# Introduction to APIs (Application Programming Interfaces)

### Overview
An API (Application Programming Interface) is a set of rules and protocols that allows different software applications to communicate with each other. APIs define the methods and data formats that applications can use to request and exchange information.

### Key Concepts

- **Endpoints**: Specific URLs provided by the API where requests can be made.
- **Requests**: The act of asking for data or performing an action via the API.
- **Responses**: The data or result returned by the API after processing a request.
- **HTTP Methods**: Common methods include GET (retrieve data), POST (submit data), PUT (update data), and DELETE (remove data).
- **Authentication**: Mechanisms to verify the identity of the user or application making the request, such as API keys, OAuth tokens, or JWTs.
- **REST**: The architecture style of most modern APIs
- **Methods**: GET, POST, PUT, DELETE

[Python Request Package](https://requests.readthedocs.io/en/latest/user/quickstart/#make-a-request)

In [None]:
# pip install requests
import requests

# Making a request to an HTML page
r = requests.get("https://httpbin.org/html")
print(r)
print(type(r))
print(r.status_code)
print()
print(r.text)

In [None]:
# Gets are used to request data from a specified resource
from pprint import pprint
r = requests.get("https://httpbin.org/get")
print(r)
pprint(r.json())

In [None]:
# Posts are used to send data to a server
r = requests.post("https://httpbin.org/post", data={"user": "alice"})
pprint(r.json())

In [None]:
# Puts are used to update data
r = requests.put("https://httpbin.org/put", data={"user": "bob"})
pprint(r.json())

In [None]:
r = requests.delete("https://httpbin.org/delete")
pprint(r.json())

In [None]:
# Paramters with get requests
payload = {"key1": "value1", "key2": "value2"}
r = requests.get("https://httpbin.org/get", params=payload)
print(r)
print(r.url)
pprint(r.json())

In [None]:
# Custom headers
headers = {"Authorization":"Bearer 123"}
r = requests.get("https://httpbin.org/get", headers=headers)
pprint(r.json())
print()
print(r.headers)

In [None]:
# Authorization
from requests.auth import HTTPBasicAuth

r = requests.get('https://httpbin.org/basic-auth/user/pass', auth=HTTPBasicAuth('user', 'pass'))
print(r)
print(r.json())

# Introduction to JWTs (JSON Web Tokens)

### Overview
JSON Web Tokens (JWTs) are a compact, URL-safe means of representing claims to be transferred between two parties. They are commonly used for authentication and authorization in web applications.

### Structure of a JWT
A JWT consists of three parts separated by dots (`.`):
1. **Header**: Contains metadata about the token, such as the type of token and the hashing algorithm used.
2. **Payload**: Contains the claims, which are statements about an entity and additional data about the JWT like subject, or expiration time
3. **Signature**: Used to verify the authenticity of the token and ensure that the payload has not been tampered with.

### JWT Example
```json
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
```

### Component Example

**Header**
```json
{
  "alg": "HS256",
  "typ": "JWT"
}
```

**Payload Data**
```json
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}
```

**Signature**
```json
HMACSHA256(
    base64UrlEncode(header) + "." +
    base64UrlEncode(payload),
    your-256-bit-secret
)
```

In [None]:
# JWTs
# pip install pyjwt

import jwt

my_jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
print(my_jwt)
print()

# JWTs need decoded and verified
print(jwt.decode(my_jwt, algorithms=["HS256"], options={"verify_signature": False}))

In [None]:
import datetime

secret_key  = "my_super_secret_key"
payload = {
    "sub": "1234567890",
    "name": "John Doe",
    "iat": datetime.datetime.now(),
    "exp": datetime.datetime.now() + datetime.timedelta(days=1)
}

token = jwt.encode(payload, secret_key, algorithm="HS256")
print(token)

In [None]:
# Decode and verify the token

secret_key = "my_INCORRECT_secret_key"
try:
    decoded_payload = jwt.decode(token, secret_key, algorithms=["HS256"])
    print(decoded_payload)
except jwt.ExpiredSignatureError:
    print("Token has expired")
except jwt.InvalidTokenError:
    print("Invalid token")

In [None]:
# AbuseIPDB example