# REST API Development  Crash Notes (Python-FastAPI)

### =======Syllabus=======
**1. Introduction to API**

**2. REST API**

    2.1 Sample Public APIs (GET)
    2.2. Status Codes
    2.3 API Requests
    
**3. POSTMAN**

**4. FastAPI**
    
    4.1 Hello World!
    4.2 Endpoints
    4.3. Dynamic Endpoints
    4.4. HTTP POST Methods

**5.  Usage of CRUD Functionalities with FastAPI**

    5.1 Setting up FastAPI and Dummy Data
    5.2 GET Requests
    5.3 POST Request
    5.4 PUT Request
    5.5 DELETE Request
    5.6 Running the Server
    
**6. Secret Key and WSGI/ASGI Explanation**
    
    6.1 Securing Endpoints with a Secret Key
    6.2 GET Requests with a secret key
    6.3 POST Request with a secret key
    6.4 PUT Request with a secret key
    6.5 DELETE Request with a secret key
    6.6. Running the FastAPI Server with a secret key

**7. Conclusion**

## 1. Introduction to API

An API, short for <b>Application Programming Interface</b>, is a set of rules and protocols that allows different software applications to communicate and interact with each other. <br><br>

<li>It defines the methods and data formats that applications can use to request and exchange information.</li> 
<li>An API acts as a bridge between different software systems, enabling them to share data and functionality in a standardized and controlled manner.</li>
<li>A developer extensively uses APIs in his software to implement various features by using an API call without writing complex codes for the same. </li>


<img src="https://github.com/msklc/crash_api_notes/blob/4fa528d979a51cacc7e8d47e043bbf095cff024b/images/What-is-an-API.png?raw=true">
<b>Source:</b>https://www.geeksforgeeks.org/what-is-an-api/

#### Types of APIs<br>
<li>RESTful APIs</li>
<li>SOAP APIs</li>
<li>GraphQL APIs</li>
<li>Library APIs</li>
<li>Operating system APIs</li>
<li>...</li>

## 2. REST API

REST API services let us interact with the database (or different software systems) by simply doing HTTP requests.
This is often how the backend of web apps is created. <b>Returning data is in JSON format</b> and requests we are using are PUT, DELETE, POST, and GET.

### 2.1 Sample Public APIs (GET)

In [1]:
import requests
url='https://api.ipify.org/?format=json'
r = requests.get(url)
r.text 

'{"ip":"31.201.88.161"}'

In [2]:
import requests
url = 'https://dummy.restapiexample.com/api/v1/employees'
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0',
'Content-type': 'application/json'}

r = requests.get(url, headers = headers)
r.json()

{'status': 'success',
 'data': [{'id': 1,
   'employee_name': 'Tiger Nixon',
   'employee_salary': 320800,
   'employee_age': 61,
   'profile_image': ''},
  {'id': 2,
   'employee_name': 'Garrett Winters',
   'employee_salary': 170750,
   'employee_age': 63,
   'profile_image': ''},
  {'id': 3,
   'employee_name': 'Ashton Cox',
   'employee_salary': 86000,
   'employee_age': 66,
   'profile_image': ''},
  {'id': 4,
   'employee_name': 'Cedric Kelly',
   'employee_salary': 433060,
   'employee_age': 22,
   'profile_image': ''},
  {'id': 5,
   'employee_name': 'Airi Satou',
   'employee_salary': 162700,
   'employee_age': 33,
   'profile_image': ''},
  {'id': 6,
   'employee_name': 'Brielle Williamson',
   'employee_salary': 372000,
   'employee_age': 61,
   'profile_image': ''},
  {'id': 7,
   'employee_name': 'Herrod Chandler',
   'employee_salary': 137500,
   'employee_age': 59,
   'profile_image': ''},
  {'id': 8,
   'employee_name': 'Rhona Davidson',
   'employee_salary': 327900,
  

### 2.2. Status Codes
- 200 : OK (Successfuly Connection)
- 3xx : Redirection
- 400 : Bad Request
- 401 : Unauthorized
- 403 : Forbidden
- 404 : Not Found
- 5xx Server Error
    - 500 : Internal Server Error
    - 501 : Not Implemented
    - 502 : Bad Gateway
    - 503 : Service Unavailable
    - 504 : Gateway Timeout

For better visualization check this link https://http.cat/ 

__Example__

In [3]:
import requests
url='http://www.google.com'
r=requests.get(url)
r.status_code

200

__More Example__

In [4]:
import requests
url_list=['http://www.mysoly.nl', 'http://worldagnetwork.com', 'http://www.mysoly.nl/notfound.php', 'https://www.duo.nl/particulier/', 'https://www.duo.nl/particulier/fistatttempt']
for url in url_list:
    r=requests.get(url)
    print('{} : {}'.format(url,r.status_code))

http://www.mysoly.nl : 200
http://worldagnetwork.com : 200
http://www.mysoly.nl/notfound.php : 404
https://www.duo.nl/particulier/ : 200
https://www.duo.nl/particulier/fistatttempt : 200


### 2.3 API Requests

An API request is a communication made by a client application to an API in order to retrieve or manipulate data or access a particular functionality provided by the API.

