## Objectives

* Describe an API 
* Discuss the importance of APIs in Data Science
* Consume APIs with Python



## What is an API?

![api](images/api.png)

API allows for different computer programs or applications to comminucate with one another. Its acts as as software intermediary allowing software programs to talk to each other.

They define the way and format data that data can be extracted from or sent to an application. One software program wants information and another has stored that information, they can use an api to both ask for and receive data.

They facilitate communication by allowing information to be requested, sent deleted or modified.

APIs can come in many forms or shapes ie:
* Operating system APIs such as turning both the camera and audio to allow one to join a zoom call.
* Web APIs for performing web actions example posting a tweet on twitter, liking an image on instagram.

Irregardless of the type, APIs tend to function the same way ie one usually makes a ```request``` for information and the API returns a ```response``` with what was requested.

They allow us to work with real time data containing:
* Real time updates. 
* Date and timestamps for each record.
* Geolocation.
* Numbers and text for analysis.

## Overview of Client-Server Model

![client-server-model](images/Client-Server.png)

Information is stored on the ```server```.

Interacting with the information stored on the server is done through the ```client```.

Typically, a server acts as a centralized computing resource which can be accessed by many clients for different purposes ie creating,reading, updating, & deleting.

## Parts of an API

An API typically has three core parts:
* **Access** - Who is the user accessing the information?
* **Request** - What information is the user wanting to access?
* **Response** - What is the result of the request?

## Why APIs are important to Data Scientist

* ### Accessing Data

APIs are a great way of accessing data that you are interested in. Many websites and web applications give access to their data via an API. In a real-world situation, most of the data that you will be working with would be coming from a database or from an API and in some situations you may even be accessing your database from an API.

* ### Deployment

How does one go from *"I have built a model with 92%"* to *"some user can use an app built around my project to know how much in loan they qualify for?"*. Ideally, upon building a model that performs some task you don't want to just push it to Git and onto the next, instead you want people to be able to use it. If you work with a team of Software Engineers lucky you, but they wouldn't appreciate you just emailing them a notebook with huges chunks of code so they put it into production. Giving your Software Engineers an API instead of a notebook is definitely going to make their lives slightly easier. 

One of the best ways of making your model usable to other people is by turning it into an API endpoint where people can send data into your API and inturn receive the results of your machine learning model. Models that you build can be great but would inturn be useless if they can't be used by other people.

📝 **Note** - Its important that:

* Learn how to set up and configure APIs in your code.
* Learn how to use various python libraries that would help you make API calls.
* Work with data structures like dictionaries and JSON to help you collect and save data from the APIs. 

## Consuming APIs with Python

![request](images/pythonrequest.png)

[Request](https://pypi.org/project/requests/) allows you to send HTTP requests using python extremely easy. 

In [33]:
# request to send http request 
import requests

Lets try make a basic request to the [GithubAPI](https://docs.github.com/en/rest).

* A **request** contains all the relevant data regarding your API call request such as the base URL, the endpoint, the method used, headers etc.

**API Call** - Name given to the entire process of requesting information, retriving that information and delivering that info.

In [34]:
# basic request to the dog API
response = requests.get("https://api.github.com")

This inturn creates a ```Response``` object containing the response that we received.

In [35]:
# type of reponse
type(response)

requests.models.Response

* A **response** contains the relevant information that is returned by the server which includes the status code, the data, the header etc

In [36]:
# response
response

<Response [200]>

In [37]:
response.request

<PreparedRequest [GET]>

In [38]:
request = response.request
# url
request.url

'https://api.github.com/'

In [39]:
# url path
request.url

'https://api.github.com/'

In [40]:
# method
request.method

'GET'

In [41]:
request.headers

{'User-Agent': 'python-requests/2.28.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}

