX programming techniques in Javascript, many languages have started co-opting standards to communicate data to and from web servers for two big reasons:
- Ease of integration
- Consistent standards


## Other use linked with API:

http://crockpotveggies.com/2015/02/09/automating-tinder-with-eigenfaces.html

<a name="mvc"></a>
## Separation of concerns

---

In order to talk about APIs, we need first to introduce the **separation of concerns**. In computer science, _separation of concerns_ (SoC) is a design principle for separating a computer program into distinct sections, such that each section addresses a separate concern. A concern is a set of informations that affects the code of a computer program. 

In particular, when building a web application, it's best practice to separate the website logic from data models. This not only allows for cleaner code, but is an easier way to manipulate our layouts and interactions. Separation of concerns becomes ever more important when working with outside data.

<img src="assets/MVC-Process.png" style="width: 200px;"> 

- The model is responsible for managing the data of the application. It receives user input from the controller.
- The view means presentation of the model in a particular format.
- The controller is responsible for responding to the user input and perform interactions on the data model objects. 

> _MVC: Model View Controller, is a famous SoC paradigm in programming._ 

API calls are really a fancy term for making _HTTP requests_ (in the context of web APIs) to a server and sending/receiving structured data from that endpoint (URL). We are still communicating with URLs, however instead of receiving markup, like we do with HTML pages, we receive data.

[Representational state transfer (REST)](https://en.wikipedia.org/wiki/Representational_state_transfer) is the most common architecture style for passing information to and from these API endpoints.

Before we start consuming these services however, it's important to understand the fundamentals of the underlying communication layer: **HTTP**.


<a id='http'></a>
## HTTP / HTTPS

---

HTTP is a protocol - a system of rules - that determines how web pages (see:'hypertext') get sent (see:'transferred') from one place to another. Among other things, it defines the format of the messages passed between HTTP clients and HTTP servers.

Since the web is a service, it works through a combination of clients which _make_ requests and servers (which _receive_ requests).

HTTPS is the same protocol using a layer of encryption ((TLS) Transport Layer Security, or formerly, its predecessor, Secure Sockets Layer (SSL)) for secure communication over the different transfers required.

### The HTTP client

HTTP Clients make or generate HTTP Requests. Some types of clients are:

* Browsers - Chrome, Firefox and Safari.
* Command Line programs - [curl](http://curl.haxx.se/docs/) and [wget](http://www.gnu.org/software/wget/manual/wget.html).
* Application code -  Python Requsts, Scrapy, Mechanize

HTTP Clients respond to HTTP Responses from a Web Server. They process the data being returned form a Web Server, aka HTTP Server.

### HTTP and web servers

All _Web Servers_ receive _HTTP Requests_ and generate _HTTP Responses_. Often **Web Servers are just the middleman**, passing HTTP Request and Responses between the client and web application. Two of the most popular _HTTP or Web servers_ are [Apache](http://httpd.apache.org/) and [Nginx](http://nginx.com/), But there are lots different [web servers](http://en.wikipedia.org/wiki/Comparison_of_web_server_software) out there.


### Checkout (3min in pair): Explain what a client and a server are? What about the term distributed computing?



<a id='web-app'></a>
## Web applications

---

Web applications are programs that run on a web server, process the HTTP requests that the server receives, and generate HTTP Responses.

![HTTP Request and Response](assets/request-response.png)

Lost? Here's the play-by-play.

1. A client sends a HTTP Request to a HTTP Server running on a remote machine.  
  * The _hostname_ given in the URL, indicates which server will receive the request.  
2. The HTTP server processes the HTTP Request. This may entail passing the request to some Web Application, which creates a HTTP Response.
3. The response gets sent back to the client.
4. The client processes the response.

How does the server know what the request is asking for? This is specified by the URL, a special kind of path that specifies where a resource can be found on the web.

![URL](./assets/http1-url-structure.png)



<a name="demo-http"></a>
## Demo: HTTP

---

Lets explore HTTP resources. We'll start by looking at HTTP requests and responses using the Chrome Inspector.

