# 15 - API Requests

## What is an API?
An **API (Application Programming Interface)** is a set of rules that allows different software applications to communicate with each other. APIs can be thought of as intermediaries that allow two applications to exchange data or services.

In web development, APIs often allow a client (e.g., a web browser, a mobile app) to interact with a server to request information or perform actions.

<p align="center">
  <figure align="center">
    <img src="imgs/api_requests1.jpg" alt="Alt text">
    <figcaption>Source: altexsoft</figcaption>
  </figure>
</p>

### Example: Weather App
For example, when you use a weather app, your phone (the client) sends a request to a weather service (the server). The weather service processes the request and sends back data like the temperature, humidity, or forecast.

<p align="center">
  <figure align="center">
    <img src="imgs/api_requests2.jpg" alt="Alt text">
    <figcaption>Source: Zeolearn</figcaption>
  </figure>
</p>

### How Does an API Work?
There are three main steps in how an API works:

1. **Call**: The client makes a request to the server. This is essentially asking the server for data or to perform an action.

2.  **Implementation**: The server receives the request and processes it, often interacting with a database or another service to gather the necessary information.

3. **Response**: The server sends a response back to the client. This could be the data requested, a confirmation that an action was completed, or an error message.

### Example: Dining in a Restaurant
Imagine a restaurant where the customer (client) orders food. The waiter (API) takes the order to the kitchen (server). The kitchen prepares the food, and the waiter brings the food back to the customer.

<p align="center">
  <figure align="center">
    <img src="imgs/api_requests3.png" alt="Alt text" width="700" height="350">
    <figcaption>Source: GeeksForGeeks</figcaption>
  </figure>
</p>

## HTTP Methods: The Language of APIs
APIs on the web usually communicate using **HTTP (Hypertext Transfer Protocol)**. There are several common methods used to make requests to web APIs, and it’s essential to understand what each one does:

- `GET`: Used to retrieve data from a server. It’s like asking for information without changing anything on the server. For example, when you visit a webpage, your browser sends a `GET` request to the server.

- `POST`: Used to send data to the server, usually to create something new. For instance, submitting a form on a website (such as creating an account or posting a comment) sends a `POST` request.

- `PUT`: Used to update an existing resource on the server. For example, if you want to change your profile information on a website, you’d send a `PUT` request.

- `DELETE`: Used to remove a resource from the server. For instance, deleting a post or a comment on a social media site involves sending a `DELETE` request.

Each method has a specific role in web communications, and understanding their differences is important when working with APIs.

### Example: Making a `GET` Request 
Let’s start by making a simple `GET` request using Python’s `requests` library to retrieve data from a public API.

In [5]:
import requests

# Making a GET request to a public API
url = "https://jsonplaceholder.typicode.com/posts/1"  # A test API that returns a post
response = requests.get(url)

# Checking the status code to ensure the request was successful
print(f"Status Code: {response.status_code}")

# Displaying the response content in JSON format
data = response.json()
print(data)

Status Code: 200
{'userId': 1, 'id': 1, 'title': 'sunt aut facere repellat provident occaecati excepturi optio reprehenderit', 'body': 'quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto'}


In this example, we send a `GET` request to the server, which responds with a JSON object containing data about a specific post.

## Understanding HTTP Status Codes
When interacting with APIs, it's essential to understand the status codes that the server sends back in response to a request. These status codes tell us whether the request was successful or if something went wrong.

- **2xx**: Success. The request was successfully received, understood, and accepted.
    
    - **200 OK**: The request was successful, and the server is returning the requested data.

    - **201 Created**: The request was successful, and a new resource was created.

- **4xx**: Client Error. The request was invalid or cannot be processed.

    - **400 Bad Request**: The server couldn’t understand the request due to invalid syntax.

    - **404 Not Found**: The requested resource couldn’t be found on the server.

- **5xx**: Server Error. The server encountered a situation it doesn’t know how to handle.

    - **500 Internal Server Error**: Something went wrong on the server’s side.

### Example: Handling Different Status Codes 
We can check the status code of a request and handle different responses accordingly:

In [6]:
# Making a GET request to an invalid endpoint to trigger an error
url = "https://jsonplaceholder.typicode.com/invalid_endpoint"
response = requests.get(url)

# Handling different status codes
if response.status_code == 200:
    print("Request was successful.")
    print(response.json())
elif response.status_code == 404:
    print("Resource not found!")
else:
    print(f"Error: Received status code {response.status_code}")

Resource not found!


In this example, if the API endpoint doesn’t exist, we will receive a 404 status code, indicating the resource couldn’t be found.

