# Application Programming Interface (API)

APIs allows 2 computers to communicate with each other and exchange information. It is the part of the server that receives requests and sends responses.


## APIs as a Way to Serve Customers

Servers can speak directly with clients to perform certain functions, process the request, and then respond with relevant information. It's not uncommon for development teams to break up their application into multiple servers that talk to each other via APIs. The servers that perform helper functions for the main application server are referred to as microservices.


## Applications

**_Application_** can refer to two definitions in the context of an API:

- ... a piece of software with a distinct function.
- ... the whole server, an entire app, or a small part of an app.

Simply, any piece of software that can be distinctly separated from its environment can be an application and, thus, have an API so that it can interact.

### 1. Weather Snippets

One common API usage example we come across on a daily basis is **_weather data_**.

Rich weather snippets are commonplace: Google Search, Apple's Weather app, and even smart home devices. Google isn't in the business of weather data, so this information is sourced from a third party. They do so by means of an API, which sends them the latest weather details.

### 2. Log In Using XYZ

Instead of logging-in to users' social media accounts, applications with this functionality leverage Twitter, Facebook, Linkedin and/or Google APIs to authenticate the user with each login. Every time the application loads, it uses the API to check if the user is already logged in by means of a social media platform.

### 3. Pay with XYZ

Payment APIs work similarly to those of social media APIs. The payment functionality is built with APIs to ensure that the end application can only do what it needs to do without exposing sensitive data or gaining access to unintended permissions.

### 4. Travel Booking

Travel booking sites aggregate thousands of flights and destinations to showcase the cheapest options. They often use third-party APIs to collect flight and hotel availabilities from providers.

They also allow users to book directly from their application. Travel services make use of APIs to quickly and autonomously exchange both data and requests--in this case, trip availabilities and reservation requests.

### 5. Customer Relationship Management

`Salesforce` Platform APIs are the most popular APIs in the world to power CRM needs. The ecosystem is built to be highly customizable, boasting a wide API library and extensive partner marketplace known as `AppExchange`. APIs are pivotal with helping to integrate third-party apps for data backups, form creation, Adobe tooling integration, process automation, and more.

### 6. Cloud-Based Collaboration

APIs are great for the cloud. They enable developers to design the UI and the backend separately. This is called `headless` development. Decoupling the two allows a service to support multiple platforms, like web, desktop, iOS, or Android with the same backend API.

### 7. Online Banking

The open banking movement, initially spurred by `PSD2`, is maturing. Open banking requires banks in certain geographic zones to open up financial consumer data for third parties to integrate with. These third parties could be financial account aggregators, stock applications, investment portfolios, or even insurance provider dashboards.

In comparison to screen-scraping, API integration is a safer, more standardized form of financial data integration.


# Introduction to `XML`

`Extensible Markup Language` is a standard to create information formats and electronically share structured data. It is slowly being replaced by `JSON`.


## What is XML?

- a markup language much like `HTML`
- designed to store and transport data
- designed to be self-descriptive
- a W3C recommendation


## XML Doesn't Do Anything

The `XML` above is self-descriptive:

- it has sender information
- it has receiver information
- it has a heading
- it has a message body

However, the XML doesn't do anything. It is just information wrapped in tags to be used by software to send, receive, store, or display it.

## The Difference Between XML and HTML

`XML` and `HTML` were designed with different goals:

- `XML` was designed to carry data
- `HTML` was designed to display data
- `XML` tags are not predefined like `HTML` tags

## XML Doesn't Use Predefined Tags

`XML` has no predefined tags. The tags in the example above (like `<to>` and `<from>`) are not defined in any `XML` standard. These tags are created by the author of the `XML` document who must define both the tags and the document structure.

## XML is Extensible

Most `XML` applications will work as expected even if new data is added or removed.

Imagine an application designed to display the original version of `note.xml` coded above. Then imagine a newer version of `note.xml` with added `<date>` and `<hour>` elements and a removed `<heading>`.

The way `XML` is constructed, the older version of the application can still work with the original software using it to send, receive, store, or display the information therein.


