##  REST and Python: Building APIs

### 1. Identify Resources that the API will manage:
- It’s common to describe these resources as plural nouns, like ``customers``, ``events``, or ``transactions``.
- As you do this, make sure to consider any nested resources. For example, ``customers`` may have ``sales``, or ``events`` may contain ``guests``.
- Establishing these resource hierarchies will help when you define API endpoints.

### 2. Define your API Endpoints:
- Here are some example endpoints for a ``transactions`` resource you might find in an API for a payment processing service:

| HTTP method | API endpoint | Description |
| :----------- | :------------ | :----------- |
| GET | /transactions | Get a list of transactions. |
| GET | /transactions/\<transaction_id> | Get a single transaction. |
| POST | /transactions | Create a new transaction. |
| PUT | /transactions/\<transaction_id> | Update a transaction. |
| PATCH | /transactions/\<transaction_id> | Partially update a transaction. |
| DELETE | /transactions/\<transaction_id> | Delete a transaction. |


- These endpoints cover all the operations that you’ll need to create, read, update, and delete transactions in the web service. 

#### Important Points:
An endpoint shouldn’t contain **verbs**. Instead, you should select the appropriate HTTP methods to convey the endpoint’s action. For example, the endpoint below contains an unneeded verb:
```http
GET /getTransactions
```
Here, get is included in the endpoint when it isn’t needed. The HTTP method GET already provides the semantic meaning for the endpoint by indicating the action. You can remove get from the endpoint:
```http
GET /transactions
```
This endpoint contains only a plural noun, and the HTTP method GET communicates the action.

- Example of endpoints for a nested resource. Here, endpoints for guests are nested under events resources:

| HTTP method | API endpoint | Description |
| :---------- | :----------- | :---------- |
| GET | /events/\<event_id>/guests | Get a list of guests. |
| GET | /events/\<event_id>/guests/\<guest_id> | Get a single guest. |
| POST | /events/\<event_id>/guests | Create a new guest. |
| PUT | /events/\<event_id>/guests/\<guest_id> | Update a guest. |
| PATCH | /events/\<event_id>/guests/\<guest_id> | Partially update a guest. |
| DELETE | /events/\<event_id>/guests/\<guest_id> | Delete a guest. |

With these endpoints, you can manage guests for a specific event in the system.

- There's another way of defining endpoints for nested resources using query strings.
- A query string allows you to send additional parameters with your HTTP request. 
- In the following endpoint, you append a query string to get guests for a specific event_id:
```http
GET /guests?event_id=23
```
- This endpoint will filter out any guests that don’t reference the given event_id. 
- As with many things in API design, you need to decide which method fits your web service best.

**Note:**
- API versioning allows you to modify your API without fear of breaking existing integrations.
- This is useful when API resources change (just like we have VCS to ensure code changes don't break existing behaviors).
- There’s a wide range of versioning strategies, some of which are:
  - URI versioning
  - HTTP header versioning
  - Query string versioning
  - Media type versioning
- Versioning your API is an important step to ensure it can adapt to changing requirements while supporting existing users.

### 3. Pick Your Data Interchange Format
- Two popular options for formatting web service data are XML and JSON.
- Traditionally, XML was very popular with SOAP APIs, but JSON is more popular with REST APIs.
- Here’s the book formatted as XML:
```xml
<?xml version="1.0" encoding="UTF-8" ?>
<book>
    <title>Python Basics</title>
    <page_count>635</page_count>
    <pub_date>2021-03-16</pub_date>
    <authors>
        <author>
            <name>David Amos</name>
        </author>
        <author>
            <name>Joanna Jablonski</name>
        </author>
        <author>
            <name>Dan Bader</name>
        </author>
        <author>
            <name>Fletcher Heisler</name>
        </author>
    </authors>
    <isbn13>978-1775093329</isbn13>
    <genre>Education</genre>
</book>
```
- XML uses a series of elements to encode data. Each element has an **opening** and **closing** tag, with the data in between.
- Elements can be nested inside other elements. You can see this above, where several \<author> tags are nested inside of \<authors>.

Now, take a look at the same book in JSON:

```json
{
    "title": "Python Basics",
    "page_count": 635,
    "pub_date": "2021-03-16",
    "authors": [
        {"name": "David Amos"},
        {"name": "Joanna Jablonski"},
        {"name": "Dan Bader"},
        {"name": "Fletcher Heisler"}
    ],
    "isbn13": "978-1775093329",
    "genre": "Education"
}
```
- Data is stored in Key-value pairs.
- Like XML, JSON supports nesting data to any level, so you can model complex data.
- Neither JSON nor XML is inherently better than the other, but there’s a preference for **JSON** among REST API developers. This is especially true when you pair a REST API with a front-end framework like React or Vue.

### 4. Design Success Responses:
- All responses from your REST API should have a similar format and include the proper HTTP status code.
- Let's look at an example for an API that manages ``cars``.
```http
GET /cars HTTP/1.1
Host: api.example.com
```
- Here,
    - **GET** is the HTTP method type.
    - **/cars** is the API endpoint.
    - **HTTP/1.1** is the HTTP version.
    - **Host: api.example.com** is the API host.
- This is all you need to send a ``GET `` request. But if we look at the response:
```http
HTTP/1.1 200 OK
Content-Type: application/json
...

[
    {
        "id": 1,
        "make": "GMC",
        "model": "1500 Club Coupe",
        "year": 1998,
        "vin": "1D7RV1GTXAS806941",
        "color": "Red"
    },
    {
        "id": 2,
        "make": "Lamborghini",
        "model":"Gallardo",
        "year":2006,
        "vin":"JN1BY1PR0FM736887",
        "color":"Mauve"
    },
    {
        "id": 3,
        "make": "Chevrolet",
        "model":"Monte Carlo",
        "year":1996,
        "vin":"1G4HP54K714224234",
        "color":"Violet"
    }
]
```
- This API uses JSON as the data interchange format. 
- You know that the response was successful because of the ``200 OK`` status code.
- ``Content-Type: application/json`` header tells us to parse the response in JSON.
- It’s important to always set the correct Content-Type header on your response.

