# Application Programming Interface (API)

APIs allows 2 computers to communicate with each other and exchange information. It is the part of the server that receives requests and sends responses.


## APIs as a Way to Serve Customers

Servers can speak directly with clients to perform certain functions, process the request, and then respond with relevant information. It's not uncommon for development teams to break up their application into multiple servers that talk to each other via APIs. The servers that perform helper functions for the main application server are referred to as microservices.


## Applications

**_Application_** can refer to two definitions in the context of an API:

- ... a piece of software with a distinct function.
- ... the whole server, an entire app, or a small part of an app.

Simply, any piece of software that can be distinctly separated from its environment can be an application and, thus, have an API so that it can interact.

### 1. Weather Snippets

One common API usage example we come across on a daily basis is **_weather data_**.

Rich weather snippets are commonplace: Google Search, Apple's Weather app, and even smart home devices. Google isn't in the business of weather data, so this information is sourced from a third party. They do so by means of an API, which sends them the latest weather details.

### 2. Log In Using XYZ

Instead of logging-in to users' social media accounts, applications with this functionality leverage Twitter, Facebook, Linkedin and/or Google APIs to authenticate the user with each login. Every time the application loads, it uses the API to check if the user is already logged in by means of a social media platform.

### 3. Pay with XYZ

Payment APIs work similarly to those of social media APIs. The payment functionality is built with APIs to ensure that the end application can only do what it needs to do without exposing sensitive data or gaining access to unintended permissions.

### 4. Travel Booking

Travel booking sites aggregate thousands of flights and destinations to showcase the cheapest options. They often use third-party APIs to collect flight and hotel availabilities from providers.

They also allow users to book directly from their application. Travel services make use of APIs to quickly and autonomously exchange both data and requests--in this case, trip availabilities and reservation requests.

### 5. Customer Relationship Management

`Salesforce` Platform APIs are the most popular APIs in the world to power CRM needs. The ecosystem is built to be highly customizable, boasting a wide API library and extensive partner marketplace known as `AppExchange`. APIs are pivotal with helping to integrate third-party apps for data backups, form creation, Adobe tooling integration, process automation, and more.

### 6. Cloud-Based Collaboration

APIs are great for the cloud. They enable developers to design the UI and the backend separately. This is called `headless` development. Decoupling the two allows a service to support multiple platforms, like web, desktop, iOS, or Android with the same backend API.

### 7. Online Banking

The open banking movement, initially spurred by `PSD2`, is maturing. Open banking requires banks in certain geographic zones to open up financial consumer data for third parties to integrate with. These third parties could be financial account aggregators, stock applications, investment portfolios, or even insurance provider dashboards.

In comparison to screen-scraping, API integration is a safer, more standardized form of financial data integration.


# Introduction to `XML`

`Extensible Markup Language` is a standard to create information formats and electronically share structured data. It is slowly being replaced by `JSON`.


## What is XML?

- a markup language much like `HTML`
- designed to store and transport data
- designed to be self-descriptive
- a W3C recommendation


## XML Doesn't Do Anything

The `XML` above is self-descriptive:

- it has sender information
- it has receiver information
- it has a heading
- it has a message body

However, the XML doesn't do anything. It is just information wrapped in tags to be used by software to send, receive, store, or display it.

## The Difference Between XML and HTML

`XML` and `HTML` were designed with different goals:

- `XML` was designed to carry data
- `HTML` was designed to display data
- `XML` tags are not predefined like `HTML` tags

## XML Doesn't Use Predefined Tags

`XML` has no predefined tags. The tags in the example above (like `<to>` and `<from>`) are not defined in any `XML` standard. These tags are created by the author of the `XML` document who must define both the tags and the document structure.

## XML is Extensible

Most `XML` applications will work as expected even if new data is added or removed.

Imagine an application designed to display the original version of `note.xml` coded above. Then imagine a newer version of `note.xml` with added `<date>` and `<hour>` elements and a removed `<heading>`.