## XML Simplifies Things

- `XML` simplifies data sharing
- `XML` simplifies data transport
- `XML` simplifies platform changes
- `XML` simplifies data availability

Many computer systems contain data in incompatible formats. Exchanging data between incompatible systems (or upgraded systems) is a time-consuming task for web developers. Large amounts of data must be converted and incompatible data is often lost.

`XML` stores data in plain text format. This provides a way of storing, transporting, and sharing data independent from software and hardware. It also makes it easier to expand or upgrade to new operating systems, new applications, or new browsers without losing data.


# Introduction to `JSON`

`JSON` stands for JavaScript Object Notation. It is a subset of the JavaScript language and has gained popularity with the increasing popularity of the language.

Like `XML`, `JSON` is a text format for storing and transporting data, and it is _self-describing_ and easy to understand.


In [143]:
{"skills" : {
  "web" : [
    {"name" : "html",
    "years" : 5},
    {"name" : "css",
    "years": 3}
    ],
  "database" : [
    {"name" : "sql",
    "years" : 7}
    ]
  }
}

{'skills': {'web': [{'name': 'html', 'years': 5}, {'name': 'css', 'years': 3}],
  'database': [{'name': 'sql', 'years': 7}]}}

## What is `JSON`?
- `JSON` is a lightweight data-interchange format
- `JSON` is plain text written in JavaScript object notation
- `JSON` is used to send data between computers
- `JSON` is language independent
  - while `JSON` syntax is derived from JavaScript, the format itself is plain text and can be read and generated in many programming languages

## Why use `JSON`?
`JSON` is syntactically similar to the code for creating JavaScript objects. Because of this, JavaScript programs can easily convert `JSON` data into JavaScript objects.

- `JSON.parse()` is a built-in function for converting `JSON` strings into JavaScript objects.
- `JSON.stringify()` is a built-in function for converting an object into a `JSON` string.

## `JSON` is like `XML`
- Both are self-describing and human-readable
- Both are hierarchical (able to be nested)
- Both can be parsed and used by lots of programming languages
- Both can be passed around using HTTP request

## `JSON` is unlike `XML`
- `JSON` has a tag name only at the beginning of an element, resulting in a smaller size
- `JSON` is less verbose
- `JSON` can include arrays, which leads to even smaller file sizes
- `JSON` can't use reserved words from JavaScript as tags

# Environment Variables
Environment variables are a commonly used tool for storing sensitive information, such as credentials and API keys. They are stored outside of the codebase, usually in the server's environment, and can be referenced in the code as needed. This helps to prevent sensitive information from being accidentally leaked or exposed in the event of a codebase search.

Proper security measures must be taken to ensure that the environment variables are secure. This may include implementing access controls, encryption, and monitoring for unauthorized access. Additionally, it's important to keep the environment variables updated and to rotate them regularly to minimize the risk of exposure.

# APIs in Python

In [144]:
from dotenv import load_dotenv
load_dotenv()

import pandas as pd
import requests
import os

In [145]:
FOURSQUARE_API_KEY = os.environ["FOURSQUARE_API_KEY"]
FOURSQUARE_CLIENT_ID = os.environ["FOURSQUARE_CLIENT_ID"]
FOURSQUARE_CLIENT_SECRET = os.environ["FOURSQUARE_CLIENT_SECRET"]

location = "Toronto,Canada"

In [146]:
url = "https://api.foursquare.com/v3/places/search"
params = {"near" : location}
headers = {
  "Accept" : "application/json",
  "Authorization" : FOURSQUARE_API_KEY}

result = requests.get(url, params=params, headers=headers)

In [147]:
df = pd.DataFrame(result.json()['results'])
df.head(5)

