# Third-Party Packages, APIs, and Security

## Learning Objectives
By the end of this section, you will be able to:
- Install and import third-party Python packages using pip
- Use different import styles to organize code effectively
- Make HTTP API calls to retrieve data from external services
- Parse JSON responses and extract useful information
- Handle sensitive information securely using environment variables and getpass
- Build programs that interact with real-world APIs safely

## Why This Matters: Real-World AI/RAG/Agentic Applications

**In Software Engineering:**
- Code reuse: Leverage thousands of community-built packages instead of writing everything from scratch
- API integration: Connect your applications to external services (payment processors, databases, cloud services)
- Security: Protect sensitive credentials, API keys, and user data from exposure

**In AI Systems:**
- Install specialized libraries: transformers, langchain, openai, anthropic, etc.
- Call AI model APIs: OpenAI GPT, Google Gemini, Anthropic Claude
- Secure API keys: Protect expensive AI API credentials from unauthorized use

**In RAG Pipelines:**
- Vector database APIs: Query Pinecone, Weaviate, ChromaDB for document retrieval
- Embedding APIs: Call OpenAI or Cohere to generate text embeddings
- Document APIs: Fetch documents from cloud storage or content management systems

**In Agentic AI:**
- Tool integration: Agents call external APIs (weather, calendar, email, databases)
- Multi-service orchestration: Coordinate between different API services
- Secure credentials: Manage API keys for multiple services the agent uses

## Prerequisites
- Understanding of functions and return values
- Familiarity with dictionaries (API responses use dictionary format)
- Knowledge of strings and string formatting
- Basic understanding of variables

---

In [None]:
# Install required packages for this notebook
# In Google Colab, you need to run this every time you start a new session
!pip install requests python-dotenv

## Instructor Activity 1
**Concept**: Installing third-party packages using pip

Python's package ecosystem contains over 500,000 packages on PyPI (Python Package Index). These packages provide specialized functionality so you don't have to write everything from scratch.

**Key Points**:
- `pip` is Python's package installer (comes with Python)
- In Jupyter/Colab, use `!pip install package_name` (exclamation mark runs shell commands)
- In terminal/command line, use `pip install package_name` (no exclamation mark)
- Install packages before importing them in your code
- In Colab, installations last only for the current session

### Example 1: Installing a Single Package

**Task**: Install the `requests` package, which makes HTTP requests easy

**Expected Output**: Installation success message showing package version

In [None]:
# Empty cell for live demonstration

<details>
<summary>Solution</summary>

```python
# Install the requests package
# The ! tells Jupyter to run this as a shell command, not Python code
!pip install requests

# You'll see output showing:
# - Package being downloaded
# - Dependencies being installed
# - "Successfully installed requests-X.X.X" message
```

**Why this works:**
The `!` prefix executes shell commands from within Jupyter notebooks. `pip install` downloads the package from PyPI and installs it in your Python environment. The `requests` library is one of the most popular Python packages for making HTTP requests.

</details>

### Example 2: Installing Multiple Packages at Once

**Task**: Install both `requests` and `python-dotenv` in a single command

**Expected Output**: Both packages installed successfully

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# Install multiple packages by separating names with spaces
!pip install requests python-dotenv

# python-dotenv helps load environment variables from .env files
# Both packages and their dependencies will be installed
```

**Why this works:**
You can install multiple packages in one command by listing them separated by spaces. This is more efficient than running separate install commands. `python-dotenv` is commonly used to manage environment variables for configuration and secrets.

</details>

### Example 3: Understanding Package Versions and Dependencies

**Task**: Install a specific version of a package

**Expected Output**: The exact version specified gets installed

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# Install a specific version using ==
!pip install requests==2.31.0

# You can also use:
# >= for "at least this version"
# <= for "at most this version"
# ~= for "compatible release" (e.g., ~=2.31 allows 2.31.x but not 2.32)

# Example with version range:
# !pip install "requests>=2.28,<3.0"
```

**Why this works:**
Version specifiers ensure your code uses compatible package versions. In production environments, pinning exact versions (using `==`) prevents unexpected breaking changes. Dependencies are automatically installed - if `requests` needs `urllib3`, pip installs it automatically.

