# Lesson -  APIs Intermediate

APIs require authentication due to privacy reasons. APIs also use authentication to perform **rate limiting**. Developers typically use APIs to build interesting applications or services. In order to ensure that it remains available and responsive for all users, an API will prevent you from making too many requests in too short a time. We call this restriction rate limiting. It ensures that one user can't overload the API server by making too many requests too fast. 

In this lesson, we'll explore the **GitHub API** and use it to pull some interesting data on repositories and users. GitHub is a site for hosting code. We need to consult the [documentation](https://developer.github.com/v3/) for the GitHub API, and specifically the [authentication](https://developer.github.com/v3/#authentication) section.

### API Authentication

There are two ways to authenticate through GitHub API v3. Requests that require authentication will return `404 Not Found`, instead of `403 Forbidden`, in some places. This is to prevent the accidental leakage of private repositories to unauthorized users: 1. **Basic authentication**
`curl -u "username" https://api.github.com` and 2. **OAuth2 token** (sent in a header)
`curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com`

An access token is a credential we can generate on [GitHub's website](https://github.com/settings/tokens). The token is a string that the API can read and associate with our account.Using a token is preferable to a username and password for a few reasons:

- Typically, we'll be accessing an API from a script. If we put your username and password in the script and someone manages to get their hands on it, they can take over our account. In contrast, we can revoke an access token to cancel an unauthorized person's access if there's a security breach.
- Access tokens can have scopes and specific permissions. For instance, we can make a token that has permission to write to our GitHub repositories and make new ones. Or, we can make a token that can only read from our repositories. Using read-access-only tokens in potentially insecure or shared scripts gives us more control over security.

We'll need to pass our token to the GitHub API through an Authorization header. Just like the server sends headers in response to our request, we can send the server headers when we make a request. Headers contain metadata about the request. We can use Python's `requests` library to make a dictionary of headers, and then pass it into our request.

We need to include the word `token` in the Authorization header, followed by our access token. Here's an example of an Authorization header:

`{"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}`


In this case, our access token is `59cf31b3670258664fdc343dafc30e13fd7c02f0`. GitHub generated this token and associated it with the account of `Saquib Mehmood`.We should never share our token with anyone we don't want to have access to our account and should consider a token somewhat equivalent to a password, and store it securely.

**Exercise**

- Make an authenticated request to https://api.github.com/users/saquib-mehmood/repos. This will give us a list of the repos a GitHub user has.
- Assign the JSON content of the response to orgs (you can get this with response.json()).

In [1]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

# Make a GET request to the GitHub API with our headers.
# This API endpoint will give us details about saquib-mehmood.
response = requests.get("https://api.github.com/users/saquib-mehmood", headers=headers)

# Print the content of the response.  As you can see, this token corresponds to the account of Vik Paruchuri.
print(response.json())

{'login': 'saquib-mehmood', 'id': 62308209, 'node_id': 'MDQ6VXNlcjYyMzA4MjA5', 'avatar_url': 'https://avatars3.githubusercontent.com/u/62308209?v=4', 'gravatar_id': '', 'url': 'https://api.github.com/users/saquib-mehmood', 'html_url': 'https://github.com/saquib-mehmood', 'followers_url': 'https://api.github.com/users/saquib-mehmood/followers', 'following_url': 'https://api.github.com/users/saquib-mehmood/following{/other_user}', 'gists_url': 'https://api.github.com/users/saquib-mehmood/gists{/gist_id}', 'starred_url': 'https://api.github.com/users/saquib-mehmood/starred{/owner}{/repo}', 'subscriptions_url': 'https://api.github.com/users/saquib-mehmood/subscriptions', 'organizations_url': 'https://api.github.com/users/saquib-mehmood/orgs', 'repos_url': 'https://api.github.com/users/saquib-mehmood/repos', 'events_url': 'https://api.github.com/users/saquib-mehmood/events{/privacy}', 'received_events_url': 'https://api.github.com/users/saquib-mehmood/received_events', 'type': 'User', 'site

In [3]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

# Make a GET request to the GitHub API with our headers.
# This API endpoint will give us details about saquib-mehmood.
response = requests.get("https://api.github.com/users/saquib-mehmood/orgs", headers=headers)

# Print the content of the response.  As you can see, this token corresponds to the account of Vik Paruchuri.
print(response.json())

[]


### Endpoints and Objects

APIs usually let us retrieve information about specific objects in a database. Above, we retrieved information about a specific user object, saquib-mehmood. We could also retrieve information about other GitHub users through the same endpoint. For example, https://api.github.com/users/torvalds would get us information about Linus Torvalds.