## Making Different Types of API Requests
Now that we’ve covered `GET` requests and status codes, let’s explore how to make other types of requests, such as `POST`, `PUT`, and `DELETE`.

1. **`POST` Request**: Used to create a new resource on the server, such as submitting data or creating a new user.

    - **Example: Sending a `POST` Request**

In [7]:
# Example of sending a POST request to create a new post
url = "https://jsonplaceholder.typicode.com/posts"
payload = {
    "title": "My New Post",
    "body": "This is the content of my new post.",
    "userId": 1
}
response = requests.post(url, json=payload)

# Checking the status code
print(f"Status Code: {response.status_code}")

# Displaying the response content
print(response.json())

Status Code: 201
{'title': 'My New Post', 'body': 'This is the content of my new post.', 'userId': 1, 'id': 101}


In this case, we send data to the server, and the server creates a new resource (a new post). The server responds with a status code (201 Created) and returns the newly created data.

2. **`PUT` Request**: Used to update an existing resource on the server.

    - **Example: Sending a `PUT` Request**

In [8]:
 # Example of sending a PUT request to update an existing post
url = "https://jsonplaceholder.typicode.com/posts/1"
updated_payload = {
    "title": "Updated Title",
    "body": "This is the updated content.",
    "userId": 1
}
response = requests.put(url, json=updated_payload)

# Checking the status code
print(f"Status Code: {response.status_code}")

# Displaying the updated content
print(response.json())

Status Code: 200
{'title': 'Updated Title', 'body': 'This is the updated content.', 'userId': 1, 'id': 1}


Here, we update the post with new content. The server responds with the updated data.

3. **`DELETE` Request**: Used to delete a resource from the server.

    - **Example: Sending a `DELETE` Request**

In [9]:
# Example of sending a DELETE request to remove a post
url = "https://jsonplaceholder.typicode.com/posts/1"
response = requests.delete(url)

# Checking the status code
print(f"Status Code: {response.status_code}")

# Confirming deletion
if response.status_code == 200:
    print("The post was successfully deleted.")

Status Code: 200
The post was successfully deleted.


## Handling API Errors and Exceptions
When making API requests, it’s important to handle errors gracefully to prevent your program from crashing. Python’s `requests` library allows us to handle different types of exceptions, such as timeouts, invalid URLs, or network errors.

### Common Error Types:
- **Timeout**: The server took too long to respond.

- **ConnectionError**: There was a problem with the network connection.

- **HTTPError**: The server returned an error response.

### Example: Handling Exceptions

In [10]:
url = "https://jsonplaceholder.typicode.com/posts/1"

try:
    response = requests.get(url, timeout=5)  # Timeout of 5 seconds
    response.raise_for_status()  # Raises an HTTPError for bad status codes
except requests.exceptions.Timeout:
    print("The request timed out.")
except requests.exceptions.HTTPError as err:
    print(f"HTTP error occurred: {err}")
except requests.exceptions.RequestException as err:
    print(f"An error occurred: {err}")
else:
    print("Request was successful!")
    print(response.json())

Request was successful!
{'userId': 1, 'id': 1, 'title': 'sunt aut facere repellat provident occaecati excepturi optio reprehenderit', 'body': 'quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto'}


In this example, we use `try-except` blocks to catch various types of errors that could occur during an API request. This way, our program won’t crash if something goes wrong.

## API Requests with Authentication
While many public APIs allow you to access data without authentication, some APIs require you to register and obtain credentials to use their services. 

These credentials often include a `CLIENT_ID` and a `CLIENT_SECRET`. Authentication ensures that the API provider can monitor usage, enforce rate limits, and protect data.

### Why Use Authenticated APIs?
- **Access to More Features**: Authenticated APIs often provide access to additional endpoints and data.

- **Rate Limits**: Authenticated requests may have higher rate limits compared to anonymous ones.

- **Security**: Authentication helps protect sensitive data and ensures that only authorized users can access certain resources.

### Example: Setting Up Access to Spotify's API

#### Step 1: Register for a Spotify Developer Account
1. Go to the [Spotify Developer Dashboard](https://developer.spotify.com/dashboard).

2. Log in with your Spotify account or create one if you don't have it.

3. Accept the terms and conditions.

#### Step 2: Create a New Application
1. Click on **"Create an App"**.

2. Provide an **App Name** and **App Description** (e.g., "My Practice App").

    - **NOTE**: As we are not going to use this API from any other web application, leave the **Redirect URI** field as `http://localhost/`

3. Select **Web API** and agree to the terms and conditions.

3. Click **"Save"**.

<p align="center">
    <img src="imgs/api_requests4.png" alt="Alt text">
</p>

### Step 3: Obtaining `CLIENT_ID` and `CLIENT_SECRET`

1. After creating the app, you'll be redirected to the app's dashboard.

2. In the **Settings** section, you's finnd your **Client ID** and **Client Secret**

    - **Client ID**: A public identifier for your app.