</details>

### Example 4: Checking Installed Packages

**Task**: View information about installed packages

**Expected Output**: List of packages or detailed information about a specific package

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# List all installed packages
!pip list

# Show detailed information about a specific package
!pip show requests

# Output includes:
# - Name and version
# - Summary/description
# - Homepage and author
# - Location where installed
# - Dependencies (Requires)
# - What depends on it (Required-by)
```

**Why this works:**
`pip list` shows all packages in your environment - useful for debugging and documenting your setup. `pip show` provides detailed metadata about a specific package, including its dependencies and install location. This helps you verify correct installation and understand package relationships.

</details>

---

## Learner Activity 1
**Practice**: Installing packages using pip

Now it's your turn to practice installing packages!

### Exercise 1: Install the requests Package

**Task**: Install the `requests` package using pip

**Expected Output**: Success message indicating requests was installed

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Install requests package
!pip install requests
```

**Why this works:**
The `!` runs the shell command, and `pip install requests` downloads and installs the requests package from PyPI.

</details>

### Exercise 2: Install python-dotenv

**Task**: Install the `python-dotenv` package

**Expected Output**: Success message for python-dotenv installation

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Install python-dotenv package
!pip install python-dotenv
```

**Why this works:**
Same pattern as before - pip downloads and installs the package. The `python-dotenv` package helps manage environment variables from .env files.

</details>

### Exercise 3: View Package Information

**Task**: Use `!pip show requests` to view detailed information about the requests package

**Expected Output**: Detailed metadata including version, author, location, and dependencies

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Show detailed information about requests package
!pip show requests
```

**Why this works:**
`pip show` displays package metadata from pip's records. This includes version, description, dependencies, and installation location - useful for debugging and verification.

</details>

---

## Instructor Activity 2
**Concept**: Different ways to import and use packages

After installing a package, you need to import it to use its functionality. Python offers several import styles to suit different needs.

**Key Points**:
- `import package` imports the entire package (use `package.function()`)
- `import package as alias` creates a shorter name for convenience
- `from package import item` imports specific functions/classes (use `item()` directly)
- Built-in packages (os, json, sys) don't need installation
- Third-party packages must be installed with pip first
- Choose import style based on readability and how often you'll use the package

### Example 1: Simple Import with Full Package Name

**Task**: Import requests and use it with full package name

**Expected Output**: Successfully make an HTTP request using `requests.get()`

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# Import the entire requests package
import requests

# Use the package with its full name
response = requests.get("https://api.github.com")
print(f"Status Code: {response.status_code}")
print(f"Response Type: {type(response)}")

# Output:
# Status Code: 200
# Response Type: <class 'requests.models.Response'>
```

**Why this works:**
`import requests` loads the entire requests package into memory. You access its functions using dot notation: `requests.get()`, `requests.post()`, etc. This is the most explicit style and makes it clear where each function comes from.

</details>

### Example 2: Import with Alias

**Task**: Import requests with a shorter alias name

**Expected Output**: Same functionality but using shorter name

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# Import with an alias (shorter name)
import requests as req

# Now use 'req' instead of 'requests'
response = req.get("https://api.github.com")
print(f"Status Code: {response.status_code}")

# Common aliases in the Python community:
# import numpy as np
# import pandas as pd
# import matplotlib.pyplot as plt

# Output:
# Status Code: 200
```

**Why this works:**
`import package as alias` creates a shorter reference name. This reduces typing and improves readability, especially for packages with long names. Follow community conventions for common aliases (np for numpy, pd for pandas).

