## DataScience_Master's_Web API Intro

Firstly, it's important to understand what a Web API is. An API (Application Programming Interface) is essentially a set of protocols, routines, and tools for building software applications. A Web API is a type of API that allows different software applications to communicate with each other over the internet.

Think of a Web API like a waiter at a restaurant. When you go to a restaurant, you don't go into the kitchen and cook your own food. Instead, you sit at a table, and a waiter comes to take your order. The waiter then goes back to the kitchen, communicates your order to the chef, and brings your food back to your table. In this analogy, the waiter is like a Web API, and the kitchen is like a server (a computer that's connected to the internet).

### Web API Key Concepts

Now, let's break down some of the key concepts of a Web API:

REST: REST stands for Representational State Transfer, and it's a set of architectural principles for building web services. Essentially, RESTful APIs use HTTP requests (like GET, POST, PUT, DELETE) to perform CRUD (Create, Read, Update, Delete) operations on resources (like data). RESTful APIs are the most common type of Web API.

JSON: JSON stands for JavaScript Object Notation, and it's a lightweight data interchange format. Basically, JSON is a way of representing data in a structured way that's easy to read and parse. Most Web APIs use JSON as their data format.

Endpoints: Endpoints are the URLs that you use to access a Web API. For example, if you wanted to access data from a Web API that provides weather information, you might use an endpoint like "https://api.weather.com/v1/forecast". Endpoints usually have a specific structure that includes the API's base URL, a version number, and a path that specifies the resource you're trying to access.

Authentication: Authentication is the process of verifying that a user (or an application) is who they claim to be. Many Web APIs require authentication to ensure that only authorized users can access the data. Authentication can be done using various methods, like API keys, OAuth, or username/password.

Rate limiting: Rate limiting is a mechanism that Web APIs use to prevent abuse by limiting the number of requests that can be made in a certain period of time. Rate limiting helps to ensure that the API's resources are used fairly and efficiently.

Responses: When you make a request to a Web API, you'll get a response back. The response will usually include a status code (like 200 for success or 404 for not found) and a body that contains the data you requested (in JSON format).

## Real World Application Example - Google Pay

Google Pay is a mobile payment service that allows users to send and receive money, pay bills, and make purchases using their smartphones. Google Pay uses Web APIs to communicate with the banking systems of various partner banks, including HDFC Bank.

When a user initiates a transaction on Google Pay, the app sends a request to HDFC Bank's payment gateway API, which processes the payment and sends a response back to Google Pay. The payment gateway API is responsible for authorizing the payment, verifying the user's account balance, and transferring the funds to the recipient's account.

In addition to the payment gateway API, Google Pay also uses other HDFC Bank APIs to perform various tasks, like retrieving account information, fetching transaction history, and generating payment receipts. These APIs allow Google Pay to provide a seamless and secure payment experience for its users, without requiring them to leave the app and navigate to a separate banking website or app.

Overall, the Web APIs used by Google Pay and HDFC Bank facilitate the exchange of information and transactions between two different systems, making it easier and more convenient for users to make payments and manage their finances.

### Advantages and Disadvantage of using API

| Advantages | Disadvantages |
| --- | --- |
| 1. Allows software applications to communicate with each other, enabling seamless integration and better functionality. | 1. Security risks and vulnerabilities can arise when using APIs, especially if not properly secured. |
| 2. APIs can reduce development time and cost, as developers can use pre-built code and functionality. | 2. There is a reliance on third-party providers to maintain and update APIs, which can cause disruptions if updates are not properly managed. |
| 3. APIs can improve user experience and satisfaction by providing access to additional features and services. | 3. The API provider may limit usage or access, or charge fees for usage, which can impact the viability of using the API. |
| 4. APIs can help companies to generate new revenue streams by monetizing their APIs and creating new services. | 4. APIs can be complex to implement and require technical expertise, which can be a barrier for some companies or developers. |


### Step by Step Process how the gpay works with HDFC bank API 

Suppose you want to send Rs. 500 to your friend XYZ using Google Pay. Here's how the transaction might work using API:

You open the Google Pay app on your phone and select the option to send money to a friend.  