The way `XML` is constructed, the older version of the application can still work with the original software using it to send, receive, store, or display the information therein.


## XML Simplifies Things

- `XML` simplifies data sharing
- `XML` simplifies data transport
- `XML` simplifies platform changes
- `XML` simplifies data availability

Many computer systems contain data in incompatible formats. Exchanging data between incompatible systems (or upgraded systems) is a time-consuming task for web developers. Large amounts of data must be converted and incompatible data is often lost.

`XML` stores data in plain text format. This provides a way of storing, transporting, and sharing data independent from software and hardware. It also makes it easier to expand or upgrade to new operating systems, new applications, or new browsers without losing data.


# Introduction to `JSON`

`JSON` stands for JavaScript Object Notation. It is a subset of the JavaScript language and has gained popularity with the increasing popularity of the language.

Like `XML`, `JSON` is a text format for storing and transporting data, and it is _self-describing_ and easy to understand.


In [63]:
{"skills" : {
  "web" : [
    {"name" : "html",
    "years" : 5},
    {"name" : "css",
    "years": 3}
    ],
  "database" : [
    {"name" : "sql",
    "years" : 7}
    ]
  }
}

{'skills': {'web': [{'name': 'html', 'years': 5}, {'name': 'css', 'years': 3}],
  'database': [{'name': 'sql', 'years': 7}]}}

## What is `JSON`?
- `JSON` is a lightweight data-interchange format
- `JSON` is plain text written in JavaScript object notation
- `JSON` is used to send data between computers
- `JSON` is language independent
  - while `JSON` syntax is derived from JavaScript, the format itself is plain text and can be read and generated in many programming languages

## Why use `JSON`?
`JSON` is syntactically similar to the code for creating JavaScript objects. Because of this, JavaScript programs can easily convert `JSON` data into JavaScript objects.

- `JSON.parse()` is a built-in function for converting `JSON` strings into JavaScript objects.
- `JSON.stringify()` is a built-in function for converting an object into a `JSON` string.

## `JSON` is like `XML`
- Both are self-describing and human-readable
- Both are hierarchical (able to be nested)
- Both can be parsed and used by lots of programming languages
- Both can be passed around using HTTP request

## `JSON` is unlike `XML`
- `JSON` has a tag name only at the beginning of an element, resulting in a smaller size
- `JSON` is less verbose
- `JSON` can include arrays, which leads to even smaller file sizes
- `JSON` can't use reserved words from JavaScript as tags

# Environment Variables
Environment variables are a commonly used tool for storing sensitive information, such as credentials and API keys. They are stored outside of the codebase, usually in the server's environment, and can be referenced in the code as needed. This helps to prevent sensitive information from being accidentally leaked or exposed in the event of a codebase search.

Proper security measures must be taken to ensure that the environment variables are secure. This may include implementing access controls, encryption, and monitoring for unauthorized access. Additionally, it's important to keep the environment variables updated and to rotate them regularly to minimize the risk of exposure.

# APIs in Python

In [64]:
from dotenv import load_dotenv
load_dotenv()

import pandas as pd
import requests
import os

In [65]:
FOURSQUARE_API_KEY = os.environ["FOURSQUARE_API_KEY"]
FOURSQUARE_CLIENT_ID = os.environ["FOURSQUARE_CLIENT_ID"]
FOURSQUARE_CLIENT_SECRET = os.environ["FOURSQUARE_CLIENT_SECRET"]

location = "Toronto,Canada"

In [66]:
url = "https://api.foursquare.com/v3/places/search"
params = {"near" : location}
headers = {
  "Accept" : "application/json",
  "Authorization" : FOURSQUARE_API_KEY}

result = requests.get(url, params=params, headers=headers)

In [67]:
df = pd.DataFrame(result.json()['results'])
df.head(5)