</details>

### Example 3: Import Specific Functions

**Task**: Import only the `get` function from requests

**Expected Output**: Use `get()` directly without package prefix

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# Import only the get function
from requests import get

# Use get() directly without 'requests.' prefix
response = get("https://api.github.com")
print(f"Status Code: {response.status_code}")

# This is cleaner when you only need one or two functions
# But be careful of name conflicts with existing functions

# Output:
# Status Code: 200
```

**Why this works:**
`from package import item` brings specific items directly into your namespace. You can use them without the package prefix. This is cleaner when you only need a few functions, but be cautious of naming conflicts (e.g., if you have your own `get` function).

</details>

### Example 4: Import Multiple Items

**Task**: Import multiple items from a package in one line

**Expected Output**: Use multiple imported items directly

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
# Import multiple items from os (built-in package, no install needed)
from os import environ, path, getcwd

# Use each function directly
print(f"Current directory: {getcwd()}")
print(f"Path separator: {path.sep}")
print(f"Environment variables available: {len(environ)}")

# You can also use parentheses for better formatting:
# from os import (
#     environ,
#     path,
#     getcwd
# )

# Output will show your current directory and environment info
```

**Why this works:**
You can import multiple items by separating them with commas. The `os` package is built into Python, so no installation needed. Use parentheses for multi-line imports when importing many items for better readability.

</details>

---

## Learner Activity 2
**Practice**: Using different import styles

Practice the different ways to import packages and their components.

### Exercise 1: Explore Package Functions

**Task**: Import `requests` and use `dir(requests)` to see what functions are available

**Expected Output**: A list of all attributes and methods in the requests package

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Import requests package
import requests

# dir() lists all attributes and methods
print("Functions in requests package:")
functions = [item for item in dir(requests) if not item.startswith('_')]
print(functions)

# You'll see methods like: get, post, put, delete, patch, etc.
```

**Why this works:**
`dir()` is a built-in function that returns a list of valid attributes for an object. We filter out items starting with `_` (internal/private items) to see the public API. This is useful for exploring what a package can do.

</details>

### Exercise 2: Import with Alias

**Task**: Import `requests` with alias `req`, then use it in a print statement

**Expected Output**: A print statement showing you successfully used the alias

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Import with alias
import requests as req

# Use the alias
print(f"Requests package imported as 'req': {req}")
print(f"Package version: {req.__version__}")
```

**Why this works:**
The alias `req` becomes a reference to the requests package. You can use it exactly like the full name but with less typing. `__version__` is a special attribute many packages provide to show their version number.

</details>

### Exercise 3: Import Specific Function

**Task**: Import only the `get` function from `requests` package

**Expected Output**: Successfully import and demonstrate you can use `get()` directly

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Import only the get function
from requests import get

# Test that we can use it directly
print(f"get function imported: {get}")
print(f"Function type: {type(get)}")
```

**Why this works:**
`from package import function` brings the function into your current namespace. You can call it directly without the package prefix. This is cleaner when you frequently use specific functions.

</details>

### Exercise 4: Import from Built-in Package

**Task**: Import `environ` from the built-in `os` package (no installation needed)

**Expected Output**: Successfully import and print type of environ

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Import from os (built-in package)
from os import environ

# environ is a dictionary-like object with environment variables
print(f"environ type: {type(environ)}")
print(f"Number of environment variables: {len(environ)}")
```

**Why this works:**
Built-in packages like `os`, `sys`, `json` come with Python and don't need installation. `os.environ` is a special mapping object that behaves like a dictionary containing environment variables.

</details>

---

## Instructor Activity 3
**Concept**: Making HTTP API calls to retrieve data

APIs (Application Programming Interfaces) allow programs to communicate with each other. HTTP APIs use web URLs to send and receive data. This is how most modern applications interact with external services.