![HTTP Request and Response](./assets/http_request_response.jpeg "HTTP Request and Response")

* In Chrome, open up Chrome Inspector (*command + option + 'i', or ctrl + click and select 'inspect element'*).
* Select the Network tab. It should look something like this:

![image.png](attachment:image.png)

* Next, go to the URL https://generalassemb.ly/

You should be able to see a few HTTP Requests and Responses in the Network tab; for each request you'll see a **Path**, **Method**, **Status**, **Type**, and **Size**, along with info about how long it took to get each of these resources.
  * Most of this information comes from the HTTP Request and Response.*
  * Some HTTP requests are for CSS, JavaScript and images that are referenced by the HTML.
  * Select `generalassemb.ly` in the Path column on the far left.
  * Select the Headers tab. **Headers** are meta-data properties of an HTTP request or response, separate from the body of the message.

<a id='http-request'></a>
## HTTP Request

---

The first word in the request line, _GET_, is the **HTTP Request's Method**.

![HTTP Request](./assets/http_request.jpeg "HTTP Request")

<a id='request-methods'></a>
### HTTP Request methods:

* **`GET`** => Retrieve a resource.  
* **`POST`** => Create a resource.  
* **`PATCH`** (_or **`PUT`**, but **`PATCH`** is recommended_) => Update an existing resource.  
* **`DELETE`** => Delete a resource.  
* **`HEAD`** => Retrieve the headers for a resource.

Of these, **`GET`** and **`POST`** are the most widely used.

<a id='request-structure'></a>
### HTTP Request structure:

```
[http request method] [URL] [http version]  
[list of headers]

[request body]
```
**Note**:  
- The **HTTP request body** is the one which carries actual HTTP request data (including form and uploaded data). 
- The **HTTP response body** returns the data from the server ( including files, images etc). 
- The **request header** will carry the meta-data of the call like the address the credentials the language, etc. and can't not contain actual data like as above.

*Notice, that the Request Header is separated from the Request Body by a new line. They are sent together.*

**HTTP Request Method Example: (No Body)**

    GET http://vermonster.com HTTP/1.1  
    Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
    Accept-Encoding:gzip,deflate,sdch
    Accept-Language:en-US,en;q=0.8  
    Connection:keep-alive  
    Host:vermonster.com  
    User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)  
    AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1659.2 Safari/537.36  

<a id='http-response'></a>
## HTTP Response

---

![HTTP Response](./assets/http_response.jpeg "HTTP Response")

When a client sends a request, the server sends back a response; the standard format for this response is:

```
[http version] [status] [reason]  
[list of headers]

[response body] # typically HTML, JSON, ...  
```

<a id='response-types'></a>
### Response types overview

> Check these out when you have time -- at least be aware that there is an expected pattern to these codes:

**[Status Codes](http://en.wikipedia.org/wiki/List_of_HTTP_status_codes)** have standard meanings; here are a few.

|Code|Reason|
|:---|:-----|
|200| OK
|301| Moved Permanently
|302| Moved Temporarily
|307| Temporary Redirect
|400| Bad Request
|403| Forbidden
|404| Not Found
|500| Internal Server Error

<a id='ind-http'></a>

## Independent practice: HTTP

---


### Go to your favorite website(s) (safe for work ;-) ), inspect the protocol from the Chrome network inspection tool (cmd-opt-i), identify:

- Requests sent by your client
- Requests send by the server


#### Research and Explain:
- cache-control
- age
- content-encoding
- "GET" and "POST" requests
- query string parameters

#### Bonus:
What are cookies?
<img src="assets/cookies.png" style="width: 100px">

<a name="json"></a>
## JSON

---

JSON is short for _JavaScript Object Notation_, and is a way to store information in an organized, easy-to-access manner. In a nutshell, it gives us a human-readable collection of data that we can access in a really logical manner.

**JSON is built on two structures:**
* A collection of name/value pairs. In various languages, this is realized as an object, record, structure, dictionary, hash table, keyed list, or associative array.
* An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

These are universal data structures. Virtually all modern programming languages support them in one form or another. It makes sense that a data format that is interchangeable with programming languages also be based on these structures.

### JSON objects

An object is an unordered set of name/value pairs, like python dictionaries. An object begins with `{` (left brace) and ends with `}` (right brace). Each name is followed by `:` (colon) and the name/value pairs are separated by `,` (comma).

The syntax is as follows:

```
{ string : value, .......}
```
like:
```
{"count": 1, ...}
```
_Seems an awful lot like a python dictionary!?_

**Note:** Although they look alike, JSON is language agnostic (ie: will work with any programming language). One consequence is that `'` are not the equivalent of `"` in a JSON context.

