## Lecture - 1

In this lecture we will talk about different authentication and authorization schemes which are available to us. 

There are many web services which first require an authentication before they allow any access to their resources. 

### HTTP Basic Authentication  : 

This is the simplest way to authenticate ourselves in order to access resources from web services (APIs). 

In this authentication system, we just need to pass our username and password along with the url while making the API call. 

The syntax is : 

#### requests.get('url', auth = HTTPBasicAuth('username', 'password')) 


The parameter "auth" represents authentication information (takes input the name of the "authentication scheme" along with the "username" and "password"). With the help of this syntax, we can authenticate ourselves while making any get() request to an API (which requires authentication).

The syntax can be also written as : 

#### requests.get('url', auth = ('username', 'password')) 

Here we will be using the GitHub (REST) API to get the private and public profile information of any user. For this we need to authenticated through "basic auth" or "OAuth" .

In [1]:
## 'https://api.github.com/user'

import requests
from requests.auth import HTTPBasicAuth

header = {"Accept": "application/vnd.github+json"}  # the header parameter is required as per github update (fixed) 

response = requests.get('https://api.github.com/user', auth = HTTPBasicAuth('username', 'password'), headers = header)
print(response.status_code)

401


As of 13th November 2020, Github has deprecated basic authentication via username and password. 
Attempting to access the Github API using this method will give a 401 error.

In [2]:
response = requests.get('https://api.github.com/user', auth = ('username', 'password'), headers = header)
print(response.status_code)

401


As of 13th November 2020, Github has deprecated basic authentication via username and password. 
Attempting to access the Github API using this method will give a 401 error.

Let's try to create a repository in my GitHub account with the help of post() request. Post() request is used to make changes/update anything. It is a kind of write request. By creating a repository, we are actually making changes to the profile.

This can be done using the syntax :

#### requests.post('url', data = {})

The data to be passed inside the argument "data" should be in key, value pairs. It should be of type JSON. 

The function json.dumps() takes any python object and converts it into JSON Type. 

In [None]:
import json

header = {"Accept": "application/vnd.github+json"}

info = {'name' : 'Demo_Repo', 'description' : 'Created via API call', 'auto_init' : 'true'} # input parameters that we have to pass (compulsory)

response = requests.post('https://api.github.com/user/repos', auth = ('username', 'password'), headers = header, data = json.dumps(info))  # converting info (Python Dictionary) to jSON type

In the above code, name - name of the repository, description - description about the repository, auto_init - Boolean value (if true, then it creates an initial commit with empty README).

Read the GitHub API documentaion on how to create a repository.

## Lecture - 2

### oAuth Authentication :

oAuth is a token based authentication and authorization system.

It allows access to an end user's account and private information to be used by third-party services without exposing the user's password.

 It acts as an intermediary on behalf of the end user.

### oAuth	Process :

#### Step 1 : Application registration :

        • Provide details like :
            • Application Name
            • Application website 
            • Redirect URI
            
       • It will return client credentials including :
            • Client identifier (Public)
            • Client secret (Private)   

#### Step 2 : Authorization Grant or get access token

![Screenshot%202023-03-28%20023025.png](attachment:Screenshot%202023-03-28%20023025.png)

In this lecture, we will see how to fetch data using reddit API. Accordig to Reddit API rules, the client must authenticate with oAuth2 authentication.  

Suppose I want to get the access of some public posts which are available on reddit. This means that I want to get access of some Reddit data which is public (not private to ay user) . 

According to Reddit API it says that if we want to get access of any kind of public data, we have to be a valid user of Reddit.

The user is the "client" here. In order to get access, the user (client) must be a valid user on Reddit.

The client has to take permission from a valid Reddit user on behalf of which the client will be able to access the required data. The valid Reddit user is the "resource owner" here.

The Reddit server is acting as the "Authorization" server and "Resource" server here. 

In this case, the user (client) wants to get access of public data only. So, as mentioned before, to get access of public data, the user (client) has to be a valid Reddit user and has to take permission from a valid Reddit user (resource owner). So, the user can play the role of "client" and "resource owner" both. 


