In [1]:
# USING AUTHENTICATED APIs
# APIs make an incredible amount of data available, and they make a good amount of that publicly available.
# As we discovered with the Free Crypto API, we can easily get cryptocurrency pricing information.
# Government organizations at all levels also tend to make their information freely accessible.
# Most companies and data providers, however, share information with particular people or trustworthy parties.
# Because an API request interacts with a company data server, it leaves the company vulnerable to data corruption, fraud, and abuse.
# To mitigate these issues, API providers secure their endpoints by providing access only to parties that they trust.

In [2]:
# ON THE JOB
# Most financial service companies provide access to their data via APIs to trustworthy customers and strategic partners.
# Because of the sensitivity of the data they manage, the APIs are typically authenticated APIs.
# The data that an authenticated API supplies tends to be of higher quality than that from a public API.
# For example, publicaly accessible APIs tend to supply stock pricing data on an industry standard 20-minute delay.
# Authenticated APIs might supply pricing data on only a 5-minute delay, or even in real time, it the API requires payment.

In [3]:
# SECURE YOUR API CALLS WITH API KEYS
# To access an authenticated API, a user must sign up for an API key.
# An API KEY is a token that serves as a credential (like a username/passowrd).
# This toke grants the user the privileges and permissions that they need to submit API requests to the company that issued the API KEY.
# Companies use API keys to monitor and control user requests and to receive compensation for their services and intellectual property.
# Because API keys detail the privileges and permissions for users, companies can programmatically disable or enable the API privileges.
# APIs that require keys will reject any request that doesn't include the API key.
# Some companies such as NASDAQ and Alpaca allow you to create an API key free of charge to access some data and services.
# However, you need to pay a fee to access the premium functions, like real-time asset pricing or volume data.
# Because API keys are unique identifiers 0 they identify the user submitting the API request.
# It's important that users protect their API keys. Do NOT make API keys available in public repositories (such as GitHub).
# The most professional method of protecting sensitive information like API keys is to use environment variables.

In [None]:
# WORK WITH ENVIRONMENT VARIABLES
# An ENVIRONMENT VARIABLE is a variable with associated values that you can use only inside a specific project or environment that exists on your local computer.
# The values of these variables include sensitive information, such as API keys.
# For example:
test_api_key = "aaBB3dEfgH1jKlmN0P"

# The professional standard for incorporating environment variables into a procram is to create an environment file (.env) in your project.
# This file holds the environment variables that you want to use for your local project.
# When you include a `.gitignore` file in your GitHub repo, you also protect the environment variables.
# The `.gitignore` file prevents the env file from being uploaded to your public repository.
# If your `.gitignore` file doesn't have `.env` listed inside, you need to add that line so that GitHub will exclude the environment file.
# To summarize, the enf file, which contains the API key info, is available on your local computer for use in your project.
# And the gitignore file ignores the env file, preventing it from being uploaded to the GitHub repo and exposing sensitive information.