## Code along 1: Querying Foursquare's RESTful API

### I) Set up:

We are going to to request information through Foursquare's API. Foursquare is an app that helps you find the perfect places to go with friends. Discover the best food, nightlife, and entertainment around you.

In order to use the API, we need to sign-up and activate the access to it. To do that:  
1) Sign-up to Foursquare at https://foursquare.com/  
2) Go to https://developer.foursquare.com/ and log in  
3) Log in and on the left panel, click on `EXPLORER`  
4) In the page that appears, you should see a paragraph 'Sample Request'. There should be a URL similar to https://api.foursquare.com/v2/users/self?oauth_token=XXXXXXXXXX&v=20180407

**Explanation:**
The API `endpoint` https://foursquare.com/user/USER_ID returns the profile information for a given userID (cf.: https://developer.foursquare.com/docs/api/users/details). Foursquare's API have many other `endpoints` (cf.: https://developer.foursquare.com/docs/api/endpoints) but we will only use one for this exercise.


In the url they provide, `self` point at your profile (which is why you do not need to enter a specific ID. The part after `oauth_token` is your personal token (please don't share it!).


### II) Actual exercise:

1) Go to the URL you obtained in I.4 (ie: enter it in your internet browser). How would you explain to a non-technical person what you are seeing?

In [1]:
# A:

2) We are going to load the server's response into a python variable using the modules requests and json. 

In [None]:
import requests, json
import pandas as pd

# We are going to make a get call to the end point "https://foursquare.com/user/USER_ID":
sample_url = 
r_ = requests.get(sample_url)

In [None]:
# Let's have a look at the server response:
r_.text

In [None]:
# The call requests has a method .json() that return the request's response as a JSON object:
json_ = r_.json()
print(json_)

In [None]:
# As we explained earlier, json_ object are a variant of python dictionary. 
# As a consequence, we can access them in the same way.
json_.keys()

In [None]:
# Let's have a look at the key "response":
json_['response']

### Exercise: 

The response has a nested values "email" that contain the email of the user you requested information from (ie: here it should be the email you entered when you signed up).

1) I want you to find a way to filter the json such that you only get the email value.

**Tips:** In order to get the user firstname, I'd do: 

```
json_['response']['user']['firstName']
```

2) How about the canonicalUrl of the "to do"?

In [None]:
# A:

<a name="ind-practice"></a>
## Independent practice: validating JSON 

---

JSON is very simple to use if correctly structured. One of the resources to validate JSON and check if the syntax is correct is [JSON Viewer](http://codebeautify.org/jsonviewer) or [JSON edit](http://www.jsoneditoronline.org/).

For this exercise, copy the [JSON data from the code folder](./code/test.json) and insert it in the web app above, click "Validate".

If you see "Valid JSON", click "Beautify" and you will see a more readable way of JSON. If you do not see the message "Valid JSON", it means that there is a syntax error.

* First, correct errors (if there are any... ;-) )
* Then, with your neighbor, identify the structure of the JSON. Can you guess:

    - What is a root element?
    - Are there any arrays?
    - How many objects are there?
    - What are the attributes of an object?

<a name="guided-practice"></a>
### Code along 2: Pulling data from APIs

---

Recall that APIs are methods and data formats to tell people how to "talk" to a system. We will walk through a couple of examples.

<a id='ex1-movies'></a>
### Example 1: movies

The internet movie database is a large collection of data about movies. It can be browsed at the address: http://www.imdb.com/.

What if we wanted to programatically access the data in the database? Unless we are employees of IMDB.com, we probably don't have direct access to their internal database, so we cannot perform SQL queries on their data.

We could use scraping to retrieve data from the web page, and in some cases we will have to do exactly that.

> *Note: check the "Terms of Service" before you scrape a website, you could be infringing their terms.*

In other cases, the website offers a way to programatically access data from their database. That's an API.

In the case of movies, this is offered by http://www.omdbapi.com/

_Unfortunately, OMDB is no longer a free to use API.  Instead, we'll practice interacting with the Star Wars API (SWAPI)_


**Let's try for example to retrieve the data about the "Obi-Wan Kenobi".**

Referencing the [SWAPI Documentation](http://swapi.co/documentation), lets create a query to search for characters with "obi" in their name.

