# Web APIs

---

What even is an API (Application Programming Interface)? 

Think about what happens when I visit NYT.com...

1. I as the "Person" go to https://www.nytimes.com in my browser (known as the "Client"), <br>
<br>
2. The client makes a request to the NYT Website (known as the "Server") – think of this server as a warehouse with all of the NYT content, <br>
<br>
3. The server responds to the client request with HTML, CSS, images, and other assets. The browser then combines those assets and displays them on the webpage. <br>

An API is what allows the Server to "talk to" the Client. 

---

## `Request-Response Cycle`

To understand what's happening here, it's important to understand the "Request-Response Cycle." As we've seen, this involves the client sending a request to the server (via an API) and the server responding (also via an API). 

Behind the scenes, to make this cycle possible, you need: 

1. a URL, 
2. a Method, 
3. a list of Headers,
4. a Body

### *The URL*

> HTTP (Hyper-Text Transfer Protocol) is exactly what it sounds like, a protocol. It allows for a common language that enables the client and server to speak with one another. 

### *The Method*

> The four most common methods are GET (ask the server to retrieve something), POST (ask the server to create something), PUT (ask the server to edit something), and DELETE (ask the server to delete something). 

### *Headers*

> Headers provide meatdata about a request, such as the time a request was sent. 

### *Body*

> The body contains the data the client wants sent to the server. 

## Let's see it in action:

**First, let's check the NYT homepage and go to Developer > Developer Tools in our browser**

**Then, click "Network"** 

**Now we can click on the article of interest (the first article on teir homepage, in this case) and see what happens when we request that information.**

**We can then select "Img" to see all of the images loaded**

**And we can see the request URL for the first image on the article:**

**Last but not least, when we go to that URL, we see our image!** (Looks like it's being stored in GCS)

---

## Example 2: GeoIP resolution

We will start with an example that is doing a "geoIP" resolution: it takes the IP of a computer and returns back its location.

In [1]:
# https://ipstack.com/

import requests

url = 'http://api.ipstack.com/check?access_key=dd4cbbbe9d6b9f2709e5f0533644e547'
resp = requests.get(url)

resp # the 'response' of the server

# 200 means things went well
# 404 means the URL wasn't found
# 5xx means something, somehow, somewhere went wrong 

<Response [200]>

In [3]:
# let's see the content of the response

data = resp.text
data

'{"ip":"34.73.190.179","type":"ipv4","continent_code":"NA","continent_name":"North America","country_code":"US","country_name":"United States","region_code":"SC","region_name":"South Carolina","city":"North Charleston","zip":"29418","latitude":32.890079498291016,"longitude":-80.0589370727539,"location":{"geoname_id":4589387,"capital":"Washington D.C.","languages":[{"code":"en","name":"English","native":"English"}],"country_flag":"http:\\/\\/assets.ipstack.com\\/flags\\/us.svg","country_flag_emoji":"\\ud83c\\uddfa\\ud83c\\uddf8","country_flag_emoji_unicode":"U+1F1FA U+1F1F8","calling_code":"1","is_eu":false}}'

In [4]:
# last but not least, let's transofrm the JSON file into a Python dictionary object using .json

data = resp.json()

data

{'city': 'North Charleston',
 'continent_code': 'NA',
 'continent_name': 'North America',
 'country_code': 'US',
 'country_name': 'United States',
 'ip': '34.73.190.179',
 'latitude': 32.890079498291016,
 'location': {'calling_code': '1',
  'capital': 'Washington D.C.',
  'country_flag': 'http://assets.ipstack.com/flags/us.svg',
  'country_flag_emoji': '🇺🇸',
  'country_flag_emoji_unicode': 'U+1F1FA U+1F1F8',
  'geoname_id': 4589387,
  'is_eu': False,
  'languages': [{'code': 'en', 'name': 'English', 'native': 'English'}]},
 'longitude': -80.0589370727539,
 'region_code': 'SC',
 'region_name': 'South Carolina',
 'type': 'ipv4',
 'zip': '29418'}

In [5]:
# now we can access the fields of the JSON as we normally access Python dictionary entries

print("Lon:", data["longitude"], "Lat:", data["latitude"])

Lon: -80.0589370727539 Lat: 32.890079498291016


Alltogether now:

In [6]:
import requests
url = 'http://api.ipstack.com/check?access_key=dd4cbbbe9d6b9f2709e5f0533644e547'
resp = requests.get(url)
data = resp.json()
print("Lon:", data["longitude"], "Lat:", data["latitude"])

Lon: -80.0589370727539 Lat: 32.890079498291016


---

## Using Parameters with API Calls


The first API call that we tried was very simple. We just fetched a URL. Now let's see a URL that accepts as input a set of **parameters**. We have already seen this concept with functions; the parameters of the API calls are the exact equivalent but for Web APIs, which are, at their core, functions that we call over the web. 