The problem in this case is, according to Reddit API, the user (client) has to authenticate via oAuth2. It does not allow basic authentication (passing username and password).

The complete process has to be followed even if the "client" and the "resource owner" are the same person.

The user has to fetch the "Access Token" in order to fetch the required data. Here we have to create an "application" (acts as the "client"). The "Reddit server" acts as the "resource owner".

In order to make requests to Reddit's API via OAuth2, the user must have an "authorization token" on behalf of the user (client). 

To act on behalf of a user, the user has to let reddit know that they are ok with your app performing certain actions for them. In order to do so, your app send the user to the authorization url :

'https://www.reddit.com/api/v1/authorize?client_id=CLIENT_ID&response_type=TYPE&state=RANDOM_STRING&redirect_uri=URI&duration=DURATION&scope=SCOPE_STRING'


In [10]:
## Client ID : OqNenTimHAK4Fl4K2QFXNQ
## Secret : vkjri-NXbCVpmEvmhPIzcIXCp7qy8g

import requests
import json

In [11]:
# Read the Reddit API docs for the parameters to be passed along with the url

data = {'client_id' : 'OqNenTimHAK4Fl4K2QFXNQ', 'response_type' : 'code', 'state' : 'connection', 'redirect_uri' : 'https://www.google.com/', 'scope' : 'read'}

response = requests.get('https://www.reddit.com/api/v1/authorize', params = data)
print(response.url)

https://www.reddit.com/api/v1/authorize?client_id=OqNenTimHAK4Fl4K2QFXNQ&response_type=code&state=connection&redirect_uri=https%3A%2F%2Fwww.google.com%2F&scope=read


Click on : 

https://www.reddit.com/api/v1/authorize?client_id=OqNenTimHAK4Fl4K2QFXNQ&response_type=code&state=connection&redirect_uri=https%3A%2F%2Fwww.google.com%2F&scope=read

![Screenshot%202023-03-30%20020226.png](attachment:Screenshot%202023-03-30%20020226.png)

Click on "Allow" ...

![Screenshot%202023-03-30%20020242.png](attachment:Screenshot%202023-03-30%20020242.png)

 We observe that the code is "ELYRXgcxgkUSnQmLu_m-rDWB1M5H2Q".
 
We can use the above code in our next step (Token Retrival) to retrive the access token. 

If you didn't get an error in the previous step, then you can make a post request with the code to the url : 'https://www.reddit.com/api/v1/access_token'

For further information read about it in the Reddit API docs.

In [13]:
data = {'grant_type' : 'authorization_code', 'code' : 'ELYRXgcxgkUSnQmLu_m-rDWB1M5H2Q', 'redirect_uri' : 'https://www.google.com/'}
response = requests.post('https://www.reddit.com/api/v1/access_token', data = data, auth = ('OqNenTimHAK4Fl4K2QFXNQ', 'vkjri-NXbCVpmEvmhPIzcIXCp7qy8g'), headers = {'User-Agent' : 'ShibayanBiswas'})  # here we can pass a random string in the key 'User-Agent' in the 'header' parameter
print(response.text)

{"access_token": "2460733557525-_c-aDe9M74HmvNtO7AnNkA1UR-u8uA", "token_type": "bearer", "expires_in": 86400, "scope": "read"}


Here we can see that we have successfully generated the "access_token".

## Lecture - 3 (Fetch the data)

After generating the access token, you can make API calls to Reddit's servers on behalf of the user by user the "header" parameter. 