**In a browser, paste:**

    https://swapi.co/api/people/?format=json&search=obi


###  What Just Happened?

We requested a url, which responded with JSON.

SWAPI has a GUI base responce as well which is the default.

https://swapi.co/api/people/?format=json&search=obi

Also a Wookie flavored one.

https://swapi.co/api/people/?format=wookiee&search=obi

<a id='submit'></a>
### Try submitting a couple more queries to familiarize with the API.

- You can also query an API from the command line using the app `curl`. Try typing:

    `curl -v https://swapi.co/api/people/?format=json&search=obi`


```javascript   
{"name":"Chewbacca",
 "height":"228",
 "mass":"112",
 "hair_color":"brown",
 "skin_color":"unknown",
 "eye_color":"blue",
 "birth_year":"200BBY",
 "gender":"male",
 "homeworld":"http://swapi.co/api/planets/14/",
 "films": ["http://swapi.co/api/films/2/","http://swapi.co/api/films/6/","http://swapi.co/api/films/3/","http://swapi.co/api/films/1/","http://swapi.co/api/films/7/"],
 "species":["http://swapi.co/api/species/3/"],
 "vehicles":["http://swapi.co/api/vehicles/19/"],
 "starships":["http://swapi.co/api/starships/10/","http://swapi.co/api/starships/22/"],
 "created":"2014-12-10T16:42:45.066000Z",
 "edited":"2014-12-20T21:17:50.332000Z",
 "url":"http://swapi.co/api/people/13/"}
```

In [None]:
# Request example for the IMDB example
import pandas as pd
import requests
result = requests.get("https://swapi.co/api/people/?format=json&search=obi")
df = pd.DataFrame(result.json())
df

In [None]:
# Note that a simple json is well interpreted by pandas:
df_ = pd.DataFrame(result.json()['results'])
df_

In [None]:
result.headers

<a id='ex2-geocode'></a>
### Example 2: Google Geocode API

Google offers a freely accessible API to query their GEO databases.  One of the many features Google Maps API provides is a way to get longitude and latitude coordinates from addresses.

**Try pasting the following line in your browser:**
    
    https://maps.googleapis.com/maps/api/geocode/json?address=114+Whitechapel+High+St+London

In [None]:
# Request the resource from google maps
result = requests.get("https://maps.googleapis.com/maps/api/geocode/json?address=114+Whitechapel+High+St+London")
google_result = result.json()

In [None]:
google_result

In [None]:
# Loop through results and display lat, lon values for reverse geocode
for item in google_result['results']:
    print(item['geometry']['location'])

<a id='oauth'></a>
## oAuth VS. Access Token VS. Public / Secret keys

---

oAuth is simply a secure authorization protocol that deals with the authorization of third party application to access the user data without exposing their password. (e.g., Login with facebook, gPlus, twitter in many websites.) all work under this protocol.

Basically there are three parties involved: **oAuth Provider, oAuth Client and Owner**.

- oAuth Client (Application Which wants to access your credential)
- oAuth Provider (eg. facebook, twitter...)
- Owner (the one with facebook,twitter.. account )

Many APIs are free to access. You first need to register as a developer and obtain an authorization key. In most cases, this is also accompanied by a temporary token that needs to be renewed after some time. This is a way to prevent abuse on the server's resources.

You can read more about it here: http://oauth.net/2/


### OAuth Example:  client work with instagram

![image.png](attachment:image.png)

<a name="ind-practice2"></a>
## Pair Practice: Python APIs

---

**Form pairs and do the following:**  
Go to http://www.pythonforbeginners.com/api/list-of-python-apis  
or   
https://github.com/realpython/list-of-python-api-wrappers
  
- Choose 1 API: what data is available with your choosen API?
- Install python module (if available for API), try to extract data.
- Discuss: How could you leverage that api? How could you use the data?


**Top tip:** If you don't know which one to choose, this one: https://pypi.org/project/Wikipedia-API/ is a wrapper for Wikipedia and is very simple to use.


<a id='closing-questions'></a>
## Checkout (still in pair):



### - What is the easiest aspect of all this to understand?

In [None]:
# A:

### - What is the most challenging aspect to understand?

In [None]:
# A:

### - How does this contrast to scraping?

In [None]:
# A:

### - How would you explain API's to someone who didn't know anything about them?

In [None]:
# A:

### - Any new ideas for capstone data?

In [None]:
# A: