# Introduction to APIs

An **API (Application Programming Interface)** is like a bridge that lets different software systems talk to each other. It defines how requests and responses should be structured, allowing apps to share data or functionality without revealing their internal workings. For example, a weather app uses an API to fetch real-time data from a weather service.

## Why Learn APIs?
APIs are essential for:
- **Data Exchange**: Apps can access and share data (e.g., a web app showing live stock prices).
- **Integration**: Connect different services (e.g., linking a payment gateway like Stripe to an e-commerce site).
- **Scalable Services**: Build systems where parts (like front-end and back-end) work together efficiently, enabling apps to grow.

## Types of APIs
There are several types of APIs, but we’ll focus on:
- **Web APIs**: Used for communication over the internet, typically between a client (like a browser) and a server. Examples include fetching user data or posts from a social media platform.
- **Library APIs**: Allow code to use pre-built functions (e.g., Python’s `math` module).
- **OS APIs**: Let apps interact with operating systems (e.g., accessing files on Windows).
Our lessons will emphasize **Web APIs** because they’re widely used for client-server interactions, like building or connecting web apps.

# Basic Concepts of APIs

## Client-Server Model
The **client-server model** is the foundation of how APIs work:
- **Client**: The app or device sending a request (e.g., a browser or mobile app).
- **Server**: The system that processes the request and sends a response (e.g., a web server with data).
For example, when you visit a website, your browser (client) requests data from a server, which responds with the webpage content.

## Endpoints
An **endpoint** is a specific URL in an API that represents a resource. Each endpoint handles a particular function.
- Example: `https://api.example.com/users` might return a list of users.
- Endpoints are like addresses for data or actions (e.g., `/products` for product data, `/orders` for order details).

## Requests and Responses
APIs rely on structured communication:
- **Requests**: Sent by the client to the server, including:
  - **Method**: What action to perform (e.g., GET, POST; covered later).
  - **Headers**: Metadata like authentication tokens or content type.
  - **Body**: Data sent to the server (e.g., user info in a POST request).
- **Responses**: Returned by the server, including:
  - **Status Codes**: Indicate success or failure (e.g., `200 OK` for success, `404 Not Found` for missing resources, `500 Internal Server Error` for issues).
  - **Body**: Data returned (e.g., a list of users in JSON).
Example: A client requests `/users`, and the server responds with a `200 OK` status and a list of users.

## Data Formats
APIs use standard formats to exchange data:
- **JSON (JavaScript Object Notation)**: Most common, lightweight, and easy to read. Example:
  ```json
  {"id": 1, "name": "Alice", "email": "alice@example.com"}
  ```
  - Parsed using libraries like Python’s `json` module or JavaScript’s `JSON.parse()`.
- **XML (Extensible Markup Language)**: Older, more verbose. Example:
  ```xml
  <user><id>1</id><name>Alice</name><email>alice@example.com</email></user>
  ```
  - Less common but still used in legacy systems.
- **How to Use**: Clients send data (e.g., JSON in a POST request) and parse responses (e.g., convert JSON to a Python dictionary).

# HTTP Methods and Their Usage

HTTP methods define the actions an API can perform on resources. They align with **CRUD** operations (Create, Read, Update, Delete) for managing data.

### GET
- **Purpose**: Retrieve data from a server.
- **Characteristics**:
  - **Safe**: Doesn’t change server data.
  - **Idempotent**: Repeated calls return the same result.
- **Example**: `GET /users` fetches a list of users.
- **Use Case**: Display a list of products in an online store.

### POST
- **Purpose**: Create a new resource on the server.
- **Characteristics**:
  - **Not idempotent**: Multiple calls may create multiple resources.
- **Example**: `POST /users` with `{"name": "Alice", "email": "alice@example.com"}` adds a new user.
- **Use Case**: Submit a new order in an e-commerce app.

### PUT
- **Purpose**: Update or replace an existing resource entirely.
- **Characteristics**:
  - **Idempotent**: Repeated calls with the same data produce the same result.
- **Example**: `PUT /users/1` with `{"name": "Bob", "email": "bob@example.com"}` updates user ID 1’s details.
- **Use Case**: Update a user’s full profile in a system.

### PATCH
- **Purpose**: Partially update a resource (modify specific fields).
- **Characteristics**:
  - **Idempotent**: Repeated calls with the same data yield the same result.
- **Example**: `PATCH /users/1` with `{"email": "newemail@example.com"}` changes only the email.
- **Use Case**: Update a single field, like a user’s phone number.