API requests with a bearer token should be made to the url : 'https://oauth.reddit.com'

In [17]:
header = {'User-Agent' : 'ShibayanBiswas', 'Authorization' : 'bearer 2460733557525-_c-aDe9M74HmvNtO7AnNkA1UR-u8uA'}
response = requests.get('https://oauth.reddit.com', headers = header)

data = response.json()
data

{'kind': 'Listing',
 'data': {'after': 't3_125nizr',
  'dist': 25,
  'modhash': None,
  'geo_filter': None,
  'children': [{'kind': 't3',
    'data': {'approved_at_utc': None,
     'subreddit': 'gadgets',
     'selftext': '',
     'author_fullname': 't2_7ccf',
     'saved': False,
     'mod_reason_title': None,
     'gilded': 0,
     'clicked': False,
     'title': 'Sugar-powered teabag-like implant successfully manages type 1 diabetes',
     'link_flair_richtext': [],
     'subreddit_name_prefixed': 'r/gadgets',
     'hidden': False,
     'pwls': 6,
     'link_flair_css_class': 'medical',
     'downs': 0,
     'thumbnail_height': 73,
     'top_awarded_type': None,
     'hide_score': False,
     'name': 't3_125mvmi',
     'quarantine': False,
     'link_flair_text_color': 'dark',
     'upvote_ratio': 0.96,
     'author_flair_background_color': None,
     'ups': 5981,
     'total_awards_received': 0,
     'media_embed': {},
     'thumbnail_width': 140,
     'author_flair_template_id': N

We have to choose an endpoint (basically from which you want to get some data) on which we want to make our get request.

In the timeline of my Reddit account, I am able to see random "reddits" which are being picked from most popular, trending "subreddits". By default, best "reddits" are being shown. We can use the endpoint "/best" to access them.

In [18]:
header = {'User-Agent' : 'ShibayanBiswas', 'Authorization' : 'bearer 2460733557525-_c-aDe9M74HmvNtO7AnNkA1UR-u8uA'}
response = requests.get('https://oauth.reddit.com/best', headers = header)

data = response.json()
data

{'kind': 'Listing',
 'data': {'after': 't3_125nizr',
  'dist': 25,
  'modhash': None,
  'geo_filter': None,
  'children': [{'kind': 't3',
    'data': {'approved_at_utc': None,
     'subreddit': 'gadgets',
     'selftext': '',
     'author_fullname': 't2_7ccf',
     'saved': False,
     'mod_reason_title': None,
     'gilded': 0,
     'clicked': False,
     'title': 'Sugar-powered teabag-like implant successfully manages type 1 diabetes',
     'link_flair_richtext': [],
     'subreddit_name_prefixed': 'r/gadgets',
     'hidden': False,
     'pwls': 6,
     'link_flair_css_class': 'medical',
     'downs': 0,
     'thumbnail_height': 73,
     'top_awarded_type': None,
     'hide_score': False,
     'name': 't3_125mvmi',
     'quarantine': False,
     'link_flair_text_color': 'dark',
     'upvote_ratio': 0.96,
     'author_flair_background_color': None,
     'ups': 5975,
     'total_awards_received': 0,
     'media_embed': {},
     'thumbnail_width': 140,
     'author_flair_template_id': N

Now let's try to see the "reddits" obtained ...

In [19]:
reddits = data['data']['children']
reddits

[{'kind': 't3',
  'data': {'approved_at_utc': None,
   'subreddit': 'gadgets',
   'selftext': '',
   'author_fullname': 't2_7ccf',
   'saved': False,
   'mod_reason_title': None,
   'gilded': 0,
   'clicked': False,
   'title': 'Sugar-powered teabag-like implant successfully manages type 1 diabetes',
   'link_flair_richtext': [],
   'subreddit_name_prefixed': 'r/gadgets',
   'hidden': False,
   'pwls': 6,
   'link_flair_css_class': 'medical',
   'downs': 0,
   'thumbnail_height': 73,
   'top_awarded_type': None,
   'hide_score': False,
   'name': 't3_125mvmi',
   'quarantine': False,
   'link_flair_text_color': 'dark',
   'upvote_ratio': 0.96,
   'author_flair_background_color': None,
   'ups': 5975,
   'total_awards_received': 0,
   'media_embed': {},
   'thumbnail_width': 140,
   'author_flair_template_id': None,
   'is_original_content': False,
   'user_reports': [],
   'secure_media': None,
   'is_reddit_media_domain': False,
   'is_meta': False,
   'category': None,
   'secure_med

In [20]:
print(type(reddits))

<class 'list'>


Here we have obtained the list of "reddits". For an API call we can get access to 25 or more "reddits".