**Exercise**

- Use the endpoint https://api.github.com/users/torvalds with the same headers from above to get information about `Linus Torvalds`.
- Use the `response.json()` method to get the JSON of the response.
- Assign the result to torvalds

In [5]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

# Make a GET request to the GitHub API with our headers.
# This API endpoint will give us details about saquib-mehmood.
response = requests.get("https://api.github.com/users/torvalds", headers=headers)

torvalds = response.json()

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(torvalds)

{'login': 'torvalds', 'id': 1024025, 'node_id': 'MDQ6VXNlcjEwMjQwMjU=', 'avatar_url': 'https://avatars0.githubusercontent.com/u/1024025?v=4', 'gravatar_id': '', 'url': 'https://api.github.com/users/torvalds', 'html_url': 'https://github.com/torvalds', 'followers_url': 'https://api.github.com/users/torvalds/followers', 'following_url': 'https://api.github.com/users/torvalds/following{/other_user}', 'gists_url': 'https://api.github.com/users/torvalds/gists{/gist_id}', 'starred_url': 'https://api.github.com/users/torvalds/starred{/owner}{/repo}', 'subscriptions_url': 'https://api.github.com/users/torvalds/subscriptions', 'organizations_url': 'https://api.github.com/users/torvalds/orgs', 'repos_url': 'https://api.github.com/users/torvalds/repos', 'events_url': 'https://api.github.com/users/torvalds/events{/privacy}', 'received_events_url': 'https://api.github.com/users/torvalds/received_events', 'type': 'User', 'site_admin': False, 'name': 'Linus Torvalds', 'company': 'Linux Foundation', '

### Other Objects

In addition to `users`, the GitHub API has a few other types of objects. For example, https://api.github.com/orgs/dataquestio will retrieve information about the Dataquest organization on GitHub. https://api.github.com/repos/saquib-mehmood/sql_advanced will give us information about the sql_advanced repository that the user saquib-mehmood owns.

**Exercise**

- Make a `GET` request to the `https://api.github.com/repos/saquib-mehmood/sql_advanced` endpoint.
- Assign the JSON result to sql_advanced.

In [7]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

# Make a GET request to the GitHub API with our headers.
# This API endpoint will give us details about saquib-mehmood.
response = requests.get("https://api.github.com/repos/saquib-mehmood/sql_advanced", headers=headers)

sql_advanced = response.json()

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(sql_advanced)

{'id': 273878154, 'node_id': 'MDEwOlJlcG9zaXRvcnkyNzM4NzgxNTQ=', 'name': 'sql_advanced', 'full_name': 'saquib-mehmood/sql_advanced', 'private': False, 'owner': {'login': 'saquib-mehmood', 'id': 62308209, 'node_id': 'MDQ6VXNlcjYyMzA4MjA5', 'avatar_url': 'https://avatars3.githubusercontent.com/u/62308209?v=4', 'gravatar_id': '', 'url': 'https://api.github.com/users/saquib-mehmood', 'html_url': 'https://github.com/saquib-mehmood', 'followers_url': 'https://api.github.com/users/saquib-mehmood/followers', 'following_url': 'https://api.github.com/users/saquib-mehmood/following{/other_user}', 'gists_url': 'https://api.github.com/users/saquib-mehmood/gists{/gist_id}', 'starred_url': 'https://api.github.com/users/saquib-mehmood/starred{/owner}{/repo}', 'subscriptions_url': 'https://api.github.com/users/saquib-mehmood/subscriptions', 'organizations_url': 'https://api.github.com/users/saquib-mehmood/orgs', 'repos_url': 'https://api.github.com/users/saquib-mehmood/repos', 'events_url': 'https://ap

### Pagination

Sometimes, a request can return a lot of objects. Returning too much data will take a long time and slow the server down. For example, if a user has 1,000+ repositories, requesting all of them might take 10+ seconds. API providers implement pagination to avoid this. Pagination will only return a certain number of records per page. we can specify the page number that we want to access. To access all of the pages, we'll need to write a loop.