In [42]:
response

<Response [200]>

In [43]:
# response text
response.text

'{"current_user_url":"https://api.github.com/user","current_user_authorizations_html_url":"https://github.com/settings/connections/applications{/client_id}","authorizations_url":"https://api.github.com/authorizations","code_search_url":"https://api.github.com/search/code?q={query}{&page,per_page,sort,order}","commit_search_url":"https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}","emails_url":"https://api.github.com/user/emails","emojis_url":"https://api.github.com/emojis","events_url":"https://api.github.com/events","feeds_url":"https://api.github.com/feeds","followers_url":"https://api.github.com/user/followers","following_url":"https://api.github.com/user/following{/target}","gists_url":"https://api.github.com/gists{/gist_id}","hub_url":"https://api.github.com/hub","issue_search_url":"https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}","issues_url":"https://api.github.com/issues","keys_url":"https://api.github.com/user/keys","label_sear

In [44]:
# status code
response.status_code

200

In [45]:
# header
response.headers

{'Server': 'GitHub.com', 'Date': 'Sun, 13 Nov 2022 02:24:26 GMT', 'Cache-Control': 'public, max-age=60, s-maxage=60', 'Vary': 'Accept, Accept-Encoding, Accept, X-Requested-With', 'ETag': '"4f825cc84e1c733059d46e76e6df9db557ae5254f9625dfe8e1b09499c449438"', 'Access-Control-Expose-Headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset', 'Access-Control-Allow-Origin': '*', 'Strict-Transport-Security': 'max-age=31536000; includeSubdomains; preload', 'X-Frame-Options': 'deny', 'X-Content-Type-Options': 'nosniff', 'X-XSS-Protection': '0', 'Referrer-Policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', 'Content-Security-Policy': "default-src 'none'", 'Content-Type': 'application/json; charset=utf-8', 'X-GitHub-Media-Type': 'github.v3; format

## Status Codes

They are among one of the most important pieces of information to look for in any API response. They give feedback of you request ie if it was successful, it it's missing data, if you don't have permission to access that information among others.

Some of the status codes include
|Status Code|Response      |Description        |
|:---------:|:------------:|:------------------|
|200        | OK           | Your request was successful.|
|201        | CREATED      | Your request was accepted and the resource was created.|
|301        | REDIRECTED   | Server is redirecting you to a different endpoint.|
|400        | BAD REQUEST  | Server thinks you have made a bad request ie request is wrong or missing some info|
|401        | UNAUTHORIZED | Server thinks you are not authorized and require some additional permissions|
|403        | FORBIDDEN    | Resource trying to access is forbidden ie you don't have the right permission to see it|
|404        | NOT FOUND    | Resource requested does not exist on the server|

Making a basic request call to [TheDogApi](https://thedogapi.com/). 

In [46]:
# request 

url = "https://api.thedogapi.com/"
doq_response = requests.get(url)

In [47]:
# checking the status code
doq_response.status_code

200

In [48]:
# checking the status code response
doq_response.reason

'OK'

## HTTP Header

Gives the server more information about how to interpret the request.

They define the required information governing the request or the response.

|HTTP Header| Description |
|:----------|:------------|
|Accept     | Specify the type of content the client can accept|
|User-Agent | Contains info about the user agent originating the request ie the software the client is using to communicate with the server|
|Expect     | Indicates that a particular set of server behavior is required by the client|
|Content-type| Indicates the media type of the entity-body sent to the recipient ie what type of content server will respond with|
|Server| Contains information about the software used by the origin server to handle the request ie the software the server is using to communicate with the client.|

In [49]:
# using the dog api again
response = requests.get("https://api.thedogapi.com/")
response.headers

{'x-dns-prefetch-control': 'off', 'x-frame-options': 'SAMEORIGIN', 'strict-transport-security': 'max-age=15552000; includeSubDomains', 'x-download-options': 'noopen', 'x-content-type-options': 'nosniff', 'x-xss-protection': '1; mode=block', 'vary': 'Origin', 'content-type': 'application/json; charset=utf-8', 'x-response-time': '0ms', 'X-Cloud-Trace-Context': '97f9c870c67ac85498f9010c30775bf1', 'Date': 'Sun, 13 Nov 2022 02:24:31 GMT', 'Server': 'Google Frontend', 'Content-Length': '43'}

In [50]:
# the content type
response.headers.get("Content-Type")

'application/json; charset=utf-8'

You can read more about headers [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers).

## HTTP Methods

Different Methods, also referred to as ```verbs``` are used for specifying the type of action you want to execute, ie, what type of request is this.