Unnamed: 0,fsq_id,categories,chains,distance,geocodes,link,location,name,related_places,timezone
0,4fdc0e98e4b05197cd14912b,"[{'id': 13003, 'name': 'Bar', 'icon': {'prefix...",[],457,"{'main': {'latitude': 43.703712, 'longitude': ...",/v3/places/4fdc0e98e4b05197cd14912b,"{'address': '508 Eglinton Ave W', 'country': '...",The Abbot on Eglinton,{},America/Toronto
1,4b0afc19f964a520212b23e3,"[{'id': 16000, 'name': 'Landmarks and Outdoors...",[],1304,"{'main': {'latitude': 43.678243, 'longitude': ...",/v3/places/4b0afc19f964a520212b23e3,"{'address': '100 Glen Rd', 'country': 'CA', 'c...",Cedarvale Park,{'children': [{'fsq_id': '61c4f0b4e565fe05c757...,America/Toronto
2,502e3a9e90e75889381c35ef,"[{'id': 13097, 'name': 'Caribbean Restaurant',...",[],1437,"{'main': {'latitude': 43.709032, 'longitude': ...",/v3/places/502e3a9e90e75889381c35ef,"{'address': '211 Yonge St', 'country': 'CA', '...",Ritz Caribbean Foods,{},America/Toronto
3,4aec6b7df964a520e0c621e3,"[{'id': 13035, 'name': 'Coffee Shop', 'icon': ...",[{'id': 'ab4c54c0-d68a-012e-5619-003048cad9da'...,1850,"{'main': {'latitude': 43.710897, 'longitude': ...",/v3/places/4aec6b7df964a520e0c621e3,"{'address': '2451 Yonge St', 'country': 'CA', ...",Starbucks,{},America/Toronto
4,544d3b30498e333e2fa24c53,"[{'id': 13034, 'name': 'Café', 'icon': {'prefi...",[],2058,"{'main': {'latitude': 43.707949, 'longitude': ...",/v3/places/544d3b30498e333e2fa24c53,"{'address': '174 Eglinton Ave E', 'country': '...",Istanbul Cafe & Espresso Bar,{},America/Toronto


## Types of APIs
There are three types: `ownership`, `communication`, and `web service`.

#### Ownership Type
- `Open` APIs: These APIs are publicly available to use and generally unrestricted. Also known as `Public` APIs.
- `Partner` APIs: These APIs require specific rights or licenses, which are often tied to paid services or subscriptions.
- `Internal` APIs: These are developed by companies to use for internal systems. Also known as `Private` APIs.
- `Composite` APIs

#### Communication Type
- `High-Level`: Often presented in REST form. High-level of abstraction with limited functionality.
- `Low-level`: Allows users to manipulate functions within an application module or within hardware at a granular level. Often used to send real-time video or media feed in response to a trigger.

#### Web Service Type
Web service APIs are classified on their behavioral approach. There are 4 kinds:
- `SOAP` Simple Object Access Protocol offers comprehensive security, built-in ACID (Atomicity, Consistency, Isolation, and Durability) compliance and retry logic for reliable messaging functionality. Suitable for enterprise applications dealing with banking transactions, LDAP interaction, and more. Uses XML format for transferring structured, function-driven information. For security, SOAP calls cannot be cached and has strict communication protocols that makes it more difficult to make changes and updates.
- `XML-RPC` Extensible Markup Language - Remote Procedure Calls is a protocol that uses a specific XML format to transfer data. Simpler and older than SOAP.
- `JSON-RPC` JSON - Remote Procedure Calls is a protocol that uses JSON format to transfer data. RPC calls are one of the methods that are used by services to communicate in a microservice architecture.
- `REST` Representational State Transfer is a data-driven architectural style used to build REST APIs. REST APIs are based on URI's (Uniform Resource Identifier) HTTP protocol and uses JSON for data formatting, making it browser-agnostic. REST APIs are also easy to build and scale. REST APIs do not store any state about the client session on the server. This restriction is what makes it stateless. Each request from the client to server must contain all of the information necessary to understand the request, and it cannot take advantage of any stored context on the server.