Unnamed: 0,fsq_id,categories,chains,distance,geocodes,link,location,name,related_places,timezone
0,4fdc0e98e4b05197cd14912b,"[{'id': 13003, 'name': 'Bar', 'icon': {'prefix...",[],457,"{'main': {'latitude': 43.703712, 'longitude': ...",/v3/places/4fdc0e98e4b05197cd14912b,"{'address': '508 Eglinton Ave W', 'country': '...",The Abbot on Eglinton,{},America/Toronto
1,4b0afc19f964a520212b23e3,"[{'id': 16000, 'name': 'Landmarks and Outdoors...",[],1304,"{'main': {'latitude': 43.678243, 'longitude': ...",/v3/places/4b0afc19f964a520212b23e3,"{'address': '100 Glen Rd', 'country': 'CA', 'c...",Cedarvale Park,{'children': [{'fsq_id': '61c4f0b4e565fe05c757...,America/Toronto
2,502e3a9e90e75889381c35ef,"[{'id': 13097, 'name': 'Caribbean Restaurant',...",[],1437,"{'main': {'latitude': 43.709032, 'longitude': ...",/v3/places/502e3a9e90e75889381c35ef,"{'address': '211 Yonge St', 'country': 'CA', '...",Ritz Caribbean Foods,{},America/Toronto
3,4aec6b7df964a520e0c621e3,"[{'id': 13035, 'name': 'Coffee Shop', 'icon': ...",[{'id': 'ab4c54c0-d68a-012e-5619-003048cad9da'...,1850,"{'main': {'latitude': 43.710897, 'longitude': ...",/v3/places/4aec6b7df964a520e0c621e3,"{'address': '2451 Yonge St', 'country': 'CA', ...",Starbucks,{},America/Toronto
4,544d3b30498e333e2fa24c53,"[{'id': 13034, 'name': 'Café', 'icon': {'prefi...",[],2058,"{'main': {'latitude': 43.707949, 'longitude': ...",/v3/places/544d3b30498e333e2fa24c53,"{'address': '174 Eglinton Ave E', 'country': '...",Istanbul Cafe & Espresso Bar,{},America/Toronto


## Types of APIs
There are three types: `ownership`, `communication`, and `web service`.

#### Ownership Type
- `Open` APIs: These APIs are publicly available to use and generally unrestricted. Also known as `Public` APIs.
- `Partner` APIs: These APIs require specific rights or licenses, which are often tied to paid services or subscriptions.
- `Internal` APIs: These are developed by companies to use for internal systems. Also known as `Private` APIs.
- `Composite` APIs

#### Communication Type
- `High-Level`: Often presented in REST form. High-level of abstraction with limited functionality.
- `Low-level`: Allows users to manipulate functions within an application module or within hardware at a granular level. Often used to send real-time video or media feed in response to a trigger.

#### Web Service Type
Web service APIs are classified on their behavioral approach. There are 4 kinds:
- `SOAP` Simple Object Access Protocol offers comprehensive security, built-in ACID (Atomicity, Consistency, Isolation, and Durability) compliance and retry logic for reliable messaging functionality. Suitable for enterprise applications dealing with banking transactions, LDAP interaction, and more. Uses XML format for transferring structured, function-driven information. For security, SOAP calls cannot be cached and has strict communication protocols that makes it more difficult to make changes and updates.
- `XML-RPC` Extensible Markup Language - Remote Procedure Calls is a protocol that uses a specific XML format to transfer data. Simpler and older than SOAP.
- `JSON-RPC` JSON - Remote Procedure Calls is a protocol that uses JSON format to transfer data. RPC calls are one of the methods that are used by services to communicate in a microservice architecture.
- `REST` Representational State Transfer is a data-driven architectural style used to build REST APIs. REST APIs are based on URI's (Uniform Resource Identifier) HTTP protocol and uses JSON for data formatting, making it browser-agnostic. REST APIs are also easy to build and scale. REST APIs do not store any state about the client session on the server. This restriction is what makes it stateless. Each request from the client to server must contain all of the information necessary to understand the request, and it cannot take advantage of any stored context on the server.



## What is REST?
> `REST` was defined by Roy Fielding, a computer scientist. He presented the `REST` principles in his PhD dissertation in 2000.

`REST` depends on two important components:
- `client`: a person or software that uses or calls an API.
- `resource`: any object the API can provide information about, like a user, a photo, or a hashtag. Each resource has a unique identifier. The identifier can be a name or a number.

A `REST`-ful web application exposes information about itself in the form of information about its resources. It also enables the client to take actions on those resources, such as create new resources or change existing resources. However, a `REST`-ful API is constrained to ensure that it is easy to use and easier to discover.

> `REST` stands for **RE**presentational **S**tate **T**ransfer. When a `REST`-ful API is called, the server will *transfer* to the client a *representation* of the *state* of the requested resource. The representation of the state can be in a `JSON` format, but it can also be in `XML` or `HTML` format.

