# Python for Developers Week 2: APIs and Web Communication

Welcome to Week 2 of our Python development series! This week, we'll dive into working with APIs (Application Programming Interfaces) in Python. By the end of this session, you'll understand how to interact with web services, handle API responses, and build robust API integrations.

## What You'll Learn
- Understanding APIs and their role in modern software
- Making HTTP requests with Python's `requests` library
- Working with REST APIs and JSON data
- Handling API authentication and errors
- Building a simple API client

## Prerequisites
- Basic Python knowledge (covered in Week 1)
- Understanding of dictionaries and JSON
- Familiarity with functions and error handling

Let's start by installing the required packages:

## A Note on Package Management

Before we start, it's important to understand how to properly manage Python packages in this project:

### First: Sync Your Environment

**BEFORE YOU BEGIN**: Always sync your virtual environment with the latest project dependencies:

```bash
# Run this in your terminal before starting work
uv pip sync pyproject.toml
```

This command:
- Updates all packages to match versions in the project configuration
- Installs any new dependencies that were added since you last worked
- Removes packages no longer needed by the project
- Ensures everyone has the same development environment

### Package Management Best Practices

1. **DO NOT** install packages using `!pip install` in notebooks
   - This only installs to the current kernel
   - Changes are not persistent across project
   - Can lead to inconsistencies

2. **DO** install packages using `uv` in your terminal:
   ```bash
   uv pip install package_name
   ```
   - Installs to your project's virtual environment
   - Changes are persistent
   - Maintains consistency across notebooks

3. **After installing** new packages:
   - Restart the kernel to use the new packages
   - This ensures a clean environment

This practice ensures reliable and reproducible code across your entire project.

In [1]:
# Import libraries we'll use
import requests
import json

## 1. Understanding APIs

An API (Application Programming Interface) is like a contract between different software components. Think of it as a waiter in a restaurant:
- You (the client) don't need to know how the kitchen (the server) works
- You just need to know how to place an order (make a request)
- The waiter (API) handles communication between you and the kitchen

### Common API Terms:
- **Endpoint**: The URL where an API can be accessed
- **Request**: What you send to the API
- **Response**: What the API sends back
- **HTTP Methods**: GET, POST, PUT, DELETE, etc.
- **Status Codes**: 200 (OK), 404 (Not Found), etc.

Let's start with a simple example using a public API:

In [2]:
# Let's try a simple API call to JSONPlaceholder (a free testing API)
response = requests.get('https://jsonplaceholder.typicode.com/posts/1')

# Check if the request was successful
if response.status_code == 200:
    # Parse JSON response
    data = response.json()
    print("API Response:")
    print(json.dumps(data, indent=2))
else:
    print(f"Error: Status code {response.status_code}")

# Let's look at the response headers
print("\nResponse Headers:")
for key, value in response.headers.items():
    print(f"{key}: {value}")

API Response:
{
  "userId": 1,
  "id": 1,
  "title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
  "body": "quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto"
}

Response Headers:
Date: Tue, 30 Sep 2025 15:21:51 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
access-control-allow-credentials: true
Cache-Control: public, max-age=43200
etag: W/"124-yiKdLzqO5gfBrJFrcdJ8Yq0LGnU"
expires: Wed, 01 Oct 2025 03:21:51 GMT
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
pragma: no-cache
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=JBcdxbjE8lwPa89Y8Ly%2BlNm%2B4ic2jmC3A0lzShGinHk%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1758187400"}],"max_age":3600}
report

## 2. Making Different Types of HTTP Requests

APIs use different HTTP methods for different operations:
- GET: Retrieve data
- POST: Create new data
- PUT/PATCH: Update existing data
- DELETE: Remove data

Let's try each type:

In [3]:
base_url = 'https://jsonplaceholder.typicode.com/posts'

# GET request (read data)
def get_post(post_id):
    response = requests.get(f'{base_url}/{post_id}')
    return response.json() if response.ok else None

# POST request (create data)
def create_post(title, body, user_id):
    new_post = {
        'title': title,
        'body': body,
        'userId': user_id
    }
    response = requests.post(base_url, json=new_post)
    return response.json() if response.ok else None