### DELETE
- **Purpose**: Remove a resource from the server.
- **Characteristics**:
  - **Idempotent**: Repeated calls have the same effect (resource stays deleted).
- **Example**: `DELETE /users/1` removes user ID 1.
- **Use Case**: Delete a blog post or cancel an order.

### Other Methods
- **HEAD**: Retrieves metadata (like headers) without the response body.
  - **Use Case**: Check if a resource exists or its size before downloading.
  - **Example**: `HEAD /users/1` to verify user existence.
- **OPTIONS**: Lists supported HTTP methods for an endpoint.
  - **Use Case**: Discover what actions an API allows (e.g., check if `POST` is supported).
  - **Example**: `OPTIONS /users` returns allowed methods like `GET`, `POST`.

### When to Use for CRUD
- **Create**: Use `POST` to add new resources.
- **Read**: Use `GET` to retrieve data.
- **Update**: Use `PUT` for full updates, `PATCH` for partial updates.
- **Delete**: Use `DELETE` to remove resources.

These methods form the backbone of RESTful APIs, ensuring predictable and standardized interactions.

# REST APIs

## Principles of REST
REST (Representational State Transfer) is an architectural style for designing web APIs, based on these key principles:
- **Stateless**: Each request from a client to the server must contain all the information needed to process it. The server doesn’t store client state between requests. Example: A request to `/users/1` always fetches user 1’s data, regardless of prior requests.
- **Uniform Interface**: APIs use standard conventions (e.g., HTTP methods like GET, POST) for consistency. Resources are accessed via unique URIs (e.g., `/products/123`).
- **Resource-Based (URIs)**: Data and functionality are organized as resources, identified by URLs (e.g., `/orders` for order data).
- **Representations (JSON/XML)**: Resources are sent or received in formats like JSON or XML. Example: A user resource might be `{"id": 1, "name": "Alice"}` in JSON.
- **Layered System**: The API can have intermediary layers (e.g., proxies, load balancers) for scalability or security, transparent to the client.

## Advantages
- **Scalable**: Statelessness and layering allow systems to handle many users by adding servers.
- **Easy to Cache**: Responses (e.g., GET requests) can be cached to improve performance.
- **Follows HTTP Standards**: Uses standard HTTP methods and status codes, making it widely compatible and easy to understand.

## Usage
REST APIs power web services by enabling client-server communication:
- **Social Media Feeds**: Platforms like Twitter use REST APIs to fetch posts or user profiles (e.g., GET `/tweets` for recent tweets).
- **E-commerce Backends**: Online stores use REST APIs to manage products, orders, and payments (e.g., POST `/orders` to create an order).
- **Real-World Examples**:
  - **GitHub API**: Developers use `GET /repos/{owner}/{repo}` to retrieve repository details or `POST /repos` to create a new repository.
  - **Stripe API**: Businesses use `POST /charges` to process payments or `GET /customers` to fetch customer data.

These APIs allow apps to integrate with external services, enabling features like displaying GitHub stats or processing payments in an app.

# Building APIs with Flask

## Overview
**Flask** is a lightweight Python web framework ideal for building simple APIs. It’s easy to learn and perfect for small projects or prototypes due to its minimal setup and flexibility.

## Setup
To get started with Flask:
1. Install Flask: Run `pip install flask` in your terminal.
2. Basic App Structure: Create a Python file (e.g., `app.py`) with the following setup:
   ```python
   from flask import Flask

   app = Flask(__name__)

   if __name__ == '__main__':
       app.run(debug=True)
   ```
   - `Flask(__name__)` creates the Flask app instance.
   - `app.run(debug=True)` starts the server in development mode.

## Usage
Flask uses **routes** to define API endpoints:
- Define routes with the `@app.route('/endpoint', methods=['GET'])` decorator.
- Use `jsonify` to return JSON responses.
- Example: Create a route to handle GET requests:
  ```python
  from flask import jsonify

  @app.route('/hello', methods=['GET'])
  def hello():
      return jsonify({"message": "Hello, World!"})
  ```
- Run the app and visit `http://localhost:5000/hello` to see `{"message": "Hello, World!"}`.