What the server does when its called depends on 2 things:
1. An identifier for the resource called. This is the URL for the resource, also known as the **endpoint**. Hence, the monicker `Uniform Resource Locator`.
2. The operation to perform on that resource, in the form of an `HTTP` method or verb. The common `HTTP` methods are `GET`, `POST`, `PUT`, and `DELETE`.

The constraints:
- Uniform interface
- Client-server separation
- Stateless
- Layered system
- Cache-able
- Code-on-Demand

### Uniform Interface
1. The `request` to the server has to include a resource identifier.
2. The `response` returned includes enough information so the client can modify the resource.
3. Each `request` to the API contains all the information the server needs to perform the `request`, and each `response` returned contains all the information the client needs to understand the response.
4. `hypermedia` as the engine of the application site. This refers to the `hyperlinks` or `links` that the server can include in the `response`. This allows the sever to inform the client of the ways to change the state of the web application. This response will include tags with links to other resources as nodes or states

### Client-Server Separation
The client and the server act independently. The interaction between them is limited to requests and responses. The server doesn't respond if a request isn't made.

### Stateless
Stateless means the server does not remember anything about the user who uses the API. It doesn't have any memory of previous requests, and as such, each request is contextless. But that also means each request must contain all the information the server needs to perform the request and return a response.

### Layered System
Between the client who requests a representation of a resource's state and the server sending the response back, there may be a number of intermediary servers that provide different functions called layers. This may be security layers, caching layers, load-balancing layers, etc. The layers do not add or subtract from teh request nor the response. The client is agnostic to the layers in both function and quantity.

### Cache-able
The date the server sends contain information about whether or not the data is cache-able. If it is, it may contain versioning. The version number is what makes caching possible. Because the client knows which version of the data it already has, the client can avoid requesting the same data again and again. The client should also know if the current version of the data is expired, in which case the client will know it should send another request to the server to get the most updated data about the state of a resource.

### Code-On-Demand (Optional)
APIs can be REST-ful without providing code-on-demand. The client can request code from the server, and then the response from the server will contain some code, usually in the form of a script when the response is in `HTML` format. The client can then execute the code.

# `requests`
The `requests` library is the de-facto standard for making HTTP requests in Python. It abstracts the complexities of making requests behind a simple API to make interaction and consumption of application data convenient.

### `GET` Requests

In [148]:
import requests

url = "https://api.github.com"

requests.get(url)

<Response [200]>

### The `Response`
A `Response` is an object for inspecting the results of the `requests`.

In [149]:
# storing the value of the results from the request
response = requests.get(url)

In [150]:
# using the response status code
if response.status_code == 200:
  print("Success!")
elif response.status_code == 400:
  print("Not found.")

Success!


`requests` can go a step further by simplifying this process. If `Response` is used in a conditional, it will evaluate to `True` if the status code is between `200` to `400` and `False` otherwise. This will not verify the status code--which deals with the status of the response--but an error in the connection itself.

In [151]:
# using response itself
if response:
  print("Success!")
else:
  print("An error has occurred.")

Success!


To raise an exception if the `request` was unsuccessful, call the `.raise_for_status()` instead. An `HTTPError` is raised for certain status codes (in this case: 404).  

In [152]:
from requests.exceptions import HTTPError

for url in ['https://api.github.com', 'https://api.github.com/invalid']:
  try:
    response = requests.get(url)
    print(response.status_code)
    response.raise_for_status()
  except HTTPError as http_err:
    print(f"HTTP error occurred: {http_err}") # Python 3.6
  except Exception as err:
    print(f"Other error occurred: {err}") # Python 3.6
  else:
    print("Success!")

200
Success!
404
HTTP error occurred: 404 Client Error: Not Found for url: https://api.github.com/invalid


### Content
The response of a `GET` request contains the payload (valuable information) in the message body. Using the attributes and methods of `Response`, the payload can be viewed in a variety of formats.