# PUT request (update data)
def update_post(post_id, title, body, user_id):
    updated_post = {
        'id': post_id,
        'title': title,
        'body': body,
        'userId': user_id
    }
    response = requests.put(f'{base_url}/{post_id}', json=updated_post)
    return response.json() if response.ok else None

# DELETE request
def delete_post(post_id):
    response = requests.delete(f'{base_url}/{post_id}')
    return response.ok

# Let's try them out
print("1. Getting a post...")
post = get_post(1)
print(json.dumps(post, indent=2))

print("\n2. Creating a new post...")
new_post = create_post('My New Post', 'This is the content', 1)
print(json.dumps(new_post, indent=2))

print("\n3. Updating a post...")
updated = update_post(1, 'Updated Title', 'Updated Content', 1)
print(json.dumps(updated, indent=2))

print("\n4. Deleting a post...")
success = delete_post(1)
print(f"Delete successful: {success}")

1. Getting a post...
{
  "userId": 1,
  "id": 1,
  "title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
  "body": "quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto"
}

2. Creating a new post...
{
  "userId": 1,
  "id": 1,
  "title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
  "body": "quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto"
}

2. Creating a new post...
{
  "title": "My New Post",
  "body": "This is the content",
  "userId": 1,
  "id": 101
}

3. Updating a post...
{
  "title": "My New Post",
  "body": "This is the content",
  "userId": 1,
  "id": 101
}

3. Updating a post...
{
  "id": 1,
  "title": "Updated Title",
  "body": "Updated Content",
  "userId": 1
}

4. Deleting a post...
{
  

## 3. Handling Authentication

Many APIs require authentication. Common methods include:
- API Keys
- OAuth tokens
- Basic authentication

Let's see how to use different authentication methods:

In [4]:
# Example with API Key (using a dummy key)
def call_api_with_key(api_key):
    headers = {
        'Authorization': f'Bearer {api_key}',
        'Content-Type': 'application/json'
    }
    
    # This is just an example URL
    response = requests.get(
        'https://api.example.com/data',
        headers=headers
    )
    return response

# Example with Basic Auth
def call_api_with_basic_auth(username, password):
    response = requests.get(
        'https://api.example.com/data',
        auth=(username, password)
    )
    return response

# Example with custom headers
def call_api_with_custom_headers():
    headers = {
        'User-Agent': 'Python Tutorial Client',
        'Accept': 'application/json',
        'Custom-Header': 'Custom Value'
    }
    
    response = requests.get(
        'https://api.example.com/data',
        headers=headers
    )
    return response

# Note: These calls won't work as they use example.com
# They're just to demonstrate the structure
print("These are example functions showing authentication patterns")

These are example functions showing authentication patterns


## Environment Variables: Best Practices for API Development

When working with APIs, you'll often need to manage sensitive information like:
- API keys
- Authentication tokens
- Credentials
- Database connection strings
- Server configurations

Storing these values directly in your code creates several problems:
1. **Security risks**: Sensitive information might be exposed if code is shared
2. **Environment-specific configuration**: Different values needed for development vs. production
3. **Version control issues**: Credentials shouldn't be committed to repositories

### Using Environment Variables in Python

Environment variables are key-value pairs that exist outside your application code. They're an ideal solution for managing configuration:

1. **Benefits:**
   - Separates code from configuration
   - Improves security by keeping sensitive data out of code
   - Allows different settings across environments

2. **Common Python libraries:**
   - `os` (built-in): Basic environment variable access
   - `dotenv`: Loads variables from .env files
   - `python-decouple`: More advanced configuration management

Let's see how to use them:

In [5]:
# Basic environment variable handling with os module
import os

# Example: Reading environment variables
def get_api_key():
    """Get API key from environment variable or use a default for development"""
    api_key = os.environ.get('API_KEY')
    if api_key is None:
        print("Warning: API_KEY not found in environment variables!")
        print("Using a placeholder value - this won't work for real APIs")
        return "placeholder_api_key_for_development_only"
    return api_key