Now let's try to print the "Author", "Title" for each "reddit" (post) ...

In [21]:
for i in reddits:
  print(i['data']['author'], ' : ', i['data']['title'])
  print('-------------------------------------------')

speckz  :  Sugar-powered teabag-like implant successfully manages type 1 diabetes
-------------------------------------------
777fer  :  Ryan Reynolds' soccer team Wrexham to face Manchester United in San Diego
-------------------------------------------
Hassaan18  :  The only game we need remastered
-------------------------------------------
TheDirewolf04  :  Body bags in DC
-------------------------------------------
WhoKilledZekeIddon  :  Mildly Terrifying
-------------------------------------------
Breakfast_on_Jupiter  :  Putin admits sanctions may hurt Russia's economy
-------------------------------------------
AskJ33ves  :  eHarmony Video Bio from 11 years ago that once ruled the internet
-------------------------------------------
ellers_0  :  What’s the hottest thing a guy can say during sex?
-------------------------------------------
lnfinity  :  Cows enjoying their brush
-------------------------------------------
nyamenehene1  :  Antisemitism: Jewish organisations reject

When you are trying to send any get()/post() requests to any endpoint (basically from which you want to get some data), check the required scope.

## Lecture - 4 (Reddit Endpoints)

Suppose I want to make a get() request to the endpoint "/r/subreddit/hot" (posts by the "subreddit"). In order to hit this endpoint, we should have "scope" = "read". 

This endpoint will return the information about the "subreddit" that we will pass here. For example, we pass "music".

Now let's try to see the "reddits" obtained ...

In [26]:
import requests
import json

data = {'client_id' : 'OqNenTimHAK4Fl4K2QFXNQ', 'response_type' : 'code', 'state' : 'connection', 'redirect_uri' : 'https://www.google.com/', 'scope' : 'read'}
response = requests.get('https://www.reddit.com/api/v1/authorize', params = data)
print(response.url)

https://www.reddit.com/api/v1/authorize?client_id=OqNenTimHAK4Fl4K2QFXNQ&response_type=code&state=connection&redirect_uri=https%3A%2F%2Fwww.google.com%2F&scope=read


In [27]:
# U-Ut5s2L0LdCY-gsWH7zJjcpitZHew
data = {'grant_type' : 'authorization_code', 'code' : 'U-Ut5s2L0LdCY-gsWH7zJjcpitZHew', 'redirect_uri' : 'https://www.google.com/'}
response = requests.post('https://www.reddit.com/api/v1/access_token', data = data, auth = ('OqNenTimHAK4Fl4K2QFXNQ', 'vkjri-NXbCVpmEvmhPIzcIXCp7qy8g'), headers = {'User-Agent' : 'ShibayanBiswas'})
print(response.text)

{"access_token": "2460733557525-0Eyp5ZDboTkM3BHq_27YWQG2bjpdiQ", "token_type": "bearer", "expires_in": 86400, "scope": "read"}


Let's make a get() request to the endpoint "/r/music/about" to get access to some information about the "subreddit" ...

In [44]:
header = {'User-Agent' : 'ShibayanBiswas', 'Authorization' : 'bearer 2460733557525-0Eyp5ZDboTkM3BHq_27YWQG2bjpdiQ'}
response = requests.get('https://oauth.reddit.com/r/music/about', headers = header)