## Pros
- **Minimalist**: Simple to set up with minimal code.

**Flexible**: Easy to customize for small projects or prototypes.
- **Beginner-Friendly**: Straightforward syntax and clear documentation make it accessible for students.

## Example: Simple GET Endpoint
Below is a complete Flask API with a GET endpoint returning "Hello, World!":

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/hello', methods=['GET'])
def hello():
    return jsonify({"message": "Hello, World!"})

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


To test:
1. Save the code as `app.py`.
2. Run `python app.py`.
3. Visit `http://localhost:8000/docs` to test the endpoint interactively or use `curl http://localhost:8000/hello` to see `{"message": "Hello, World!"}`.
4. The Pydantic `Message` model ensures the response adheres to the defined structure.

This example shows how FastAPI combines simplicity, type safety, and automatic documentation for efficient API development.

# Differences Between Flask, FastAPI, and REST APIs

## REST APIs
- **Definition**: REST (Representational State Transfer) is an **architectural style**, not a framework. It defines principles for designing web APIs (stateless, resource-based, using HTTP methods).
- **Role**: Both Flask and FastAPI can implement RESTful APIs by following REST principles (e.g., using GET for retrieval, POST for creation).
- **Key Point**: REST is the design pattern, while Flask and FastAPI are tools to build APIs adhering to it.

## Flask vs. FastAPI
- **Flask**:
  - **Nature**: Synchronous, lightweight Python framework.
  - **Strengths**: Simple to use, minimal setup, ideal for beginners and quick prototypes.
  - **Weaknesses**:
    - Lacks built-in async support, less efficient for high-traffic apps.
    - Manual documentation (no auto-generated Swagger UI).
    - No built-in data validation; requires additional libraries.
  - **Example**: A small API for a blog with basic GET/POST endpoints.
- **FastAPI**:
  - **Nature**: Asynchronous, modern Python framework with type hints.
  - **Strengths**:
    - High performance due to async/await support, ideal for heavy traffic.
    - Auto-generates interactive docs (Swagger UI).
    - Built-in data validation using Pydantic models.
  - **Weaknesses**: Slightly steeper learning curve due to type hints and async concepts.
  - **Example**: A real-time chat API handling multiple concurrent users.

## Usage Scenarios
- **Flask**: Best for **quick MVPs** (Minimum Viable Products) or small projects where simplicity is key. Example: A prototype for a to-do list API.
- **FastAPI**: Ideal for **scalable, real-time applications** requiring high performance or automatic validation/docs. Example: A production API for an e-commerce platform with heavy user traffic.
- **REST**: The design pattern for both, ensuring standardized, scalable, and predictable APIs. Use REST principles in Flask or FastAPI to structure endpoints (e.g., `/users` for user data, `/orders` for orders).

In [None]:
!pip install flask
!pip install fastapi



 # 🌟 Three Simple Coding Tasks for API Development

## Task 1: Build a Basic RESTful API in Flask
**Objective**: Create a Flask API with GET and POST endpoints to manage a to-do list stored in memory.

**Requirements**:
- **GET /todos**: Return a list of all to-do items.
- **POST /todos**: Add a new to-do item with a `task` field in the request body.
- Store to-do items in a list (e.g., `[{"id": 1, "task": "Buy groceries"}]`) in memory.
- Return JSON responses with appropriate status codes (e.g., 200 OK, 400 Bad Request).
- Test using curl or a browser.

In [None]:
from flask import Flask, request, jsonify, url_for

app = Flask(__name__)

todos = []
next_id = 1


@app.get("/todos")
def get_todos():
    return jsonify(todos), 200


@app.post("/todos")
def add_todo():
    if not request.is_json:
        return jsonify(error="Request body must be JSON"), 400

    data = request.get_json(silent=True)
    if not data or "task" not in data or not isinstance(data["task"], str) or not data["task"].strip():
        return jsonify(error="Field 'task' (non-empty string) is required"), 400

    global next_id
    item = {"id": next_id, "task": data["task"].strip()}
    next_id += 1
    todos.append(item)

    response = jsonify(item)
    response.status_code = 201

    response.headers["Location"] = url_for("get_todos")
    return response


if __name__ == "__main__":
    app.run(debug=True, host="0.0.0.0", port=5000)

%tb

## Task 2: Rewrite Task 1 in FastAPI with Type Hints
**Objective**: Rewrite the Flask API from Task 1 using FastAPI, adding type hints and testing via auto-generated docs.