- <b>Request URL</b> – The URL is the link that the API communicates with.

- <b>Request Headers</b> – The headers contain the key-value pairs sent with the request to the application. It describes the format of the object data for the request and response. It also includes an authorization token to identify the requester by getting new access token.

- <b>Request Body</b> – The body is the place to customize details in a request.

## 3. POSTMAN

Postman is one of the most popular software testing tools which is used for API testing. With the help of this tool, developers can easily create, test, share, and document APIs.

<img src="https://github.com/msklc/crash_api_notes/blob/80755692d0e7382338a3967df27d23575a1f9c8e/images/postman_api_get.png?raw=true">

## 4- FastAPI 
FastAPI is an awesome, modern web framework that makes building APIs with Python not only fast but also fun. It is widely used by developers after it is published since 2018.

#### What is the advantages of FastAPI?

- __Blazing Fast:__ It's one of the fastest Python frameworks out there, on par with NodeJS and Go. So if you need performance, FastAPI has got you covered.
- __Super Easy to Use:__ FastAPI is designed to be user-friendly. It even creates interactive documentation for you automatically, which is great for testing and exploring your API.
- __Built-in Data Validation:__ With Python's type hints, FastAPI automatically checks the data you receive. This means fewer bugs and more reliable code.
- __Async Support:__ FastAPI handles a lot of requests at once, thanks to its support for asynchronous programming. Perfect for real-time apps!
- __Modern Python Features:__ It takes full advantage of Python’s latest features like type annotations, making your code cleaner and easier to maintain.

#### Why should developers use it?

If a developer looking to build APIs quickly and efficiently without sacrificing performance, FastAPI is the way to go. Whether we’re working on a small project or something that needs to scale, FastAPI helps us get there faster and with less difficulty.



### 4.1 Hello World!

In this part, we'll start with the basics by creating a simple FastAPI application that returns a "Hello World" message. FastAPI is a modern, fast (high-performance), web framework for building APIs with Python (its version should be upper than 3.7).

We need to install some modules and libraries __FastAPI__, __Uvicorn__, and __nest_asyncio__:

To do installation run the code spinnet below in a code cell

- pip install fastapi uvicorn nest-asyncio

In [6]:
import nest_asyncio
from fastapi import FastAPI
import uvicorn

nest_asyncio.apply()

app = FastAPI()

@app.get("/")
async def root():
    return {"message": "Hello World"}

uvicorn.run(app, host="127.0.0.1", port=8000)

INFO:     Started server process [36288]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)


INFO:     127.0.0.1:50308 - "GET / HTTP/1.1" 200 OK


INFO:     Shutting down
INFO:     Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     Finished server process [36288]


Before we continue, it is better to know why we used uvicorn and nest_asyncio

#### uvicorn

uvicorn is a lightning-fast ASGI server used to run asynchronous Python web applications, like those built with FastAPI. It acts as ASGI server that can launch and serve FastAPI application by handling HTTP connection, requets, back responses etc.

#### nest_asyncio

nest_asyncio is a small utility that allows us our asynchronous application to run in environments that don't fully support async features. (for instance Jupyter Notebooks)

### 4.2 Endpoints

Endpoints in FastAPI define how our application responds to different HTTP methods. In this part, we'll focus on GET endpoints to retrieve data based on specific URLs.