You enter XYZ's phone number or UPI ID as the recipient of the payment.  


The Google Pay app sends a request to HDFC Bank's payment gateway API, along with the details of the transaction (amount, recipient's UPI ID, etc.).  


HDFC Bank's payment gateway API receives the request and performs various checks to ensure that the transaction is valid and authorized. This might include verifying your account balance, checking that XYZ's UPI ID is valid, and confirming that the transaction is not fraudulent. 


If the payment gateway API approves the transaction, it sends a response back to Google Pay with a unique transaction ID and other details about the transaction (timestamp, status, etc.).
Google Pay displays a confirmation screen to you, showing the details of the transaction and asking you to confirm that you want to proceed.  


If you confirm the transaction, Google Pay sends another request to HDFC Bank's payment gateway API to initiate the actual transfer of funds from your account to XYZ's account.  
HDFC Bank's payment gateway API processes the transfer and sends a final response back to Google Pay, indicating that the transaction has been completed successfully.  


Google Pay displays a confirmation screen to you and XYZ, showing the details of the transaction and providing a receipt.
Throughout this process, Google Pay and HDFC Bank's systems communicate with each other using Web APIs. The APIs allow the two systems to exchange information and perform the necessary actions to complete the transaction, all while ensuring that the transaction is secure and authorized.  

| Keyword | Description |
|---------|-------------|
| API     | A set of protocols, routines, and tools for building software applications. |
| HTTP    | A protocol for transmitting data over the internet. Used by APIs to send and receive requests and responses between a client and server. |
| REST    | An architectural style for building web APIs. Provides a standard way of structuring and accessing resources over the internet, using HTTP methods such as GET, POST, PUT, and DELETE. |
| JSON    | Stands for JavaScript Object Notation. A lightweight data-interchange format that is easy for humans to read and write, and easy for machines to parse and generate. Often used to exchange data between a client and server in web APIs. |
| SDK     | Stands for Software Development Kit. A collection of software development tools that allows developers to create applications for a specific platform or system. Often used to create APIs for third-party developers to use. |
| Authentication | The process of verifying the identity of a user or client attempting to access an API. Often done using tokens, keys, or other authentication mechanisms to ensure secure access to data and resources. |
| Rate Limiting | A technique used to limit the number of requests made to an API within a certain period of time. Often used to prevent abuse, protect server resources, and ensure fair usage among all API consumers. |
| Endpoint | A specific URL within an API that accepts requests and returns responses. Often used to access specific data or functionality within an API. |
| Payload | The data sent as part of a request or response in an API. Often formatted using JSON or other data formats to exchange structured data between a client and server. |
| Webhooks | A mechanism for sending real-time notifications from an API to a client or server. Often used to trigger events or automate workflows based on specific API actions or data changes. |


### API- Application programming interface  - Python Modules 

| Module | Description |
| --- | --- |
| requests | A simple HTTP library for sending HTTP/1.1 requests using Python. |
| urllib | A module for working with URLs, including making HTTP requests. |
| http.client | A low-level HTTP client library included in the Python standard library. |
| json | A built-in module for encoding and decoding JSON data. |
| xml.etree.ElementTree | A module for working with XML data. |


### GogleAuth API Features or Methods 

| Method | Description |
| --- | --- |
| `google.auth.credentials.Credentials` | The base class for all Google Auth credentials classes. |
| `google.oauth2.credentials.Credentials` | A credentials class for OAuth 2.0 authentication. |
| `google.auth.compute_engine.Credentials` | A credentials class for Google Compute Engine authentication. |
| `google.auth.app_engine.Credentials` | A credentials class for Google App Engine authentication. |
| `google.auth.service_account.Credentials` | A credentials class for service account authentication. |
| `google.auth.default` | A function that returns the default credentials for the current environment. |
| `google.auth.jwt` | A function for creating JSON Web Tokens (JWTs) for authentication. |
| `google.auth.transport.requests.AuthorizedSession` | A session class that automatically adds authorization headers to requests. |
| `google.auth.transport.requests.Request` | A request class that automatically adds authorization headers to requests. |