In [153]:
url = 'https://api.github.com/'
response = requests.get(url)
print(response.status_code)
print(response.content) # access to the raw bytes of the response payload
print(response.text) # access to the response payload as a string, encoded with UTF-8
response.json() # access to the response payload as a JSON

200
b'{\n  "current_user_url": "https://api.github.com/user",\n  "current_user_authorizations_html_url": "https://github.com/settings/connections/applications{/client_id}",\n  "authorizations_url": "https://api.github.com/authorizations",\n  "code_search_url": "https://api.github.com/search/code?q={query}{&page,per_page,sort,order}",\n  "commit_search_url": "https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}",\n  "emails_url": "https://api.github.com/user/emails",\n  "emojis_url": "https://api.github.com/emojis",\n  "events_url": "https://api.github.com/events",\n  "feeds_url": "https://api.github.com/feeds",\n  "followers_url": "https://api.github.com/user/followers",\n  "following_url": "https://api.github.com/user/following{/target}",\n  "gists_url": "https://api.github.com/gists{/gist_id}",\n  "hub_url": "https://api.github.com/hub",\n  "issue_search_url": "https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}",\n  "issues_url": "https://

{'current_user_url': 'https://api.github.com/user',
 'current_user_authorizations_html_url': 'https://github.com/settings/connections/applications{/client_id}',
 'authorizations_url': 'https://api.github.com/authorizations',
 'code_search_url': 'https://api.github.com/search/code?q={query}{&page,per_page,sort,order}',
 'commit_search_url': 'https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}',
 'emails_url': 'https://api.github.com/user/emails',
 'emojis_url': 'https://api.github.com/emojis',
 'events_url': 'https://api.github.com/events',
 'feeds_url': 'https://api.github.com/feeds',
 'followers_url': 'https://api.github.com/user/followers',
 'following_url': 'https://api.github.com/user/following{/target}',
 'gists_url': 'https://api.github.com/gists{/gist_id}',
 'hub_url': 'https://api.github.com/hub',
 'issue_search_url': 'https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}',
 'issues_url': 'https://api.github.com/issues',
 'keys_url': '

### Headers
The `response` headers can provide useful information additional to the `content` such as the `content-type`, `server` information, `date`, etc.

In [154]:
print(response.headers["Content-Type"])
print(response.headers["content-type"]) # case-insensitive

application/json; charset=utf-8
application/json; charset=utf-8


### Query String Parameters
One common way to customize a `GET` request is to pass values through parameters in the URL. To do this using `get`, `params` data is passed.

In [155]:
# define parameters
url = "https://api.github.com/search/repositories"
params = { "q" : "requests+language:python" }

# GET request
response = requests.get(url, params=params)

json_res = response.json()
repository = json_res["items"][0]
print(f"Repository name: {repository['name']}")
print(f"Repository description: {repository['description']}")

Repository name: grequests
Repository description: Requests + Gevent = <3


### Request Headers
To customize headers, pass a `dict` of HTTP headers to `get` using the `headers` parameter. The `Accept` header tells the server what `content-types` the application can handle.Let's highlight matching search terms in the results by specifying the `text-match` media type in the `Accept` header using a proprietary GitHub `Accept` header where the content is a special `JSON` format:

In [156]:
headers = { "Accept" : "application/vnd.github.v3.text-match+json" }

response = requests.get(
  url,
  params=params,
  headers=headers)

# view the new `text-matches` array which provides information about your search term within the results
json_res = response.json()
repository = json_res["items"][0]
print(f"Text matches: {repository['text_matches']}")

Text matches: [{'object_url': 'https://api.github.com/repositories/4290214', 'object_type': 'Repository', 'property': 'description', 'fragment': 'Requests + Gevent = <3', 'matches': [{'text': 'Requests', 'indices': [0, 8]}]}]


### Other HTTP Methods
Aside from `GET`, other popular HTTP methods include `POST`, `PUT`, `DELETE`, `HEAD`, `PATCH`, and `OPTIONS`. `requests` provides equivalent methods for each of these HTTP methods. And for each function call that makes these requests, they can be inspected in the same way that a `GET` method is inspected.