To get the repositories a user has starred (marked as interesting), we can use the following API endpoint: 
`https://api.github.com/users/saquib-mehmood/starred`

We can add two pagination query parameters to it - `page`, and `per_page`. `page` is the page we want to access, and `per_page` is the number of records we want to see on each page. Typically, API providers enforce a cap on how high `per_page` can be, because setting it to an extremely high value defeats the purpose of pagination.
Check out the Github API documentation on [pagination](https://developer.github.com/v3/#pagination).

**Exercise**

- Get the first page of repositories that Saquib Mehmood starred from the `https://api.github.com/users/saquib-mehmood/starred` endpoint.
- Assign the JSON of the response to `page2_repos`.

In [9]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

#create a dictionary of parameters
params = {"per_page": 20, "page": 1}

# Make a GET request to the GitHub API with our headers.
# This API endpoint will give us details about saquib-mehmood/starred.
response = requests.get("https://api.github.com/users/saquib-mehmood/starred", headers=headers, params=params) 

page1_repos = response.json()

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(page1_repos)

[{'id': 6427813, 'node_id': 'MDEwOlJlcG9zaXRvcnk2NDI3ODEz', 'name': 'dplyr', 'full_name': 'tidyverse/dplyr', 'private': False, 'owner': {'login': 'tidyverse', 'id': 22032646, 'node_id': 'MDEyOk9yZ2FuaXphdGlvbjIyMDMyNjQ2', 'avatar_url': 'https://avatars2.githubusercontent.com/u/22032646?v=4', 'gravatar_id': '', 'url': 'https://api.github.com/users/tidyverse', 'html_url': 'https://github.com/tidyverse', 'followers_url': 'https://api.github.com/users/tidyverse/followers', 'following_url': 'https://api.github.com/users/tidyverse/following{/other_user}', 'gists_url': 'https://api.github.com/users/tidyverse/gists{/gist_id}', 'starred_url': 'https://api.github.com/users/tidyverse/starred{/owner}{/repo}', 'subscriptions_url': 'https://api.github.com/users/tidyverse/subscriptions', 'organizations_url': 'https://api.github.com/users/tidyverse/orgs', 'repos_url': 'https://api.github.com/users/tidyverse/repos', 'events_url': 'https://api.github.com/users/tidyverse/events{/privacy}', 'received_even

### User level Endpoints 

So far, we've looked at endpoints where we need to explicitly provide the username of the person whose information we're looking up. For example, we used `https://api.github.com/users/saquib-mehmood/starred` to pull up the repositories that Saquib Mehmood starred.

Since we've authenticated with our token, the system knows who we are, and can show us some relevant information without us having to specify our username. 

Making a GET request to `https://api.github.com/user` will give us information about the user the authentication token is for.

There are other endpoints that behave like this. They automatically provide information or allow us to take actions as the authenticated user.

**Exercise**

- Make a GET request to the `"https://api.github.com/user"` endpoint.
- Assign the JSON of the result to the `user` variable.

In [10]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}


# Make a GET request to the GitHub API with our headers.
# This API endpoint will give us details about user.
response = requests.get("https://api.github.com/user", headers=headers) 

user = response.json()

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(user)

{'login': 'saquib-mehmood', 'id': 62308209, 'node_id': 'MDQ6VXNlcjYyMzA4MjA5', 'avatar_url': 'https://avatars3.githubusercontent.com/u/62308209?v=4', 'gravatar_id': '', 'url': 'https://api.github.com/users/saquib-mehmood', 'html_url': 'https://github.com/saquib-mehmood', 'followers_url': 'https://api.github.com/users/saquib-mehmood/followers', 'following_url': 'https://api.github.com/users/saquib-mehmood/following{/other_user}', 'gists_url': 'https://api.github.com/users/saquib-mehmood/gists{/gist_id}', 'starred_url': 'https://api.github.com/users/saquib-mehmood/starred{/owner}{/repo}', 'subscriptions_url': 'https://api.github.com/users/saquib-mehmood/subscriptions', 'organizations_url': 'https://api.github.com/users/saquib-mehmood/orgs', 'repos_url': 'https://api.github.com/users/saquib-mehmood/repos', 'events_url': 'https://api.github.com/users/saquib-mehmood/events{/privacy}', 'received_events_url': 'https://api.github.com/users/saquib-mehmood/received_events', 'type': 'User', 'site

### POST Requests
We use `POST` requests to send information (instead of retrieving it), and to create objects on the API's server. With the GitHub API, we can use `POST` requests to create new repositories.