# Example of how you would use this in practice
api_key = get_api_key()
print(f"API Key: {api_key}")

# Check for other common environment variables
print("\nCommon environment variables available:")
for env_var in ['USER', 'HOME', 'PATH', 'PYTHON_VERSION']:
    value = os.environ.get(env_var)
    if value:
        # Only show first 30 characters for readability
        display_value = value[:30] + '...' if len(value) > 30 else value
        print(f"- {env_var}: {display_value}")
    else:
        print(f"- {env_var}: Not set")

Using a placeholder value - this won't work for real APIs
API Key: placeholder_api_key_for_development_only

Common environment variables available:
- USER: Not set
- HOME: Not set
- PATH: c:\Users\rishwanth.thiyagaraj\...
- PYTHON_VERSION: Not set


### Using .env Files

For development, it's common to use `.env` files to store environment variables. The `python-dotenv` package makes this easy.

First, you would create a `.env` file in your project root (not committed to version control):

```
# Example .env file
API_KEY=your_secret_key_here
API_URL=https://api.example.com/v1
DEBUG=True
```

Then you can load these variables in your code:

In [6]:
# Using python-dotenv for environment variables
# If you haven't installed it yet, run: uv pip install python-dotenv
try:
    from dotenv import load_dotenv
    
    # Load environment variables from .env file
    load_dotenv()  # Take environment variables from .env
    
    # Now you can access them with os.environ
    import os
    
    # Example using environment variables for API configuration
    def get_api_config():
        """Get API configuration from environment variables"""
        config = {
            'api_key': os.environ.get('API_KEY', 'default_key_for_dev'),
            'api_url': os.environ.get('API_URL', 'https://api.example.com'),
            'timeout': int(os.environ.get('API_TIMEOUT', '30')),
            'debug': os.environ.get('DEBUG', 'False').lower() in ('true', '1', 't')
        }
        return config
    
    # Show the configuration
    api_config = get_api_config()
    print("API Configuration:")
    for key, value in api_config.items():
        # Mask the API key for security
        if key == 'api_key' and value != 'default_key_for_dev':
            display_value = value[:4] + '*' * (len(value) - 4)
        else:
            display_value = value
        print(f"- {key}: {display_value}")
        
except ImportError:
    print("The python-dotenv package is not installed.")
    print("To install it, run this in your terminal:")
    print("uv pip install python-dotenv")
    print("\nAfter installing, restart the kernel to use it.")

The python-dotenv package is not installed.
To install it, run this in your terminal:
uv pip install python-dotenv

After installing, restart the kernel to use it.


### Environment Variables in Production

In production environments, environment variables are typically set differently:

1. **Cloud Platforms:**
   - AWS: Parameter Store, Secrets Manager
   - Azure: App Configuration, Key Vault
   - Google Cloud: Secret Manager
   - Heroku: Config Vars

2. **Container Environments:**
   - Docker: Environment variables in Dockerfile or docker-compose.yml
   - Kubernetes: ConfigMaps and Secrets

3. **CI/CD Systems:**
   - GitHub Actions: Repository secrets
   - Jenkins: Credentials plugin
   - GitLab CI: CI/CD variables

### Best Practices for Environment Variables

1. **Never hardcode sensitive information** in your code or commit it to repositories
2. **Use different variables for different environments** (development, testing, production)
3. **Document required environment variables** in your project's README
4. **Add `.env` files to your `.gitignore`** to prevent accidental commits
5. **Use strong encryption** for sensitive values in production
6. **Implement validation** to ensure required variables exist before running critical code

### Conclusion

Environment variables are a powerful tool for API development, allowing you to:
- Keep sensitive credentials secure
- Change configuration without modifying code
- Support different environments (dev, staging, production)
- Follow security best practices

Now that we understand how to securely configure our API interactions, let's continue exploring more API concepts.