## Difference between API and Web API 

| API | Web API |
| --- | --- |
| Stands for "Application Programming Interface". | A type of API that is accessed over the internet using HTTP. |
| Provides a set of protocols, routines, and tools for building software applications. | Allows two software applications to communicate with each other over the internet. |
| Can be used to integrate different software components, create new applications, or automate repetitive tasks. | Enables developers to build web services that can be accessed by other software applications or websites. |
| Can be accessed locally or over a network. | Can be accessed over the internet from anywhere in the world. |
| Examples include operating system APIs, database APIs, and programming language APIs. | Examples include REST APIs, SOAP APIs, and GraphQL APIs. |


| API | Web API |
| --- | --- |
| Provides low-level access to software components, databases, or hardware devices. | Provides a high-level, standardized interface for accessing web services. |
| Can be used to integrate software components within an organization's network or between different organizations. | Enables developers to create and expose web services to third-party developers or customers. |
| Often requires custom code to be written and implemented by software developers. | Often uses standardized protocols such as HTTP, JSON, and XML, making it easier to consume and use. |
| Can be used for a wide variety of applications, from building desktop applications to automating business processes. | Typically used for building web and mobile applications that consume data from remote web services. |
| Generally not designed for public consumption and may require authentication or authorization. | Typically designed to be accessed publicly and may use authentication and authorization mechanisms such as API keys, OAuth, or JSON Web Tokens. |
| Does not necessarily require a web server or web hosting platform. | Typically requires a web server or web hosting platform to expose web services over the internet. |


### Rest and SOAP Architecture 

REST (Representational State Transfer) is a software architectural style that defines a set of constraints for creating web services. It represents resources as URLs and uses standard HTTP methods (GET, POST, PUT, DELETE) to manipulate the state of these resources. REST is lightweight and easy to use, making it a popular choice for web developers. It supports a wide range of data formats, including JSON, XML, and plain text. REST emphasizes statelessness, meaning that each request from the client contains all the necessary information to process that request, without the need for the server to maintain any session state.

SOAP (Simple Object Access Protocol) is another protocol used for exchanging structured information between web services. It uses a set of well-defined XML-based messaging protocols to exchange information between client and server. SOAP is more complex and rigid than REST, making it better suited for enterprise-level applications. It typically uses XML for data exchange, but can also support JSON and other formats.

| REST | SOAP |
| --- | --- |
| Represents resources as URLs | Uses XML-based messaging protocols |
| Uses standard HTTP methods (GET, POST, PUT, DELETE) to manipulate resources | Supports a wider range of operations |
| Lightweight and easy to use | More complex and rigid |
| Supports a wide range of data formats, including JSON, XML, and plain text | Typically uses XML for data exchange, but can also support JSON and other formats |
| Emphasizes statelessness | Can maintain session state |
| Suited for web-based applications | Suited for enterprise-level applications |


### GET, POST, PUT, and DELETE methods

| HTTP Method | Description |
| --- | --- |
| GET | Requests a representation of a resource, without modifying it |
| POST | Submits an entity to a specified resource, often causing a change in state or side effects |
| PUT | Replaces the current representation of a resource with the new representation sent in the request |
| DELETE | Deletes the specified resource |


### Restful services 

RESTful services are a type of web service that uses the principles of REST (Representational State Transfer) architecture to expose and manipulate resources over the web. RESTful services are designed to be stateless, meaning that the server does not maintain any client context between requests. Instead, clients send requests to access or manipulate resources identified by URLs, using standard HTTP methods such as GET, POST, PUT, and DELETE.