    - **Client Secret**: A secret known only to your app and the authorization server.

<p align="center">
    <img src="imgs/api_requests5.png" alt="Alt text">
</p>

3. **Important Note**: Keep your `CLIENT_SECRET` confidential. Do not share it publicly or commit it to version control systems like GitHub. As we saw in the previous project, you can easily do this by creating a `.env` file in the root directory of your project. Create an `.env` file in your project and add your secret keys or passwords:

    ```python
    CLIENT_ID="insert your client key"
    CLIENT_SECRET="insert your client secret"
    ```

    - **ANOTHER NOTE**: Be sure to add the `.env` inside your `.gitignore` file, which is not saved in source control, so that you are not putting potentially sensitive information at risk.

4. Now, you must install `python-dotenv`. This is a Python package that allows your Python application to read a `.env` file. This package will look for a `.env` and, if found, expose the variables it contains to the application.

In [11]:
!pip install python-dotenv



5. Finally, you can read your `CLIENT_ID` and `CLIENT_SECRET` and store them in variables.

In [12]:
from dotenv import load_dotenv
load_dotenv()

import os

client_id = os.environ.get("CLIENT_ID")
client_secret = os.environ.get("CLIENT_SECRET")

### Step 4: Obtaining an Access Token
Spotify uses OAuth 2.0's Client Credentials Flow to obtain an access token, which is required to make API requests. Below, we use our credentials to generate the access token:

In [13]:
import base64

# Encode the client credentials
client_credentials = f"{client_id}:{client_secret}"
client_credentials_base64 = base64.b64encode(client_credentials.encode())

# Prepare the token request
token_url = "https://accounts.spotify.com/api/token"
headers = {
    "Authorization": f"Basic {client_credentials_base64.decode()}"
}
data = {
    "grant_type": "client_credentials"
}

# Request access token
response = requests.post(token_url, headers=headers, data=data)

# Check if the request was successful
if response.status_code == 200:
    access_token = response.json()['access_token']
    print("Access token obtained!")
else:
    print(f"Failed to obtain access token. Status code: {response.status_code}")
    print(response.text)

Access token obtained!


The **access token** is a string which contains the credentials and permissions that can be used to access a given resource (e.g artists, albums or tracks) or user's data (e.g your profile or your playlists).

In [16]:
# access_token

To use the access token you must include the following header in your API calls:

<p align="center">
  <figure align="center">
    <img src="imgs/api_requests6.png" alt="Alt text">
    <figcaption>Source: <a href="https://developer.spotify.com/documentation/web-api/concepts/access-token" target="_blank">Access Token | Spotify</a></figcaption>
  </figure>
</p>

- **Note**: that the access token is valid for 1 hour (3600 seconds). After that time, the token expires and you need to request a new one.

#### Step 5: Searching for an Artist
Once you have the access token, you can use it to authenticate API requests. Here’s how to search for an artist on Spotify using the `access_token`.

In [20]:
# Set the access token in the headers
headers = {
    "Authorization": f"Bearer {access_token}"
}

# Define the endpoint and parameters
search_url = "https://api.spotify.com/v1/search"
params = {
    "q": "Taylor Swift",  # Artist name to search for
    "type": "artist",
    "limit": 1
}

# Make the API request to search for the artist
response = requests.get(search_url, headers=headers, params=params)

# Check if the request was successful
if response.status_code == 200:
    response_data = response.json()
    print(f"Response Data: {response_data}")
    artist_id = response_data['artists']['items'][0]['id']
    artist_name = response_data['artists']['items'][0]['name']
    # print(f"Found artist: {artist_name} (ID: {artist_id})")
else:
    print(f"Failed to search for artist. Status code: {response.status_code}")
    print(response.text)