data = response.json()
data

{'kind': 't5',
 'data': {'user_flair_background_color': None,
  'submit_text_html': '&lt;!-- SC_OFF --&gt;&lt;div class="md"&gt;&lt;p&gt;&lt;a href="//#postrules"&gt;&lt;/a&gt;&lt;/p&gt;\n\n&lt;ul&gt;\n&lt;li&gt;&lt;p&gt;&lt;strong&gt;No music from the &lt;a href="/r/music/wiki/halloffame"&gt;Hall of Fame&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;&lt;/li&gt;\n&lt;li&gt;&lt;p&gt;&lt;strong&gt;No images&lt;/strong&gt;    &lt;/p&gt;&lt;/li&gt;\n&lt;li&gt;&lt;p&gt;&lt;strong&gt;Use Artist - Title [Genre] for all streaming music links&lt;/strong&gt;&lt;/p&gt;&lt;/li&gt;\n&lt;li&gt;&lt;p&gt;&lt;strong&gt;No artist posts for 30 days if their previous post broke 100 points&lt;/strong&gt;&lt;/p&gt;&lt;/li&gt;\n&lt;li&gt;&lt;p&gt;&lt;strong&gt;No clickbait titles or asking for votes&lt;/strong&gt;&lt;/p&gt;&lt;/li&gt;\n&lt;li&gt;&lt;p&gt;&lt;strong&gt;No &lt;a href="/r/ifyoulikeblank"&gt;/r/ifyoulikeblank&lt;/a&gt;, &lt;a href="/r/tipofmytongue"&gt;/r/tipofmytongue&lt;/a&gt;, or request style posts&lt;/

In [45]:
header = {'User-Agent' : 'ShibayanBiswas', 'Authorization' : 'bearer 2460733557525-0Eyp5ZDboTkM3BHq_27YWQG2bjpdiQ'}
response = requests.get('https://oauth.reddit.com/r/music/hot', headers = header)

data = response.json()
data

{'kind': 'Listing',
 'data': {'after': 't3_1261eth',
  'dist': 27,
  'modhash': None,
  'geo_filter': None,
  'children': [{'kind': 't3',
    'data': {'approved_at_utc': None,
     'subreddit': 'Music',
     'selftext': 'I’m Awsten from the band Waterparks. We just announced our new studio album INTELLECTUAL PROPERTY and dropped the music video for FUCK ABOUT IT directed by me and my friend Erik. AMA? Almost anything? AMA?\n\nPROOF: https://i.redd.it/ponjz8zhm43a1.png',
     'author_fullname': 't2_unn0g253',
     'saved': False,
     'mod_reason_title': None,
     'gilded': 0,
     'clicked': False,
     'title': 'WATERPARKS FUCK ABOUT IT AMA',
     'link_flair_richtext': [{'e': 'text', 't': 'AMA - verified'}],
     'subreddit_name_prefixed': 'r/Music',
     'hidden': False,
     'pwls': 6,
     'link_flair_css_class': 'amas',
     'downs': 0,
     'top_awarded_type': None,
     'hide_score': False,
     'name': 't3_zaswtc',
     'quarantine': False,
     'link_flair_text_color': 'dark

Now let's try to see the "reddits" obtained ...

In [46]:
reddits = data['data']['children']
reddits

[{'kind': 't3',
  'data': {'approved_at_utc': None,
   'subreddit': 'Music',
   'selftext': 'I’m Awsten from the band Waterparks. We just announced our new studio album INTELLECTUAL PROPERTY and dropped the music video for FUCK ABOUT IT directed by me and my friend Erik. AMA? Almost anything? AMA?\n\nPROOF: https://i.redd.it/ponjz8zhm43a1.png',
   'author_fullname': 't2_unn0g253',
   'saved': False,
   'mod_reason_title': None,
   'gilded': 0,
   'clicked': False,
   'title': 'WATERPARKS FUCK ABOUT IT AMA',
   'link_flair_richtext': [{'e': 'text', 't': 'AMA - verified'}],
   'subreddit_name_prefixed': 'r/Music',
   'hidden': False,
   'pwls': 6,
   'link_flair_css_class': 'amas',
   'downs': 0,
   'top_awarded_type': None,
   'hide_score': False,
   'name': 't3_zaswtc',
   'quarantine': False,
   'link_flair_text_color': 'dark',
   'upvote_ratio': 0.81,
   'author_flair_background_color': None,
   'subreddit_type': 'public',
   'ups': 594,
   'total_awards_received': 3,
   'media_embed

Now let's try to print the "Author", "Title", "Text" for each "reddit" (post) ...

