# Exercise API

Several interface (API) technologies have already been introduced in the exercise. One of the hardest things about APIs is understanding what they really are, as the concept is very abstract. Our examples use familiar services to show what is possible with different APIs. **The following exercise is about getting to know one of the technologies presented in the exercise**. To do this, we will explore some REST APIs of external services. We will try to analyse known platforms with regard to their interfaces and make an exemplary API call.

The concept of APIs is transferable from the technologies presented here to other technologies (such as SOAP, etc.) and is only intended to convey a basic understanding of the topic. This is intended to convey the knowledge of how IT systems can be technically linked and to give a feeling for the effort involved in operating such interfaces.

*Differentiation: The topic of interfaces also includes the development of interfaces in IT systems. In addition to the provision, the focus here is on the manipulation of data in the system as well as testing against various incorrect entries and IT security. The server side, i.e. the development of interfaces, is not covered in this exercise due to its complexity. In the following, we will therefore look at APIs from the client side, i.e. learn how to use existing REST interfaces to query or manipulate data and connect IT systems*

## 1. REST API basics

### 1.1 Interfaces, web services and REST APIs

A web service is a collection of open protocols and standards that are used to exchange data between applications or systems. Software applications written in different programming languages (e.g. Java and Python) and running on different platforms (e.g. Windows and Linux) can use web services to exchange data over computer networks such as the Internet. This interoperability is due to the use of open standards.

Web services based on the REST architecture are known as RESTful web services. The RESTful web services considered below are considered to have a minimalist structure, be highly scalable and easy to maintain and are therefore very frequently used to create APIs for web-based applications. REST stands for "Representational State Transfer" and means that a service offers uniquely addressable **resources, stateless**.

### 1.2 REST data and their formats

In the REST architecture, a REST server provides access to resources, while a REST client accesses or modifies the resources. Each resource is identified by URIs/global IDs. REST uses various formats to represent a resource, such as text, JSON and XML. JSON is probably the most common format, as it provides the structure in addition to the raw data.

The following link leads to the result of the Pokeapi interface (pokeapi.co) for the Pokemon *ditto*. The result is intended to show an example of what data can look like that is returned to the client in response to a REST API call.

**Task 1: Take a look at the result at https://pokeapi.co/api/v2/pokemon/ditto and try to explain to yourself what certain data means or what information is returned in the response.**

It should be possible to display the result in JSON or text via the browser.
Compare the data formats as an example.

### 1.3 Operating REST interfaces

RESTful web services use HTTP methods to implement the concept of the REST architecture. A RESTful web service usually defines a URI, a Uniform Resource Identifier a service, provides a resource representation such as JSON and a set of HTTP methods.

The following four HTTP methods are commonly used in REST-based architectures.

- GET - Provides read-only access to a resource.

- POST - Used to create a new resource.

- DELETE - Used to remove a resource.

- PUT - Used to update an existing resource or create a new resource.


In the case of non-REST interfaces, especially interfaces of a higher abstraction layer, REST operations may be replaced by so-called CRUD operations. These originate from programming, particularly for querying and manipulating persistent memory. 

- Create = create data record,
- Read or Retrieve = read data record,
- Update = update data record,
- Delete or Destroy = delete data record.

### 1.4 Understanding specific REST APIs

As software is customised over time, the interfaces can also be adapted, which is why the documentation of a software's APIs plays an important role. Technologies such as SOAP have mechanisms for this that return the description of an interface on request (see WSDL).
REST, on the other hand, offers no such integrated mechanisms and relies on manual documentation.
Many software manufacturers therefore have websites for systems with REST APIs, which document the APIs for developers and customers.

The following link leads to the documentation of Twitter's REST API.

**Task 2: Take a look at the documentation as an example and consider the HTTP methods that can be used.** https://developer.twitter.com/en/docs/api-reference-index

Most manufacturers of business application systems (BAS) such as ERP or CRM systems have their own documentation. However, there are also documentation platforms for websites and services that document the respective APIs and even enable access (see https://rapidapi.com/).

### 1.5 Authentication in the REST environment

Many APIs require an API key as authentication. This is either issued directly by the API provider, generated by the user themselves via their account after registering with the service provider or issued via documentation platforms such as https://rapidapi.com/. 