Here's multiple examples that work in a Jupyter Notebook:

In [7]:
import nest_asyncio
from fastapi import FastAPI
import uvicorn

nest_asyncio.apply()

app = FastAPI()

@app.get("/")
async def root():
    return {"message": "Hello World"}

@app.get("/items/{item_id}")
async def read_item(item_id: int):
    return {"item_id": item_id}

@app.get("/user/{user_id}/profile")
async def user_profile(user_id: int):
    return {"user_id": user_id, "profile": "This is the profile of User"}

uvicorn.run(app, host="127.0.0.1", port=8000)

INFO:     Started server process [36288]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)


INFO:     127.0.0.1:50317 - "GET /items/5 HTTP/1.1" 200 OK
INFO:     127.0.0.1:50323 - "GET /user/5/profile HTTP/1.1" 200 OK


INFO:     Shutting down
INFO:     Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     Finished server process [36288]


### 4.3 Dynamic Endpoints

In some situations we may need to send some data via URL and at that point "Dynamic endpoints" allow us to capture values from the URL and use them in our functions.
Here are the some examples of Dynamic endpoints


In [9]:
import nest_asyncio
from fastapi import FastAPI
import uvicorn

nest_asyncio.apply()

app = FastAPI()

@app.get("/")
async def root():
    return {"message": "Hello World"}

@app.get("/products/{category}/{product_id}")
async def get_product(category: str, product_id: int):
    return {"category": category, "product_id": product_id}

@app.get("/files/{file_path:path}")
async def read_file(file_path: str):
    return {"file_path": file_path}

uvicorn.run(app, host="127.0.0.1", port=8000)


INFO:     Started server process [36288]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)


INFO:     127.0.0.1:50334 - "GET /products/cable/2 HTTP/1.1" 200 OK


INFO:     Shutting down
INFO:     Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     Finished server process [36288]


### 4.4 HTTP POST Methods

In addition to GET requests, FastAPI allows us to define endpoints for other HTTP methods like POST. POST is typically used to send data to the server.

Let's create an example where we accept data in a POST request:


In [10]:
import nest_asyncio
from fastapi import FastAPI, Body
import uvicorn

nest_asyncio.apply()

app = FastAPI()

@app.post("/create_item/")
async def create_item(name: str = Body(...), price: float = Body(...)):
    return {"name": name, "price": price}

uvicorn.run(app, host="127.0.0.1", port=8000)

INFO:     Started server process [36288]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)


INFO:     127.0.0.1:50338 - "GET /create_item/ HTTP/1.1" 405 Method Not Allowed
INFO:     127.0.0.1:50341 - "POST /create_item/ HTTP/1.1" 200 OK


INFO:     Shutting down
INFO:     Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     Finished server process [36288]


## 5 Usage of CRUD Functionalities with FastAPI
In this part, we'll implement basic CRUD functionalities in FastAPI. These are main operations for managing data in any application. For simplicity, we'll use an in-memory data structure (a Python dictionary) to simulate a database.

### 5.1 Setup FastAPI and Dummy Data
In the first cell, we set up the FastAPI app, initialize the dummy data, and apply nest_asyncio to allow FastAPI to run in the Jupyter environment.

In [2]:
import nest_asyncio
from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
import uvicorn
import threading

nest_asyncio.apply()

app = FastAPI()

items_db = {
    1: {"name": "Laptop", "price": 1000.0},
    2: {"name": "Smartphone", "price": 500.0},
    3: {"name": "Tablet", "price": 300.0}
}

class Item(BaseModel):
    name: str
    price: float

### 5.2 GET Requests


- **GET /items/**: This endpoint retrieves all items in the database.
- **GET /items/{item_id}**: This endpoint retrieves a specific item by its `item_id`.

GET requests are used to **read** or **fetch** resources from the server. In this case, we're using GET to fetch items from our in-memory `items_db`.


In [3]:
@app.get("/items/", response_model=dict)
async def get_all_items():
    return items_db

@app.get("/items/{item_id}", response_model=Item)
async def get_item_by_id(item_id: int):
    item = items_db.get(item_id)
    if item is None:
        raise HTTPException(status_code=404, detail="Item not found")
    return item


### 5.3 POST Request

- **POST /items/**: This endpoint allows clients to create a new item by sending its details (name, price) in the request body.

POST requests are used to **create** new resources on the server. Here, we use POST to add a new item to our in-memory `items_db`.


In [4]:
@app.post("/items/", response_model=Item)
async def create_item(item: Item):
    item_id = len(items_db) + 1  
    items_db[item_id] = item  
    return item


### 5.4 PUT Request

- **PUT /items/{item_id}**: This endpoint allows clients to update the details of an existing item by providing its `item_id` and updated data.

PUT requests are used to **update** existing resources. If an item exists, we update its name and price in the `items_db`.


In [5]:
@app.put("/items/{item_id}", response_model=Item)
async def update_item(item_id: int, updated_item: Item):
    if item_id not in items_db:
        raise HTTPException(status_code=404, detail="Item not found")
    items_db[item_id] = updated_item
    return updated_item


### 5.5 DELETE Request

- **DELETE /items/{item_id}**: This endpoint allows clients to delete an item by its `item_id`.