Different API endpoints choose what types of requests they will accept. Not all endpoints will accept a `POST` request, and not all will accept a `GET` request. We'll have to consult the API's documentation to figure out which endpoints accept which types of requests.

We can make POST requests using `requests.post`. POST requests almost always include data, because we need to send the data the server will use to create the new object.

We pass in the data in a way that's very similar to what we do with query parameters and `GET` requests:
```
payload = {"name": "test"}
requests.post("https://api.github.com/user/repos", json=payload)

```

The code above will create a new repository named `test` under the account of the currently authenticated user. It will convert the payload dictionary to JSON, and pass it along with the POST request.

Check out GitHub's API [documentation for repositories](https://developer.github.com/v3/repos/) to see a full list of what data we can pass in with this POST request. Here are just a couple data points:

- name -- Required, the name of the repository
- description -- Optional, the description of the repository

A successful `POST` request will usually return a `201` status code indicating that it was able to create the object on the server. Sometimes, the API will return the JSON representation of the new object as the content of the response.

**Exerccise**

- Create a repository named `learning-about-apis`.
- Assign the status code of the response to the status variable.

In [19]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

# Create a dictionary of repo parameters for posting

payload = {"name" : "learning-about-apis"}

# Make a POST request to the GitHub API with our headers.
# This API endpoint will give us details about user.
response = requests.post("https://api.github.com/user/repos", json=payload, headers=headers) 

status = response.status_code

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(status)

# Failed because the token is for reading repos only

ConnectionError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /user/repos (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x0000000005AB6808>: Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))

### PUT and PATCH Requests

If we want to update an existing object, rather than create a new one we use `PATCH` and `PUT` requests.

We use `PATCH` requests when we want to change a few attributes of an object, but don't want to resend the entire object to the server.

We use `PUT` requests to send the complete object we're revising as a replacement for the server's existing version.

Mostly, though, API endpoints that accept `PUT` requests will treat them like `PATCH` requests, and not require us to send the whole object back. We send a payload of data with PATCH requests, the same way we do with POST requests:

```
payload = {"description": "The best repository ever!", "name": "test"}
response = requests.patch("https://api.github.com/repos/saquib-mehmood/test", json=payload)
```

The code above will change the description of the test repository to The best repository ever! (we didn't specify a description when we created it). We provide the name also, since the GitHub API specification says this is a required field.

A successful PATCH request will usually return a `200` status code.

**Exercise**
- Make a PATCH request to the `https://api.github.com/repos/saquib-mehmood/sql_advanced` endpoint that changes the description to "Learning about sql!".
- Assign the status code of the response to status.

In [18]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}

# Create a dictionary of repo parameters for posting

payload = {"name" : "learning-about-apis", "description" : "Learning about sql!"}

# Make a POST request to the GitHub API with our headers.
# This API endpoint will give us details about user.
response = requests.patch("https://api.github.com/user/repos/saquib-mehmood/sql_advanced", json=payload, headers=headers) 

status = response.status_code

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(status)

# Failed because the token is for reading repos only

404


### Delete Request

The final major request type is the `DELETE` request. The DELETE request removes objects from the server. We can use the DELETE request to remove repositories.

`response = requests.delete("https://api.github.com/repos/saquib-mehmood/sql_advanced")`

The above code will delete the test repository from GitHub.

A successful `DELETE` request will usually return a `204` status code indicating that it successfully deleted the object.

Use DELETE requests carefully - it's very easy to remove something important by accident.

**Exercise**

- Make a DELETE request to the `https://api.github.com/repos/saquib-mehmood/learning-about-apis endpoint.
- Assign the status_code of the response to the variable `status`.

In [20]:
# import requests library
import requests
# Create a dictionary of headers containing our Authorization header.
headers = {"Authorization": "token 59cf31b3670258664fdc343dafc30e13fd7c02f0"}


# Make a delete request to the GitHub API with our headers.
# This API endpoint will delete repo sql_advanced.
response = requests.delete("https://api.github.com/user/repos/saquib-mehmood/learning-about-apis", headers=headers) 

status = response.status_code

# Print the content of the response.  As you can see, this token corresponds to the account of Saquib Mehmood.
print(status)

# Failed because the token is for reading repos only and the repo does not exist

404