In a RESTful service, resources are represented as URIs (Uniform Resource Identifiers) and are manipulated using standard HTTP methods. Resources can be represented in different formats such as JSON (JavaScript Object Notation), XML (Extensible Markup Language), or plain text. Clients can use these representations to perform various operations on the resource, such as retrieving, creating, updating, or deleting it.

One of the key advantages of RESTful services is that they are lightweight and easy to use, making them ideal for web-based applications. They are also highly scalable and can be easily integrated with other web-based services.

### FAQs

### Q1. What is an API? Give an example, where an API is used in real life.

A1. API stands for Application Programming Interface. It is a set of rules, protocols, and tools that are used for building software applications. APIs enable different software applications to communicate with each other and exchange data.

One real-life example of API usage is the integration of Google Maps into other applications, such as ride-hailing services or food delivery services. These applications use Google Maps API to provide location-based services to their users. The API allows the application to retrieve map data from Google's servers and display it to the user within the application. This integration makes it possible for users to easily find and navigate to different locations without having to switch between different apps or services.

Another example is the integration of payment gateways like PayPal or Stripe into e-commerce websites. These payment gateways provide APIs that allow the website to securely process payments and receive payments from customers. The API enables the website to communicate with the payment gateway and exchange information such as transaction details and payment status.

Overall, APIs are used extensively in modern software development, enabling different applications and services to work together seamlessly and provide a better user experience.



### Q2. Give advantages and disadvantages of using API.

| Advantages | Disadvantages |
| --- | --- |
| 1. Allows software applications to communicate with each other, enabling seamless integration and better functionality. | 1. Security risks and vulnerabilities can arise when using APIs, especially if not properly secured. |
| 2. APIs can reduce development time and cost, as developers can use pre-built code and functionality. | 2. There is a reliance on third-party providers to maintain and update APIs, which can cause disruptions if updates are not properly managed. |
| 3. APIs can improve user experience and satisfaction by providing access to additional features and services. | 3. The API provider may limit usage or access, or charge fees for usage, which can impact the viability of using the API. |
| 4. APIs can help companies to generate new revenue streams by monetizing their APIs and creating new services. | 4. APIs can be complex to implement and require technical expertise, which can be a barrier for some companies or developers. |


### Q3. What is a Web API? Differentiate between API and Web API.

| API | Web API |
| --- | --- |
| Stands for "Application Programming Interface". | A type of API that is accessed over the internet using HTTP. |
| Provides a set of protocols, routines, and tools for building software applications. | Allows two software applications to communicate with each other over the internet. |
| Can be used to integrate different software components, create new applications, or automate repetitive tasks. | Enables developers to build web services that can be accessed by other software applications or websites. |
| Can be accessed locally or over a network. | Can be accessed over the internet from anywhere in the world. |
| Examples include operating system APIs, database APIs, and programming language APIs. | Examples include REST APIs, SOAP APIs, and GraphQL APIs. |


| API | Web API |
| --- | --- |
| Stands for "Application Programming Interface" | Stands for "Web Application Programming Interface" |
| An API is a set of protocols, routines, and tools for building software applications | A Web API is an interface for the web that can be accessed using the HTTP protocol |
| APIs can be used to interact with databases, operating systems, web services, and more | Web APIs are specifically designed to be accessed by web browsers and other web-based applications |
| APIs can be implemented using different protocols, including HTTP, TCP/IP, and FTP | Web APIs are implemented using the HTTP protocol |
| APIs can be either public or private | Web APIs are typically public, and may require authentication or use of an API key for access |
| Examples include the Google Maps API, the Twitter API, and the Facebook API | Examples include the RESTful API, the SOAP API, and the GraphQL API |


### Q4. Explain REST and SOAP Architecture. Mention shortcomings of SOAP.

REST (Representational State Transfer) and SOAP (Simple Object Access Protocol) are two widely used architectures for building web services.