Response Data: {'artists': {'href': 'https://api.spotify.com/v1/search?query=Taylor+Swift&type=artist&offset=0&limit=1', 'items': [{'external_urls': {'spotify': 'https://open.spotify.com/artist/06HL4z0CvFAxyc27GXpf02'}, 'followers': {'href': None, 'total': 122944370}, 'genres': ['pop'], 'href': 'https://api.spotify.com/v1/artists/06HL4z0CvFAxyc27GXpf02', 'id': '06HL4z0CvFAxyc27GXpf02', 'images': [{'height': 640, 'url': 'https://i.scdn.co/image/ab6761610000e5ebe672b5f553298dcdccb0e676', 'width': 640}, {'height': 320, 'url': 'https://i.scdn.co/image/ab67616100005174e672b5f553298dcdccb0e676', 'width': 320}, {'height': 160, 'url': 'https://i.scdn.co/image/ab6761610000f178e672b5f553298dcdccb0e676', 'width': 160}], 'name': 'Taylor Swift', 'popularity': 100, 'type': 'artist', 'uri': 'spotify:artist:06HL4z0CvFAxyc27GXpf02'}], 'limit': 1, 'next': 'https://api.spotify.com/v1/search?query=Taylor+Swift&type=artist&offset=1&limit=1', 'offset': 0, 'previous': None, 'total': 834}}


#### Step 6: Retrieving the Artist's Top Tracks

In [25]:
# Define the endpoint for the artist's top tracks
top_tracks_url = f"https://api.spotify.com/v1/artists/{artist_id}/top-tracks"
params = {
    "market": "US"  # Specify the market (country)
}

# Make the API request to get top tracks
response = requests.get(top_tracks_url, headers=headers, params=params)

# Check if the request was successful
if response.status_code == 200:
    top_tracks_data = response.json()
    print(f"Top tracks for {artist_name}:")
    for idx, track in enumerate(top_tracks_data['tracks'], start=1):
        print(f"Track data: {track}")
        track_name = track['name']
        album_name = track['album']['name']
        # print(f"{idx}. {track_name} - Album: {album_name}")
else:
    print(f"Failed to get top tracks. Status code: {response.status_code}")
    print(response.text)

Top tracks for Taylor Swift:
Track data: {'album': {'album_type': 'album', 'artists': [{'external_urls': {'spotify': 'https://open.spotify.com/artist/06HL4z0CvFAxyc27GXpf02'}, 'href': 'https://api.spotify.com/v1/artists/06HL4z0CvFAxyc27GXpf02', 'id': '06HL4z0CvFAxyc27GXpf02', 'name': 'Taylor Swift', 'type': 'artist', 'uri': 'spotify:artist:06HL4z0CvFAxyc27GXpf02'}], 'external_urls': {'spotify': 'https://open.spotify.com/album/1NAmidJlEaVgA3MpcPFYGq'}, 'href': 'https://api.spotify.com/v1/albums/1NAmidJlEaVgA3MpcPFYGq', 'id': '1NAmidJlEaVgA3MpcPFYGq', 'images': [{'url': 'https://i.scdn.co/image/ab67616d0000b273e787cffec20aa2a396a61647', 'width': 640, 'height': 640}, {'url': 'https://i.scdn.co/image/ab67616d00001e02e787cffec20aa2a396a61647', 'width': 300, 'height': 300}, {'url': 'https://i.scdn.co/image/ab67616d00004851e787cffec20aa2a396a61647', 'width': 64, 'height': 64}], 'is_playable': True, 'name': 'Lover', 'release_date': '2019-08-23', 'release_date_precision': 'day', 'total_tracks':

### Handling Errors and Exceptions
It’s important to handle potential errors when making API requests, such as expired tokens or invalid credentials.

In [26]:
def get_access_token(client_id, client_secret):
    try:
        # Encoding and token request as before
        client_credentials = f"{client_id}:{client_secret}"
        client_credentials_base64 = base64.b64encode(client_credentials.encode())
        token_url = "https://accounts.spotify.com/api/token"
        headers = {
            "Authorization": f"Basic {client_credentials_base64.decode()}"
        }
        data = {
            "grant_type": "client_credentials"
        }
        response = requests.post(token_url, headers=headers, data=data)
        response.raise_for_status()  # Raises an HTTPError for bad status codes
        access_token = response.json()['access_token']
        return access_token
    except requests.exceptions.HTTPError as err:
        print(f"HTTP error occurred: {err}")
    except Exception as err:
        print(f"An error occurred: {err}")
    return None

# Use the function to get the access token
access_token = get_access_token(client_id, client_secret)
if access_token:
    print("Access token obtained successfully.")
else:
    print("Failed to obtain access token.")
    

Access token obtained successfully.


## Conclusion
- **APIs** are essential tools for allowing different applications to communicate.

- We can interact with web APIs using different **HTTP methods** like `GET`, `POST`, `PUT`, and `DELETE`.

- **Authentication** using a `CLIENT_ID` and `CLIENT_SECRET` allows us to access more features and data from services like Spotify.

- Always handle **errors and exceptions** when working with APIs to ensure reliability.

## Additional Resources
1. [Spotify for Developers: Web API](https://developer.spotify.com/documentation/web-api)