**Requirements**:
- **GET /todos**: Return the list of to-do items.
- **POST /todos**: Add a new to-do with a `task` field, using a Pydantic model for validation.
- Use type hints and Pydantic for data validation.
- Store to-dos in memory (same structure as Task 1).
- Test using FastAPI’s Swagger UI at `/docs`.

In [None]:
from typing import List, Dict, Any

from fastapi import FastAPI, HTTPException, Response, status
from pydantic import BaseModel, Field

app = FastAPI(title="FastAPI To-Do API")

class TodoIn(BaseModel):
    task: str = Field(..., min_length=1, description="The to-do task")

class TodoOut(BaseModel):
    id: int
    task: str


todos: List[Dict[str, Any]] = []
next_id: int = 1

@app.get("/todos", response_model=List[TodoOut], status_code=status.HTTP_200_OK)
def get_todos():
    return todos


@app.post("/todos", response_model=TodoOut, status_code=status.HTTP_201_CREATED)
def add_todo(payload: TodoIn, response: Response):
    global next_id

    task = payload.task.strip()
    if not task:
        raise HTTPException(status_code=400, detail="Field 'task' must be a non-empty string")

    item = {"id": next_id, "task": task}
    next_id += 1
    todos.append(item)

    response.headers["Location"] = "/todos"
    return item


if __name__ == "__main__":
    import uvicorn

    uvicorn.run("main:app", host="0.0.0.0", port=8000, reload=True)

## Task 3: Extend Either API with Authentication and DELETE Endpoint
**Objective**: Extend the Flask or FastAPI to-do API with a simple API key authentication and a DELETE endpoint.

**Requirements**:
- Add a simple **API key check** (e.g., check for a header `X-API-Key: secret`).
- **DELETE /todos/{id}**: Remove a to-do item by its ID.
- Return appropriate status codes (e.g., 404 if ID not found, 401 for invalid API key).
- Test using curl or Postman.

In [None]:
from typing import List, Dict, Any, Optional
import os

from fastapi import FastAPI, HTTPException, Response, status, Header, Depends
from pydantic import BaseModel, Field

app = FastAPI(title="FastAPI To-Do API")

API_KEY = os.getenv("TODO_API_KEY", "secret")

def verify_api_key(x_api_key: Optional[str] = Header(default=None, alias="X-API-Key")) -> None:
    if x_api_key != API_KEY:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or missing API key")

class TodoIn(BaseModel):
    task: str = Field(..., min_length=1, description="The to-do task")

class TodoOut(BaseModel):
    id: int
    task: str

todos: List[Dict[str, Any]] = []
next_id: int = 1


@app.get("/todos", response_model=List[TodoOut], status_code=status.HTTP_200_OK, dependencies=[Depends(verify_api_key)])
def get_todos():
    return todos


@app.post("/todos", response_model=TodoOut, status_code=status.HTTP_201_CREATED, dependencies=[Depends(verify_api_key)])
def add_todo(payload: TodoIn, response: Response):
    global next_id

    task = payload.task.strip()
    if not task:
        raise HTTPException(status_code=400, detail="Field 'task' must be a non-empty string")

    item = {"id": next_id, "task": task}
    next_id += 1
    todos.append(item)

    response.headers["Location"] = "/todos"
    return item


@app.delete("/todos/{todo_id}", status_code=status.HTTP_204_NO_CONTENT, dependencies=[Depends(verify_api_key)])
def delete_todo(todo_id: int):
    """
    DELETE /todos/{id}: Remove a to-do item by its ID.
    - 204 No Content on success
    - 404 Not Found if ID doesn't exist
    """
    for idx, item in enumerate(todos):
        if item["id"] == todo_id:
            del todos[idx]
            return Response(status_code=status.HTTP_204_NO_CONTENT)

    raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"To-do with id {todo_id} not found")


if __name__ == "__main__":
    import uvicorn

    uvicorn.run("main:app", host="0.0.0.0", port=8000, reload=True)

---

### ✨ For my lovely fellows ✨

As we complete our final assignment together, I want to take a moment to reflect on this incredible journey. It has been a true pleasure to work with each of you.  No matter where life takes you next, know that I am always here if you need me. You are all amazing and inspiring individuals, and you will forever hold a special place in my heart.

All the best for your future! 🌟