REST is an architectural style that is used to create web services that can be accessed over HTTP. RESTful web services use HTTP methods (GET, POST, PUT, DELETE, etc.) to perform operations on resources. RESTful web services are lightweight and can be used on a variety of platforms.

SOAP is an XML-based protocol that is used to exchange data between systems. SOAP messages are transported over HTTP or other application protocols. SOAP web services are more complex and can be used on platforms that support XML.

Here are some of the shortcomings of SOAP:

Complexity: SOAP messages are complex and require more processing power and bandwidth than RESTful messages. This can slow down the performance of the application.

Overhead: SOAP messages have a lot of overhead because of their complex structure. This can make SOAP messages larger and slower to transmit than RESTful messages.

WSDL: SOAP web services require a Web Services Description Language (WSDL) file to describe the service. This can make it difficult to work with SOAP web services because of the complexity of the WSDL file.

Interoperability: SOAP web services are designed to be highly interoperable, but this can also be a disadvantage. Because SOAP web services are so complex, it can be difficult to ensure interoperability between different implementations of SOAP.

Overall, RESTful web services are simpler, faster, and more flexible than SOAP web services. However, SOAP web services can be more robust and have more advanced security features. The choice between REST and SOAP depends on the specific requirements of the application.

### Q4. Explain REST and SOAP Architecture. Mention shortcomings of SOAP.

REST (Representational State Transfer) and SOAP (Simple Object Access Protocol) are two widely used architectures for building web services.

REST is an architectural style that is used to create web services that can be accessed over HTTP. RESTful web services use HTTP methods (GET, POST, PUT, DELETE, etc.) to perform operations on resources. RESTful web services are lightweight and can be used on a variety of platforms.

SOAP is an XML-based protocol that is used to exchange data between systems. SOAP messages are transported over HTTP or other application protocols. SOAP web services are more complex and can be used on platforms that support XML.

Here are some of the shortcomings of SOAP:

Complexity: SOAP messages are complex and require more processing power and bandwidth than RESTful messages. This can slow down the performance of the application.

Overhead: SOAP messages have a lot of overhead because of their complex structure. This can make SOAP messages larger and slower to transmit than RESTful messages.

WSDL: SOAP web services require a Web Services Description Language (WSDL) file to describe the service. This can make it difficult to work with SOAP web services because of the complexity of the WSDL file.

Interoperability: SOAP web services are designed to be highly interoperable, but this can also be a disadvantage. Because SOAP web services are so complex, it can be difficult to ensure interoperability between different implementations of SOAP.

Overall, RESTful web services are simpler, faster, and more flexible than SOAP web services. However, SOAP web services can be more robust and have more advanced security features. The choice between REST and SOAP depends on the specific requirements of the application.

### Q5. Differentiate between REST and SOAP.

| Criteria          | REST                                               | SOAP                                    |
|-------------------|----------------------------------------------------|-----------------------------------------|
| Type              | Architectural style                                | Protocol                                |
| Acronym           | Representational State Transfer                    | Simple Object Access Protocol           |
| Design Focus      | Data                                               | Functionality                           |
| Data Transmission | Lighter-weight and faster because of less overhead | Heavy-weight and slower due to XML      |
| Supported Formats | Supports JSON, XML, HTML, and text                 | Limited to XML                          |
| Message Caching   | Can be cached                                      | Cannot be cached                        |
| Security          | Uses HTTPS for security                            | Uses various security protocols         |
| Scalability       | Highly scalable                                    | Less scalable                           |
| Error Handling    | Uses HTTP status codes                             | Uses SOAP fault messages                |
| Preferred Use Case | Suitable for web applications that need to handle a large number of lightweight transactions | Suitable for enterprise-level applications that require complex operations and involve high volumes of data |