In [47]:
for i in reddits :
  print(i['data']['author'], ' : ', i['data']['title'])
  print(i['data']['selftext'])
  print('--------------------------------------------')

DANNY_PROPERTY  :  WATERPARKS FUCK ABOUT IT AMA
I’m Awsten from the band Waterparks. We just announced our new studio album INTELLECTUAL PROPERTY and dropped the music video for FUCK ABOUT IT directed by me and my friend Erik. AMA? Almost anything? AMA?

PROOF: https://i.redd.it/ponjz8zhm43a1.png
--------------------------------------------
Aly-and-AJ  :  We are Aly ＆ AJ, and we are here to answer all your questions about our new LP, “With Love From”, AMA!
PROOF: https://i.redd.it/kfm9t3vc30pa1.png

Our new LP, With Love From, is a travelog filled with organic instrumentation and impassioned road songs that we liken to a series of postcards to our fans. It’s an ode to the people who have kept with us for so long, and also to the new fans who have just started listening. We’re bringing our California sunshine to them, and they’re bringing it to us! With Love From represents an expression of gratitude for it all—for how we’ve continued to grow for 20 years in music with their souls intac

We can take help of the "limit" parameter to have some restricted number of posts ("limit" <= 25) .

Let's try to hit the endpoint "/api/username_available". With the help of this we can check whether a username is available for registration. For example : I pass my reddit username ...

The output should be "False" beacuse this username is already registered.

In [49]:
header = {'User-Agent' : 'ShibayanBiswas', 'Authorization' : 'bearer 2460733557525-0Eyp5ZDboTkM3BHq_27YWQG2bjpdiQ'}
response = requests.get('https://oauth.reddit.com/api/username_available', headers = header, params = {'user' : 'Shibayan_Biswas'})

data = response.json()
data

False

Let's subscribe a "subreddit" ("scope" = "subscribe") ...

In [50]:
import requests
import json

data = {'client_id' : 'OqNenTimHAK4Fl4K2QFXNQ', 'response_type' : 'code', 'state' : 'connection', 'redirect_uri' : 'https://www.google.com/', 'scope' : 'subscribe'}
response = requests.get('https://www.reddit.com/api/v1/authorize', params = data)
print(response.url)

https://www.reddit.com/api/v1/authorize?client_id=OqNenTimHAK4Fl4K2QFXNQ&response_type=code&state=connection&redirect_uri=https%3A%2F%2Fwww.google.com%2F&scope=subscribe


In [51]:
# VX8FzExKclTFK1kll5GMr543rIlybg
data = {'grant_type' : 'authorization_code', 'code' : 'VX8FzExKclTFK1kll5GMr543rIlybg', 'redirect_uri' : 'https://www.google.com/'}
response = requests.post('https://www.reddit.com/api/v1/access_token', data = data, auth = ('OqNenTimHAK4Fl4K2QFXNQ', 'vkjri-NXbCVpmEvmhPIzcIXCp7qy8g'), headers = {'User-Agent' : 'ShibayanBiswas'})
print(response.text)

{"access_token": "2460733557525-T8BhTWKR4rwDyj2UcWiiwdyxAedIhg", "token_type": "bearer", "expires_in": 86400, "scope": "subscribe"}


In [60]:
header = {'User-Agent' : 'ShibayanBiswas', 'Authorization' : 'bearer 2460733557525-T8BhTWKR4rwDyj2UcWiiwdyxAedIhg'}
response = requests.post('https://oauth.reddit.com/api/subscribe', headers = header, params = {'action' : 'sub', 'sr_name' : 'Music'})

data = response.json()
data

{}

![Screenshot%202023-03-30%20042400.png](attachment:Screenshot%202023-03-30%20042400.png)