DELETE requests are used to **remove** resources from the server. Here, we're using DELETE to remove an item from the `items_db` by its ID.


In [6]:
@app.delete("/items/{item_id}", response_model=dict)
async def delete_item(item_id: int):
    if item_id not in items_db:
        raise HTTPException(status_code=404, detail="Item not found")
    del items_db[item_id]
    return {"detail": "Item deleted"}


### 5.6 Running the Server

This will start the FastAPI server in a separate thread so that it can run in the background while you interact with the API.


In [None]:
def run_server():
    uvicorn.run(app, host="127.0.0.1", port=8000)

thread = threading.Thread(target=run_server, args=(), daemon=True)
thread.start()


INFO:     Started server process [15428]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)


INFO:     127.0.0.1:50481 - "GET /items/ HTTP/1.1" 200 OK
INFO:     127.0.0.1:50483 - "GET /items/2 HTTP/1.1" 200 OK
INFO:     127.0.0.1:50488 - "POST /items/ HTTP/1.1" 200 OK
INFO:     127.0.0.1:50490 - "PUT /items/4 HTTP/1.1" 200 OK
INFO:     127.0.0.1:50492 - "DELETE /items/4 HTTP/1.1" 200 OK
INFO:     127.0.0.1:50494 - "GET /items/ HTTP/1.1" 200 OK


## 6 Secret Key and WSGI Explanation

##### What is a Secret Key?
A secret key is a crucial part of web application security. It is used for tasks like encryption, signing data (e.g., tokens), or for authenticating API requests. In this case, we'll use a secret key to authenticate users making requests to our FastAPI endpoints.

Common Uses:
- Token signing (e.g., JWT).
- Session management.
- API request authentication.

##### What is WSGI?

WSGI (Web Server Gateway Interface) is a specification that defines how web servers communicate with Python applications. It acts as a bridge between the web server (like Nginx or Apache) and the Python web application.

WSGI vs ASGI:
- WSGI is synchronous and was designed to handle simple web applications.
- ASGI (Asynchronous Server Gateway Interface) is a newer specification that allows asynchronous processing, making it ideal for modern applications like FastAPI, which may involve real-time features and websockets.

FastAPI, by default, uses ASGI but it’s useful to know that WSGI is an older, more traditional way of deploying Python web apps.

### 6.1 Securing Endpoints with a Secret Key
In below code cell there is an CRUD application so that users need to provide a valid secret key to access the endpoints. We will create a list of up to 5 secret keys, and only users with one of these keys can interact with the API.

If the user doesn’t provide a valid secret key, they’ll receive an "Access Denied" response.

We will use the same example that we create before but in this time we add secret key authentication

- **FastAPI Initialization**: We use FastAPI to handle our HTTP routes and manage the API endpoints.
- **Dummy Data**: We prepopulate `items_db` with three items: a Laptop, a Smartphone, and a Tablet. This gives us a starting point when interacting with the API.
- **Secret Keys**: We define a list of allowed secret keys (`SECRET_KEYS`) that are required to access any of the API endpoints.
- **Middleware**: The middleware intercepts every request and checks for the presence of a valid `x-secret-key` in the headers. If the secret key is missing or invalid, the user is denied access (`403 Forbidden`).

In [1]:
import nest_asyncio
from fastapi import FastAPI, Request, HTTPException
from fastapi.responses import JSONResponse
from pydantic import BaseModel
import uvicorn
import threading

nest_asyncio.apply()

app = FastAPI()

SECRET_KEYS = ["key1", "key2", "key3", "key4", "key5"]

items_db = {
    1: {"name": "Laptop", "price": 1000.0},
    2: {"name": "Smartphone", "price": 500.0},
    3: {"name": "Tablet", "price": 300.0}
}

class Item(BaseModel):
    name: str
    price: float

@app.middleware("http")
async def check_secret_key(request: Request, call_next):
    secret_key = request.headers.get("x-secret-key")
    
    if secret_key not in SECRET_KEYS:
        return JSONResponse(status_code=403, content={"detail": "Access Denied: Invalid Secret Key"})
    
    response = await call_next(request)
    return response

### 6.2. GET Requests with a secret key

This cell defines the **GET** endpoints for retrieving items from the `items_db`.

- **GET /items/**: This endpoint retrieves all items stored in the in-memory database.
- **GET /items/{item_id}**: This endpoint retrieves a specific item by its `item_id`. If the item doesn't exist, it returns a `404 Item Not Found` error.