## Example 3: OpenWeatherMap

Let's try to query OpenWeatherMap now, to get data about the weather. [Documentation here](http://openweathermap.org/current#geo). 

Below you can find the URL that you can copy and paste in your browser to get the weather for New York. You will notice that it contains parameters as part of the URL, including an `appid` which is a key that is used to limit the number of calls that can be issued by a single application. 

Try the URL in your browser. Also try to change the query parameter `q` and change it from `New%20York,NY` to something different. (Note: The `%20` is a transformation for the space (` `) character in URLs.)

http://api.openweathermap.org/data/2.5/weather?q=New%20York,NY,USA&units=imperial&mode=json&appid=ffb7b9808e07c9135bdcc7d1e867253d

Below you can find the same code, but now we have a Python dictionary to organize and list the parameters.

In [7]:
import requests

openweathermap_url = "http://api.openweathermap.org/data/2.5/weather"

parameters = {
    'q'     : 'New York, NY, USA',
    'units' : 'imperial',
    'mode'  : 'json',
    'appid' : 'ffb7b9808e07c9135bdcc7d1e867253d'
}

resp = requests.get(openweathermap_url, params=parameters)
data = resp.json()
data

{'base': 'stations',
 'clouds': {'all': 90},
 'cod': 200,
 'coord': {'lat': 40.73, 'lon': -73.99},
 'dt': 1602861976,
 'id': 5128581,
 'main': {'feels_like': 52.79,
  'humidity': 87,
  'pressure': 1019,
  'temp': 55.02,
  'temp_max': 57.2,
  'temp_min': 53.6},
 'name': 'New York',
 'rain': {'1h': 3.76},
 'sys': {'country': 'US',
  'id': 4610,
  'sunrise': 1602846513,
  'sunset': 1602886434,
  'type': 1},
 'timezone': -14400,
 'visibility': 4023,
 'weather': [{'description': 'moderate rain',
   'icon': '10d',
   'id': 501,
   'main': 'Rain'},
  {'description': 'mist', 'icon': '50d', 'id': 701, 'main': 'Mist'}],
 'wind': {'deg': 0, 'speed': 4.7}}

---

# Exercise 1: Extract the current temperature from the returned JSON response.

In [8]:
# your code here

# Solution

In [11]:
print(f"Temperature: {data['main']['temp']}F")
      
# note, the 'f' in front is what's known as an 'f-string'; it allows us to avoid using % formatting 

Temperature: 55.02F


# Exercise 2: Extract the description of the current weather

In [12]:
# your code here

# Solution

In [13]:
print(f"Description: {data['weather'][0]['description']}")

Description: moderate rain


# Exercise 3: Try to change the units to `metric` and repeat


In [14]:
# your code here

# Solution

In [15]:
openweathermap_url = "http://api.openweathermap.org/data/2.5/weather"
parameters = {
    'q'     : 'New York, NY, USA',
    'units' : 'metric',
    'mode'  : 'json',
    'appid' : 'ffb7b9808e07c9135bdcc7d1e867253d'
}
resp = requests.get(openweathermap_url, params=parameters)
data = resp.json()
print(f"Temperature in {data['name']}: {data['main']['temp']}C")
print(f"Description: {data['weather'][0]['description']}")     

Temperature in New York: 12.79C
Description: heavy intensity rain


# Exercise 4: Get the weather for San Francisco, CA



In [16]:
# your code here

# Solution

In [17]:
openweathermap_url = "http://api.openweathermap.org/data/2.5/weather"
parameters = {
    'q'     : 'San Francisco, CA, USA',
    'units' : 'imperial',
    'mode'  : 'json',
    'appid' : 'ffb7b9808e07c9135bdcc7d1e867253d'
}
resp = requests.get(openweathermap_url, params=parameters)
data = resp.json()
print(f"Temperature in {data['name']}: {data['main']['temp']}C")
print(f"Description: {data['weather'][0]['description']}")     

Temperature in San Francisco: 56.61C
Description: light rain


---

# Exercise 5: Study the documentation of the API ([Documentation](http://openweathermap.org/current#geo)). Change the API call to use the longitute and latitude rather than city name.

In [None]:
# your code here

# Solution

In [18]:
openweathermap_url = "http://api.openweathermap.org/data/2.5/weather"
parameters = {
    'lat'   : 40.7288962,
    'lon'   : -73.9966509,
    'units' : 'imperial',
    'mode'  : 'json',
    'appid' : 'ffb7b9808e07c9135bdcc7d1e867253d'
}
resp = requests.get(openweathermap_url, params=parameters)
data = resp.json()
data