The following example shows an API call to the REST API from https://www.weatherapi.com of an API that enables the query of current and future weather data. The query should return the current weather situation for *Würzburg* as the response.

In [None]:
# API documentation at https://www.weatherapi.com/docs/
import requests
from urllib.request import urlretrieve

from pprint import PrettyPrinter
pp = PrettyPrinter()
pp = PrettyPrinter()


# Specify API key
apikey = "ccc4be3ddfa74923b82165131202905" #API-Key generiert vom Anbieter

# Specify search parameters
parameters = { "key": apikey, "q" : "würzburg"}

# Build search query
response = requests.get("https://api.weatherapi.com/v1/current.json", params=parameters).json()

# Should look like this when assembled correctly
# https://api.weatherapi.com/v1/current.json?key=ccc4be3ddfa74923b82165131202905&q=10001


# Output of the return data from the API call
print("JSON content:")
pp.pprint(response)

In addition to simple authentication with a key, some platforms and IT systems also use more complex authentication mechanisms such as oAuth (see https://oauth.net/), where a key exchange with an authentication server is initiated before a resource can be accessed. There are now several versions of oAuth, which must be taken into account when making a query. The following illustration shows a simplified oAuth verification process.

In [None]:
from IPython.display import Image
Image('oauth.png')

The following code shows an example of the Twitter API, which implements OAuth 1.0 and does not work due to missing login data.

In [None]:
# https://api.twitter.com/1.1/users/lookup.json
# https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/post-friendships-create
import requests
from urllib.request import urlretrieve

from pprint import PrettyPrinter
pp = PrettyPrinter()
pp = PrettyPrinter()


#Specify API key
apikey = "XxXxXxXxXxXxXxXxXxXxXxXx"

# Specify parameters for the header
parameters = { "authorization" : "OAuth", 
               "oauth_consumer_key" : "YOUR_CONSUMER_KEY", 
               "oauth_nonce" : "AUTO_GENERATED_NONCE", 
               "oauth_signature" : "AUTO_GENERATED_SIGNATURE", 
               "oauth_signature_method" : "HMAC-SHA1", 
               "oauth_timestamp" : "AUTO_GENERATED_TIMESTAMP", 
               "oauth_token" : "USERS_ACCESS_TOKEN", 
               "oauth_version" : "1.0"}

# Build search query
response = requests.get("https://api.twitter.com/1.1/users/lookup.json", params=parameters).json()

# Output of return data from the API call
print("JSON content:")
pp.pprint(response)
    
    

### 1.6  Recognise errors

Status codes are returned to the server with a response after each call. They briefly describe the result of the call. There are a large number of status codes, the following examples show some of the more common status codes.

- 200 - OK. The request was successful. The response itself depends on the method used (GET, POST etc.) and the API specification.
- 204 - No content. The server has successfully processed the request and returned no content.
- 301 - Permanently postponed. The server responds that the requested page (endpoint) has been moved to another address and redirects to this address.
- 400 - The server cannot process the request due to errors on the client side (incorrect request format).
- 401 - Not authorised. Occurs when authentication has failed because the credentials are incorrect or even missing.
- 403 - Forbidden. Access to the specified resource is denied.
- 404 - Not found. The requested resource was not found on the server.
- 500 - Internal server error. Occurs if an unknown error has occurred on the server.

Note: Due to the programming of the API on the server side in the previous example, a status code 215 is given as a response from the API instead of a 401, even though the authorisation was not carried out correctly. This should actually be avoided when developing an API. Since status codes in highly networked systems can be handled further by the calling class in error handling, depending on the status code, e.g. to provide the user with the necessary information or to call an alternative API.

## 2. Simple REST call using GET

The following example shows a simple rest-call to the API of https://www.weatherapi.com , which returns the weather data for New York (US ZIP code 1001).

In [None]:
import requests
from urllib.request import urlretrieve

from pprint import PrettyPrinter
pp = PrettyPrinter()
pp = PrettyPrinter()


#Specify API key
apikey = "ccc4be3ddfa74923b82165131202905"

#Specify search parameters
parameters = { "key": apikey, "q" : "10001"}

#Build search query
response = requests.get("https://api.weatherapi.com/v1/current.json", params=parameters).json()

#Should look like this when assembled correctly
#https://api.weatherapi.com/v1/current.json?key=ccc4be3ddfa74923b82165131202905&q=10001


#Output of return data from the API call
print("JSON content:")
pp.pprint(response)

## 3.  Complex queries & answers

However, it is not only possible to receive text or JSON in response to a REST call. The following example demonstrates a complex request with an image as the result. The NASA API is used to obtain an image of the Earth from the NASA archive.