In [157]:
requests.post('https://httpbin.org/post', data={'key':'value'})
requests.put('https://httpbin.org/put', data={'key':'value'})
requests.delete('https://httpbin.org/delete')
requests.head('https://httpbin.org/get')
requests.patch('https://httpbin.org/patch', data={'key':'value'})
requests.options('https://httpbin.org/get')

<Response [200]>

In [158]:
response = requests.head('https://httpbin.org/get')
response.headers['Content-Type']

'application/json'

In [159]:
response = requests.delete('https://httpbin.org/delete')
json_response = response.json()
json_response['args']

{}

### The Message Body
According to the HTTP specification, `POST`, `PUT`, and the less common `PATCH` requests pass their data through the message body rather than through parameters in the query string. But using `requests`, the payload can be passed to the corresponding function's `data` parameter.


`data` takes a dictionary, a list of tuples, bytes, or a file-like object. It depends on the needs of the service. However, if the data is a `JSON` format, the `json` parameter can be used. `requests` will automatically serialize the data and add the correct `Content-Type` header to interpret the data.

In [160]:
# passing data as dicts and list tuples
requests.post('https://httpbin.org/post', data={'key':'value'})
requests.post('https://httpbin.org/post', data=[('key','value')])

# passing data in json format
response = requests.post('https://httpbin.org/post', json={"key":"value"})
json_response = response.json()
print(json_response["data"])
print(json_response["headers"]["Content-Type"])

{"key": "value"}
application/json


The `response` indicates that the request data and headers were received. `requests` also provides this information in the form of a `PreparedRequest`.

### Inspecting the Request
When making requests, the `requests` library prepares the request before sending it to the destination server. Request preparation includes things like validating headers and serializing JSON content.

In [161]:
response = requests.post('https://httpbin.org/post', json={'key' : 'value'})
print(response.request.headers['Content-Type'])
print(response.request.url)
print(response.request.body)

application/json
https://httpbin.org/post
b'{"key": "value"}'


Inspecting the `PreparedRequest` gives access to all kinds of information about the `request` being made such as payload, URL, headers, authentication, and more.

### Authentication
Credentials are provided to a server by passing data through the `Authorization` header or a custom header defined by the service. All the `request` functions provide a parameter called `auth`, which allows the client to pass credential data.

> The `getpass()` module prompts the user for `str` information to pass in place of where it is called.

In [162]:
from getpass import getpass
requests.get('https://api.github.com/user', auth=('username', getpass()))

<Response [401]>

When a username and password in a tuple to the `auth` parameter, `requests` is applying the credentials using HTTP's `basic access authentication scheme` in the background. The same request can be made by passing explicit Basic authentication credentials using `HTTPBasicAuth`.

In [163]:
from requests.auth import HTTPBasicAuth
from getpass import getpass

requests.get(
  'http://api.github.com/user',
  auth=HTTPBasicAuth('username', getpass())
)

<Response [401]>

`requests` provides other methods of authentication out of the box such as `HTTPDigestAuth` and `HTTPProxyAuth`. A custom authentication mechanism can also be implemented by creating a subclass of `AuthBase` and implementing the function, `__call__()`, inside the subclass.

In [166]:
from requests.auth import AuthBase

class TokenAuth(AuthBase):
  """Implements a custom authentication scheme."""
  
  def __init__(self, token):
    self.token = token
  
  def __call__(self, r):
    """Attach an API token to a custom auth header."""
    r.headers['X-TokenAuth'] = f'{self.token}'
    return r

requests.get('https://httpbin.org/get', auth=TokenAuth('12345abcde-token'))

<Response [200]>

The `TokenAuth` mechanism receives a `token`, then includes that `token` in the `X-TokenAuth` header of the request. However, bad authentication mechanisms can lead to security vulnerabilities. Unless a service requires a custom authentication mechanism, it is best to use a tested `auth` scheme such as `Basic` or `OAuth`.

### SSL Certificate Verification
If data being sent is sensitive, security is important. Communicating with secure sites over HTTP requires establishing encrypted connections using `SSL`. `requests` does this by default. However, it may be prudent to change this behavior for specific use-cases. To disable `SSL` Certificate verification:

In [167]:
requests.get('https://api.github.com', verify=False)



<Response [200]>

`requests` will throw a warning whenever an insecure request is made to ensure that the data passed remains secure.

### Performance
When using `requests`, it's important to consider performance implications. Features such as timeout control, sessions, and retry limits can help keep applications running smoothly.

##### Timeouts
When requests are made to an external service, the client will need to wait for the response before moving on. If the application waits too long, requests can backlog, user experience could suffer, and background jobs can hang.