Next up, check out a ``POST`` request to add a new car:
```http
POST /cars HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
    "make": "Nissan",
    "model": "240SX",
    "year": 1994,
    "vin": "1N6AD0CU5AC961553",
    "color": "Violet"
}
```
- This POST request includes JSON for the new car in the request and sets the ``Content-Type`` header as well.
- This request in turn creates a new car with the given JSON data (status code ``201 Created``).
- Make sure to use ``201 Created`` instead of ``200 OK`` for all successful POST requests.
```http
HTTP/1.1 201 Created
Content-Type: application/json

{
    "id": 4,
    "make": "Nissan",
    "model": "240SX",
    "year": 1994,
    "vin": "1N6AD0CU5AC961553",
    "color": "Violet"
}
```
- **Note:** It’s important to always send back a copy of a resource when a user creates it with POST or modifies it with PUT or PATCH. This way, the user can see the changes that they’ve made using the ``id``.

Now take a look at a ``PUT`` request:
```http
PUT /cars/4 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
    "make": "Buick",
    "model": "Lucerne",
    "year": 2006,
    "vin": "4T1BF3EK8AU335094",
    "color":"Maroon"
}
```
- This request uses ``id`` from the previous request and updates the car.
- Since this is a ``PUT`` request, it updates all the fields on the resource with new data.
- Response:
```http
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": 4,
    "make": "Buick",
    "model": "Lucerne",
    "year": 2006,
    "vin": "4T1BF3EK8AU335094",
    "color":"Maroon"
}
```
- The response includes a copy of the car with the new data. Again, you always want to send back the full resource for a PUT request. 
- The same applies to a ``PATCH`` request (only difference is that it updates a part of the resource and not the whole):
```http
PATCH /cars/4 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
    "vin": "VNKKTUD32FA050307",
    "color": "Green"
}
```
- Response:
```http
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": 4,
    "make": "Buick",
    "model": "Lucerne",
    "year": 2006,
    "vin": "VNKKTUD32FA050307",
    "color": "Green"
}
```
- The response contains a **full copy** of the car. As you can see, only the vin and color fields have been updated.
- Finally, ``DELETE``:
```http
DELETE /cars/4 HTTP/1.1
```
```http
HTTP/1.1 204 No Content
```
- This response only includes the status code ``204 No Content``. 
- This code tells a user that the operation was successful, but no content was returned in the response. This makes sense since the car has been deleted. There’s no reason to send a copy of it back in the response.

### 5. Design Error Responses:
- There’s always a chance that requests to your REST API could fail. It’s a good idea to define what an error response will look like.
- The responses should include a short description of what error occurred with the appropriate status code.
- Request for a resource that doesn’t exist in the API:
```http
GET /motorcycles HTTP/1.1
Host: api.example.com
```
- The user sends a ``GET`` request to /motorcycles, which doesn’t exist. The API sends back the following response:
```http
HTTP/1.1 404 Not Found
Content-Type: application/json
...

{
    "error": "The requested resource was not found."
}
```
- This response includes a ```404 Not Found``` status code. 
- As we can see the JSON object also includes a descriptive error message.
- Error response when the user sends an invalid request:
```http
POST /cars HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
    "make": "Nissan",
    "year": 1994,
    "color": "Violet"
```
- This POST request contains JSON, but it isn’t formatted correctly as it's missing the } at the end. 
- The API won’t be able to process this data. The error response tells the user about the issue:
```http
HTTP/1.1 400 Bad Request
Content-Type: application/json

{
    "error": "This request was not properly formatted. Please send again."
}
```
- There are several other ways that the request can be wrong even if it’s formatted properly. In this next example, the user sends a POST request but includes an unsupported media type:
```http
POST /cars HTTP/1.1
Host: api.example.com
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<car>
    <make>Nissan</make>
    <model>240SX</model>
    <year>1994</year>
    <vin>1N6AD0CU5AC961553</vin>
    <color>Violet</color>
</car>
```
- In this request, the user sends XML, but the API only supports JSON.
```http
HTTP/1.1 415 Unsupported Media Type
Content-Type: application/json

{
    "error": "The application/xml mediatype is not supported."
}
```
- ``415 Unsupported Media Type`` status code to indicate that the POST request included a data format that isn’t supported by the API.
- What about data that’s invalid even with the correct format?
- Here, the user sends a POST request but includes car data that doesn’t match fields of the other data:
```http
POST /cars HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
    "make": "Nissan",
    "model": "240SX",
    "topSpeed": 120
    "warrantyLength": 10
}
```
- The user adds ``topSpeed`` and ``warrantyLength`` fields to the JSON. These fields aren’t supported by the API, so it responds with an error message:
```http
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json

{
    "error": "Request had invalid or missing data."
}
```
- ``422 Unprocessable Entity`` status code. This indicates that there weren’t any issues with the request, but the data was invalid.
-  Luckily, some great Python web frameworks abstract away the complexities of processing HTTP requests and returning responses.