They allow one to create, read, update and delete resources.

|HTTP Method|Description         |
|:---------:|:------------------:|
|GET| Retrieve Information.   |
|POST| Submit new information.    |
|PUT|Update an Existing Resource.|
|DELETE|Delete an Existing Resource.|

In [51]:
# testing using the cat API
url = "https://api.thecatapi.com/"

response = requests.delete("https://api.thecatapi.com/")

response.status_code

405

In [52]:
response.reason

'Method Not Allowed'

* Not all end points will actually allow you to use the POST, PUT or DELETE methods.

## Query Parameters

APIs may provide tons of infomation where, some may be very unnecessary.

Query Parameters will allow us to only extract certain information that is relevant to our program.

In [53]:
pass_url = "https://randomuser.me/api/"

response = requests.get(pass_url)

response.text

'{"results":[{"gender":"female","name":{"title":"Mrs","first":"Angelika","last":"Herbert"},"location":{"street":{"number":7369,"name":"Brunnenstraße"},"city":"Rastatt","state":"Sachsen","country":"Germany","postcode":43292,"coordinates":{"latitude":"-51.5036","longitude":"109.2731"},"timezone":{"offset":"-8:00","description":"Pacific Time (US & Canada)"}},"email":"angelika.herbert@example.com","login":{"uuid":"05a2b2bc-5e9b-43f4-9670-55e74660449a","username":"angrygoose385","password":"iceman","salt":"6LRn7s1A","md5":"b2d82c220c5303d159022c05cc0b0bdf","sha1":"8583b310d3ae1f61b9279cf8fce832d88bb9b1be","sha256":"221c628605ea94f618489e7ddc3a6d8b012113dc5ac93897029dde18c3d8a0e5"},"dob":{"date":"1995-07-26T02:14:34.345Z","age":27},"registered":{"date":"2011-04-11T06:05:23.680Z","age":11},"phone":"0340-2256409","cell":"0174-6248239","id":{"name":"SVNR","value":"44 250795 H 945"},"picture":{"large":"https://randomuser.me/api/portraits/women/28.jpg","medium":"https://randomuser.me/api/portrait

In [55]:
# using the parameter
response = requests.get(pass_url, params={"gender":"female"})

response.text

'{"results":[{"gender":"female","name":{"title":"Ms","first":"Renee","last":"Hughes"},"location":{"street":{"number":3550,"name":"Frances Ct"},"city":"Tallahassee","state":"North Dakota","country":"United States","postcode":96832,"coordinates":{"latitude":"87.8232","longitude":"105.6050"},"timezone":{"offset":"+5:00","description":"Ekaterinburg, Islamabad, Karachi, Tashkent"}},"email":"renee.hughes@example.com","login":{"uuid":"6ca54eaf-ddc9-4c90-a495-d994a64ed476","username":"organicfrog861","password":"daylight","salt":"Z1XKXJdz","md5":"a25451bae1810938230154e71b9643dc","sha1":"6fd13b81a81a5beae082be5d0faf394c2d606a24","sha256":"7519a44fc40a0a6eece2eae90872c5935286f63156ebf68f03f50af6d1428de8"},"dob":{"date":"1977-02-22T02:52:22.364Z","age":45},"registered":{"date":"2013-11-07T14:37:29.571Z","age":9},"phone":"(743) 982-4440","cell":"(914) 460-1976","id":{"name":"SSN","value":"680-79-3139"},"picture":{"large":"https://randomuser.me/api/portraits/women/25.jpg","medium":"https://randomu

## Authentication

Many APIs have inplace security measures to make sure that they aren't abused or used for malicious purposes.

For such example twitter, you will be required to create a developers account for authentication purposes.

Calling an API without credentials will return ```403 Forbiddent Status Code```.

### API Key

Used to identify the API user and trace your use of the API. They are the most common level of authentication while using APIs.

### Request with OAuth
From wikipedia, [OAuth](https://en.wikipedia.org/wiki/OAuth) (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

OAuth is a common standard used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to provide API access. "Auth" includes to two processes:
* **Authentication** - Verifying the user's identity.
* **Authorization** = Give the user access to a resource.