By default, `requests` will wait indefinitely on the response. It is prudent to specify a `timeout` duration to prevent such issues from surfacing. To set a timeout, a `timeout` parameter can be specified. This parameter is an integer or a float representing the number of seconds to wait on a response before timing out.

In [169]:
requests.get('https://api.github.com', timeout=1) # 1 second timeout
requests.get('https://api.github.com', timeout=3.05) # 3.05 second timeout

<Response [200]>

Passing a `tuple` allows the user to specify the following: `(connect timeout, read timeout)`.
- `connect timeout` is the time it allows for the client to establish a connection to the server.
- `read timeout` is the time it will wait on a response once the client has established a connection.

In [170]:
requests.get('https://api.github.com', timeout=(2, 5))

<Response [200]>

If the request times out, then the function will raise a `Timeout` exception:

In [171]:
from requests.exceptions import Timeout

try:
  response = requests.get('https://api.github.com', timeout=1)
except Timeout:
  print('The request timed out.')
else:
  print('The request did not time out.')

The request did not time out.


##### The Session Object
`get()` and `post()` methods are high-level `requests` APIs. These functions are abstractions of the request function. They hide implementation details purposefully to simplify the request process. Underneath those abstractions is a class called `Session`. To fine-tune control over how requests are being made or improve the performance of requests, the `Session` instance can be used directly.

`Sessions` are used to persist parameters across requests.

> A `context-manager` is formatted using the `with` keyword. It is used to initialize a session, perform methods and set attributes with the open session, then close the session automatically as the program flows outside of the `context-manager` block. The manager ensures that memory holding the buffer required to initialize a session and keep it open is eventually closed. If the session is not closed, the buffer is held in memory and each subsequent session opened will add to the memory burden and cause a memory leak.

In [173]:
# by using a context manager, it can be ensured that the resources used by the session will be released after use
with requests.Session() as session:
  session.auth = ('username', getpass())
  
  # instead of requests.get()...
  response = session.get('https://api.github.com/user')
  
# response can be inspected like before
print(response.headers)
print(response.json())
print(session.auth) # session parameters persist outside of the context manager

{'Server': 'GitHub.com', 'Date': 'Thu, 03 Aug 2023 01:00:43 GMT', 'Content-Type': 'application/json; charset=utf-8', 'Content-Length': '127', 'X-GitHub-Media-Type': 'github.v3; format=json', 'x-github-api-version-selected': '2022-11-28', 'X-RateLimit-Limit': '60', 'X-RateLimit-Remaining': '58', 'X-RateLimit-Reset': '1691027742', 'X-RateLimit-Used': '2', 'X-RateLimit-Resource': 'core', 'Access-Control-Expose-Headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset', 'Access-Control-Allow-Origin': '*', 'Strict-Transport-Security': 'max-age=31536000; includeSubdomains; preload', 'X-Frame-Options': 'deny', 'X-Content-Type-Options': 'nosniff', 'X-XSS-Protection': '0', 'Referrer-Policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', 'Content-S

Each time a request is made with `session` and initialized with authentication credentials, the credentials will be persisted.

The primary performance optimization of sessions comes in the form of persistent connections. When the application makes a connection to a server using a `Session`, it keeps that connection around in a connection pool. When the application connects to the same server again, it will reuse a connection from the pool rather than establishing a new one.

##### Max Retries
When a `request` fails, the application may retry the same `request`. To specify this functionality, a custom `Transport Adapter` will need to be implemented. `Transport Adapters` allows a user to define a set of configurations specific to a service call.

In [176]:
from requests.adapters import HTTPAdapter
from requests.exceptions import ConnectionError

github_adapter = HTTPAdapter(max_retries=3)

with requests.Session() as session:
  session.mount('https://api.github.com', github_adapter)
  
  try:
    session.get('https://api.github.com')
    print("Successfully connected!")
  except ConnectionError as ce:
    print(ce)

Successfully connected!


>Mounting can be interpreted as attaching a condition to the session being mounted. In this case, the `session` will adhere to the condition placed upon it by the HTTPAdapter module, which restricts whatever it is mounted to with a `max_retries` parameter equal to 3. 