{'base': 'stations',
 'clouds': {'all': 90},
 'cod': 200,
 'coord': {'lat': 40.73, 'lon': -74},
 'dt': 1602861962,
 'id': 5128581,
 'main': {'feels_like': 52.79,
  'humidity': 87,
  'pressure': 1019,
  'temp': 55.02,
  'temp_max': 57.2,
  'temp_min': 53.6},
 'name': 'New York',
 'rain': {'1h': 5.01},
 'sys': {'country': 'US',
  'id': 4610,
  'sunrise': 1602846516,
  'sunset': 1602886437,
  'type': 1},
 'timezone': -14400,
 'visibility': 4023,
 'weather': [{'description': 'heavy intensity rain',
   'icon': '10d',
   'id': 502,
   'main': 'Rain'},
  {'description': 'mist', 'icon': '50d', 'id': 701, 'main': 'Mist'}],
 'wind': {'deg': 0, 'speed': 4.7}}

---

# Exercise 6: Read the location of your computer using the GeoIP API. Then use the OpenWeatherMap to query the API and fetch the temperature for the location returned by the GeoIP API. For this exercise, you will need to learn to read variables from a Web API (geoip) and use them as input in another (openweathermap)



In [19]:
#your code here

# Solution

In [20]:
import requests
geoip_url = 'http://api.ipstack.com/check?access_key=dd4cbbbe9d6b9f2709e5f0533644e547'
resp = requests.get(geoip_url)
data = resp.json()
lon = data["longitude"]
lat = data["latitude"]

openweathermap_url = "http://api.openweathermap.org/data/2.5/weather"
parameters = {
    'lat'   : str(lat),
    'lon'   : str(lon),
    'units' : 'imperial',
    'mode'  : 'json',
    'appid' : 'ffb7b9808e07c9135bdcc7d1e867253d'
}
resp = requests.get(openweathermap_url, params=parameters)
data = resp.json()
print("Location:", data['name'])
print("Weather:", data['weather'][0]['description'])
print("Temperature:", data['main']['temp'])

Location: Wildwood
Weather: few clouds
Temperature: 80.31


---

## Authentication with OAuth2

Some of you may have already used APIs that require passing a specific key to authorize the API calls. So the question naturally comes up: Why is that not sufficient for authentication?

Here are a few reasons:

* We often want our application to **act on behalf of a user** (e.g., retrieve the list of friends of a user on Facebook, and do some analysis on behalf of the user). OAuth allows for such delegation, without requiring the app to have access to the login credentials of the user.
* Acting on behalf of a user also allows the quota to be adjusted on a per-user basis, as opposed to a per-app basis. (So that the creators of very popular apps do not have to increase the quota for their own key)
* Users often want to give limited set of priviledges to the app (e.g., read only my profile, no posting).
* Users want to be able to selectively remove access for specific apps, without having to change the credentials for other apps.

So, how does OAuth achieves that?

## OAuth2 flows

1. The app sends the user to a login page. The login page asks the user whether the user really wants to grant these permissions to the app.
2. The user logs in and grants the permissions. This generates an **authorization code** that the API sends back to the app (by **calling back a _redirect URL_**)
3. The app uses the authorization code (which proves that the user has granted permissions), and calls the API, asking for an **access token**.
4. The **access token** can then be used by the app to call the API on behalf of the user.

The picture below illustrates the OAuth2 flow:

<img src="https://assets.digitalocean.com/articles/oauth/abstract_flow.png">

These two tutorials explain in a simplified manner the details of the authentication process:
* https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
* http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified



---

## Flask

Now, let's build our own API using Flask! https://flask.palletsprojects.com/en/1.1.x/

In your terminal: 

1. \> {navigate to desired directory}
2. `mkdir app`
3. `cd app`
4. `touch hello.py`

In `hello.py`, enter the following: 

```python 

from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, World!'

```

Last but not least, in your terminal: 

1. `export FLASK_APP=hello.py`
2. `flask run`

Then visit http://127.0.0.1:5000/ and volia! Your first Flask app!

---

# Exercise 5

Create a Flask app that takes a user's IP address as input and outputs their location, weather, and temperature.

# Solution

1. Navigate to desired directory
2. `mkdir weather_app`
3. `cd weather_app`
4. `touch weather.py`

```python 

from flask import Flask

app = Flask(__name__)
@app.route('/weather')

def my_weather():

    import requests

    geoip_url = 'http://api.ipstack.com/check?access_key=dd4cbbbe9d6b9f2709e5f0533644e547'
    resp = requests.get(geoip_url)
    data = resp.json()
    lon = data["longitude"]
    lat = data["latitude"]

    openweathermap_url = "http://api.openweathermap.org/data/2.5/weather"
    parameters = {
        'lat'   : str(lat),
        'lon'   : str(lon),
        'units' : 'imperial',
        'mode'  : 'json',
        'appid' : 'ffb7b9808e07c9135bdcc7d1e867253d'
    }
    
    resp = requests.get(openweathermap_url, params=parameters)
    data = resp.json()

    location = data['name']
    weather = data['weather'][0]['description']
    temp = str(data['main']['temp'])

    return 'Location: {}, Weather: {}, Temp: {}'.format(location, weather, temp)

```

5. `export FLASK_APP=weather.py`
6. `flask run`

`http://127.0.0.1:5000/weather`