First, we want to display the metadata via the NASA API in order to test it.

In [None]:
import requests
from urllib.request import urlretrieve

from pprint import PrettyPrinter
pp = PrettyPrinter()
pp = PrettyPrinter()

apiKey = "kyQSlpAflpun4pRpvOxbgNbaXTMduFtJw7ZFEfej"

def fetchAPOD():
  URL_APOD = "https://api.nasa.gov/planetary/apod"
  date = '2020-01-22'
  params = {
      'api_key':apiKey,
      'date':date,
      'hd':'True'
  }
  response = requests.get(URL_APOD,params=params).json()
  pp.pprint(response)

fetchAPOD()

At the end of the JSON file, you can see the URL to an image file. Such image files can then also be queried after querying the metadata.

Now query another image file and display it

In [None]:
import requests
from urllib.request import urlretrieve

from pprint import PrettyPrinter
pp = PrettyPrinter()
pp = PrettyPrinter()

apiKey = "kyQSlpAflpun4pRpvOxbgNbaXTMduFtJw7ZFEfej"


def fetchEPICImage():
  YEAR = '2015'
  MONTH = '10'
  DAY = '31'
  IMAGE_ID = 'epic_1b_20151031074844'
  URL_EPIC = "https://epic.gsfc.nasa.gov/archive/natural/"
  URL_EPIC = URL_EPIC + YEAR +'/' + MONTH + '/'+DAY
  URL_EPIC = URL_EPIC + '/png'
  URL_EPIC = URL_EPIC + '/' + IMAGE_ID + '.png' 
  print(URL_EPIC)
  urlretrieve(URL_EPIC,IMAGE_ID+'.png')
  
fetchEPICImage()


And finally, the output of the file that we have just called & downloaded via the API

In [None]:
# Output of the local image file 
from IPython.display import Image
Image('epic_1b_20151031074844.png')

## 3. Using Google Books API

The goal of this task is to create an API key for **Google Books**. This key will allow us to access the extensive Google Books database and search for books based on various criteria such as author, title, etc.. By creating this API key, we gain the necessary access permissions to extend our applications with the powerful features of the Google Books API and seamlessly integrate book information.

*   Please start by familiarising yourself with the Google Books user interface:
> https://books.google.de/

How to create a Google Books API key:
    
**1. Access to the Google Cloud Console:**

*   Visit the Google Cloud Console at https://console.cloud.google.com/.

*   Sign in with your Google account or create a new account if you do not already have one.


**2.  Create a new project:**


*   Click on the drop-down list with the project name in the top right-hand corner.
*   Select "Create project".
*   Enter a project name and click on "Create".



**3. Activate the Google Books API:**


*   In the Cloud Console, select "APIs & Services" > "Library" in the left-hand navigation bar
*   Search for "Google Books API".
*   Click on the entry for the Google Books API and "activate" it



**4. Create login credentials:**


*   Go back to the "APIs & Services" page and select "Credentials".
*   Click on "Create credentials" and select "API key".



**5. Configure the API key:**

*   You can restrict the API key to only allow certain APIs or certain applications.
*   Under "Restrictions", you can add IP address restrictions, for example.



**6. Save the API key:**
*   Click on "Create" and copy the generated API key.
*   Keep the API key confidential to prevent unauthorised use.






## Task 1

With the help of the following code you can try to search for the author, book title, etc. using the api key created and display it.



In [None]:
import requests

from pprint import PrettyPrinter
pp = PrettyPrinter()

api_key = 'YOUR OWN API KEY - SEE TUTORIAL ABOVE'
base_url = 'https://www.googleapis.com/books/v1/volumes'

# To refine the search, you can use certain filters. For example, you can filter by author or title.
# You will find the entire list that Google Books API supports here: https://developers.google.com/books/docs/v1/using?hl=de#PerformingSearch

query = 'inauthor:"Jan Marco Leimeister" intitle:"Einführung in die Wirtschaftsinformatik"'

# on default the results list is imited to 10 items;
# if you want to extend the results list up to 40 items ('maxResults': 40)
params = {'q': query, 'key': api_key}