## 4. Error Handling and Best Practices

When working with APIs, many things can go wrong:
- Network errors
- Authentication failures
- Rate limiting
- Invalid data

Let's build a robust API client with proper error handling:

In [7]:
class APIError(Exception):
    """Custom exception for API errors"""
    def __init__(self, message, status_code=None, response=None):
        self.message = message
        self.status_code = status_code
        self.response = response
        super().__init__(self.message)

class APIClient:
    def __init__(self, base_url, api_key=None):
        self.base_url = base_url
        self.api_key = api_key
        self.session = requests.Session()
        
        if api_key:
            self.session.headers.update({
                'Authorization': f'Bearer {api_key}'
            })
    
    def _make_request(self, method, endpoint, **kwargs):
        """Make an HTTP request with error handling"""
        try:
            url = f"{self.base_url}/{endpoint}".rstrip('/')
            response = self.session.request(method, url, **kwargs)
            
            # Check for HTTP errors
            response.raise_for_status()
            
            # Return JSON response if available
            return response.json() if response.content else None
            
        except requests.exceptions.HTTPError as e:
            # Handle different HTTP error codes
            if response.status_code == 401:
                raise APIError("Authentication failed", response.status_code, response)
            elif response.status_code == 403:
                raise APIError("Permission denied", response.status_code, response)
            elif response.status_code == 404:
                raise APIError("Resource not found", response.status_code, response)
            elif response.status_code == 429:
                raise APIError("Rate limit exceeded", response.status_code, response)
            else:
                raise APIError(f"HTTP Error: {str(e)}", response.status_code, response)
                
        except requests.exceptions.ConnectionError:
            raise APIError("Failed to connect to API")
        except requests.exceptions.Timeout:
            raise APIError("Request timed out")
        except requests.exceptions.RequestException as e:
            raise APIError(f"API request failed: {str(e)}")
        except ValueError:
            raise APIError("Invalid JSON in response")
    
    # Convenience methods for different HTTP methods
    def get(self, endpoint, params=None):
        return self._make_request('GET', endpoint, params=params)
    
    def post(self, endpoint, data=None, json=None):
        return self._make_request('POST', endpoint, data=data, json=json)
    
    def put(self, endpoint, data=None, json=None):
        return self._make_request('PUT', endpoint, data=data, json=json)
    
    def delete(self, endpoint):
        return self._make_request('DELETE', endpoint)

# Let's use our client with JSONPlaceholder API
try:
    client = APIClient('https://jsonplaceholder.typicode.com')
    
    # Get a post
    post = client.get('posts/1')
    print("Successfully retrieved post:")
    print(json.dumps(post, indent=2))
    
    # Try to get a non-existent post
    post = client.get('posts/999999')
    
except APIError as e:
    print(f"API Error: {e.message}")
    if e.status_code:
        print(f"Status Code: {e.status_code}")

Successfully retrieved post:
{
  "userId": 1,
  "id": 1,
  "title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
  "body": "quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto"
}
API Error: Resource not found
Status Code: 404


## 5. Register for SPL


In [8]:
# Place holder for Registration for SPL Logic

## 6. Practice Exercise: Build Your Own API Client

Now it's your turn! Create an API client for the [JSONPlaceholder API](https://jsonplaceholder.typicode.com/) that can:

1. Get a list of users
2. Get a user's posts
3. Get comments on a post
4. Create a new post

Requirements:
- Use proper error handling (similar to the Movie API example)
- Include docstrings and comments
- Format the responses nicely
- Add some basic input validation

Start with this template:

In [9]:
class JSONPlaceholderClient:
    def __init__(self):
        self.base_url = 'https://jsonplaceholder.typicode.com'
        # Add your code here
    
    def get_users(self):
        """Get all users"""
        # Add your code here
        pass
    
    def get_user_posts(self, user_id):
        """Get posts for a specific user"""
        # Add your code here
        pass
    
    def get_post_comments(self, post_id):
        """Get comments for a specific post"""
        # Add your code here
        pass
    
    def create_post(self, user_id, title, body):
        """Create a new post"""
        # Add your code here
        pass

# Test your implementation here

## Additional Resources

To learn more about working with APIs in Python:

1. [Requests Library Documentation](https://docs.python-requests.org/)
2. [RESTful API Design Best Practices](https://swagger.io/resources/articles/best-practices-in-api-design/)
3. [Python API Development Fundamentals](https://realpython.com/api-integration-in-python/)
4. [HTTP Status Codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status)

## Next Steps

Now that you understand the basics of working with APIs in Python:
1. Try building clients for other public APIs
2. Experiment with different authentication methods
3. Practice error handling with various scenarios
4. Learn about API rate limiting and caching

Remember: The best way to learn is by doing. Try modifying the examples and building your own API clients!