These endpoints allow you to read data from the API. Since the secret key is validated through the middleware, you don't need to add it to each endpoint.


In [2]:
@app.get("/items/", response_model=dict)
async def get_all_items():
    return items_db

@app.get("/items/{item_id}", response_model=Item)
async def get_item_by_id(item_id: int):
    item = items_db.get(item_id)
    if item is None:
        raise HTTPException(status_code=404, detail="Item not found")
    return item

### 6.3. POST Request with a secret key

This cell defines the **POST** endpoint for creating a new item.

- **POST /items/**: This endpoint allows clients to create a new item by sending its `name` and `price` in the request body. The new item is added to the `items_db`, and the response returns the newly created item.

This is how new resources are added to the in-memory database. The secret key validation is handled by the middleware, so only authorized users can create new items.


In [3]:
@app.post("/items/", response_model=Item)
async def create_item(item: Item):
    item_id = len(items_db) + 1  
    items_db[item_id] = item  
    return item


### 6.4. PUT Request with a secret key

This cell defines the **PUT** endpoint for updating an existing item.

- **PUT /items/{item_id}**: This endpoint allows clients to update the `name` and `price` of an existing item. If the item doesn't exist, it returns a `404 Item Not Found` error.

The PUT method is used to modify existing resources, and as with the other endpoints, secret key validation is automatically handled via the middleware.


In [4]:
@app.put("/items/{item_id}", response_model=Item)
async def update_item(item_id: int, updated_item: Item):
    if item_id not in items_db:
        raise HTTPException(status_code=404, detail="Item not found")
    items_db[item_id] = updated_item
    return updated_item

### 6.5. DELETE Request with a secret key

This cell defines the **DELETE** endpoint for removing an item from the database.

- **DELETE /items/{item_id}**: This endpoint allows clients to delete an item by its `item_id`. If the item doesn't exist, it returns a `404 Item Not Found` error.

The DELETE method is used to remove resources from the database. The secret key validation ensures that only authorized users can delete items.


In [5]:
@app.delete("/items/{item_id}", response_model=dict)
async def delete_item(item_id: int):
    if item_id not in items_db:
        raise HTTPException(status_code=404, detail="Item not found")
    del items_db[item_id]
    return {"detail": "Item deleted"}

### 6.6. Running the FastAPI Server with a secret key

In this final cell, we start the FastAPI server using `uvicorn` in a separate thread.

- **Threaded Server**: We run the FastAPI server in a separate thread to avoid blocking the Jupyter Notebook kernel. This allows you to continue interacting with the notebook while the server runs in the background.

Once the server is running, you can interact with the API via tools like Postman or curl, using the appropriate routes and headers.


In [None]:
def run_server():
    uvicorn.run(app, host="127.0.0.1", port=8000)

thread = threading.Thread(target=run_server, args=(), daemon=True)
thread.start()

INFO:     Started server process [4100]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)


INFO:     127.0.0.1:51023 - "GET /items/ HTTP/1.1" 200 OK
INFO:     127.0.0.1:51023 - "GET /items/ HTTP/1.1" 403 Forbidden
INFO:     127.0.0.1:51026 - "GET /items/2 HTTP/1.1" 200 OK
INFO:     127.0.0.1:51029 - "GET /items/4 HTTP/1.1" 404 Not Found
INFO:     127.0.0.1:51031 - "POST /items/ HTTP/1.1" 200 OK
INFO:     127.0.0.1:51033 - "PUT /items/4 HTTP/1.1" 200 OK
INFO:     127.0.0.1:51033 - "PUT /items/4 HTTP/1.1" 403 Forbidden
INFO:     127.0.0.1:51042 - "DELETE /items/4 HTTP/1.1" 200 OK


## 7 Conclusion

In this tutorial, we explored the basics of building a REST API using FastAPI, one of the most popular and high-performance frameworks for Python. We learned how to create endpoints, manage HTTP methods (GET, POST, PUT, DELETE), and enforce security using secret keys. Additionally, we covered how to run FastAPI in Jupyter Notebook environments using `nest_asyncio`, and how to configure Uvicorn as an ASGI server for asynchronous functionality.

Understanding how FastAPI manages asynchronous calls and implements security features like secret keys helps developers build efficient and secure web APIs. The use of ASGI allows for modern concurrency patterns, making FastAPI a great fit for production-level APIs.

With these insights, you're now equipped to build more complex FastAPI applications and deploy them in real-world environments using tools like Docker or AWS.