# Send the request to the API
response = requests.get(base_url, params=params)

pp.pprint(response.json())

In [None]:
import requests
from IPython.display import Image, display, HTML

# Process the API response (JSON data)
book_data = response.json()

# Check if there are any books
if 'items' in book_data:
    # Iterate through all books
    for book in book_data['items']:
        # Extract book information
        title = book['volumeInfo']['title']
        authors = ', '.join(book['volumeInfo']['authors']) if 'authors' in book['volumeInfo'] else 'N/A'
        published_year = book['volumeInfo']['publishedDate']
        book_link = book['volumeInfo']['infoLink'] if 'infoLink' in book['volumeInfo'] else 'N/A'

        # Check whether 'imageLinks' is available in the book
        if 'imageLinks' in book['volumeInfo']:
            # Extract the URL of the book cover
            cover_url = book['volumeInfo']['imageLinks']['thumbnail']

            # Show book information and book cover
            display(HTML(f"<h3>{title}</h3><p>Author(s): {authors}</p><p>Published Year: {published_year}</p><p>Book Link: <a href='{book_link}' target='_blank'>{book_link}</a></p>"))
            display(Image(url=cover_url))
        else:
            print("Book cover is not available.")
else:
    print("No books found.")


## Task 2

Search for any book or author on Google Books.



# 4. Managing Recipes with TheMealDB API

## Objective
In this exercise, you will learn how to interact with TheMealDB API and practically apply the HTTP methods GET, POST, and PUT. The task involves retrieving, adding, and updating recipes. By the end of the exercise, you should be able to formulate basic API requests, work with JSON data, and understand the concepts of RESTful APIs.

## Background
The MealDB API is a free recipe database that allows developers to access a variety of recipes. You can retrieve recipes by their ID, and the API provides a structured way to present recipe details. In this exercise, you will learn how to fetch data from the API, simulate adding new recipes, and update existing ones.

## Part 1: Retrieve Recipe Details (GET)

**1. Make a GET request:**
* Use the endpoint https://www.themealdb.com/api/json/v1/1/lookup.php?i={id} to fetch the details of a recipe with the ID 52772.
* nsure that the request is successful and returns a status code of 200.

**2. Data Processing:**
* Extract the recipe name, ingredients, and preparation steps from the retrieved data.
* Output the results in a structured format, such as:
* Recipe Name: [Recipe Name]
* Ingredients: [Ingredients List]
* Preparation: [Preparation Steps]
          

## Part 2: Simulate Adding a New Recipe (POST)

**1. Create a New Recipe:**
* Simulate the creation of a new recipe in a local database (e.g., a list in Python).
* Define the following properties for the new recipe:
* id: A unique ID for the recipe (e.g., 1).
* title: The title of the recipe (e.g., “Test Recipe”).
* ingredients: A list of ingredients (e.g., ["2 Eggs", "1 Cup of Milk", "200g Flour"]).
* instructions: The preparation steps (e.g., “Mix all ingredients and bake at 180 degrees for 20 minutes.”).

**2. Data Processing:**
* Append the new recipe to the local database.
* Output a confirmation that the recipe was successfully created.

## Part 3: Update the Recipe (PUT)

**1. Update the Existing Recipe:**
* Simulate updating the previously created recipe in the local database.
* Change at least one of the following elements:
* title: Update the title of the recipe.
* ingredients: Add a new ingredient or modify an existing one.
* instructions: Change the preparation steps.

**2. Data Processing:**
* Search for the recipe in the local database and update the corresponding fields.
* Output a confirmation that the recipe was successfully updated, along with the new details of the recipe.

## 5. Final

The final task now is to bring together the knowledge provided. Search the internet for an API WITHOUT authentication. Save the data and think about an interesting aspect in the presentation.

The final task now is to bring together the knowledge provided. Search the internet for an API WITH authentication. Save the data and think about an interesting aspect in the presentation. 

## Sources

Sources / ideas for the examples used:
- https://openclassrooms.com/en/courses/3432056-build-your-web-projects-with-rest-apis/3496011-identify-examples-of-rest-apis
- https://rapidapi.com
- https://developers.google.com/youtube/v3/docs/?apix=true .
- https://pokeapi.co/api/v2/pokemon/ditto

© since 2024 - Information Systems - Universität Würzburg