**Key Points**:
- HTTP GET request retrieves data from a URL
- Response object contains status code, headers, and content
- Status codes: 200 (OK), 404 (Not Found), 500 (Server Error)
- `.json()` method converts JSON response to Python dictionary
- Most APIs return data in JSON format
- Always check status code to ensure request succeeded
- Some APIs require authentication (API keys) - we'll cover that in Activity 4

### Example 1: Simple GET Request

**Task**: Make a GET request to GitHub's API root endpoint

**Expected Output**: Response object with status code 200

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import requests

# Make a GET request to GitHub API
response = requests.get("https://api.github.com")

# Print response details
print(f"Response object: {response}")
print(f"Status code: {response.status_code}")
print(f"Response type: {type(response)}")

# Output:
# Response object: <Response [200]>
# Status code: 200
# Response type: <class 'requests.models.Response'>
```

**Why this works:**
`requests.get(url)` sends an HTTP GET request to the specified URL and returns a Response object. The status code 200 means "OK" - the request succeeded. The Response object contains all the information returned by the server.

</details>

### Example 2: Checking Response Status

**Task**: Make a request and check if it was successful

**Expected Output**: Status code and success/failure message

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import requests

# Make request to GitHub API
response = requests.get("https://api.github.com")

# Check status code
print(f"Status Code: {response.status_code}")

# Check if request was successful (status code 200-299)
if response.status_code == 200:
    print("Success! Request completed successfully.")
else:
    print(f"Request failed with status: {response.status_code}")

# Alternative: use response.ok property
print(f"Request OK? {response.ok}")

# Common status codes:
# 200: OK - Success
# 201: Created - Resource successfully created
# 400: Bad Request - Client error
# 401: Unauthorized - Authentication required
# 404: Not Found - Resource doesn't exist
# 500: Internal Server Error - Server problem
```

**Why this works:**
HTTP status codes indicate the result of the request. Codes in the 200s mean success, 400s mean client errors, 500s mean server errors. The `.ok` property returns True for status codes 200-299. Always check status before processing response data.

</details>

### Example 3: Getting JSON Data

**Task**: Parse JSON response data into a Python dictionary

**Expected Output**: Dictionary containing API response data

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import requests

# Make request to GitHub API
response = requests.get("https://api.github.com")

# Convert JSON response to Python dictionary
data = response.json()

print(f"Data type: {type(data)}")
print(f"Number of keys: {len(data)}")
print("\nFirst few keys:")
for key in list(data.keys())[:5]:
    print(f"  - {key}: {data[key]}")

# Output shows dictionary with API endpoint URLs
```

**Why this works:**
The `.json()` method parses JSON (JavaScript Object Notation) text into Python data structures - typically dictionaries and lists. JSON is the standard format for API data exchange. Most APIs return JSON, which maps naturally to Python dictionaries.

</details>

### Example 4: Accessing Data from Response

**Task**: Extract specific information from an API response

**Expected Output**: Specific values from the JSON data

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import requests

# Get user information from GitHub API
response = requests.get("https://api.github.com/users/octocat")

# Parse JSON data
user_data = response.json()

# Access specific fields
print(f"Username: {user_data['login']}")
print(f"Name: {user_data['name']}")
print(f"Bio: {user_data['bio']}")
print(f"Public Repos: {user_data['public_repos']}")
print(f"Followers: {user_data['followers']}")
print(f"Profile URL: {user_data['html_url']}")

# Output shows octocat's GitHub profile information
```

**Why this works:**
Once JSON is converted to a dictionary, you access values using keys just like any Python dict: `data["key"]`. API documentation tells you what keys are available. GitHub's API is well-documented and free for basic use - perfect for learning.

</details>

---

## Learner Activity 3
**Practice**: Making GET requests and handling responses

Practice making API calls and working with the returned data.

### Exercise 1: Make Request and Check Status

**Task**: Make a GET request to `https://api.github.com/users/octocat` and print the status code

**Expected Output**: Status code (should be 200 if successful)

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests

# Make GET request
response = requests.get("https://api.github.com/users/octocat")

# Print status code
print(f"Status Code: {response.status_code}")

# Output: Status Code: 200
```

**Why this works:**
The URL points to GitHub's user API endpoint for the user "octocat". The `status_code` attribute contains the HTTP status code returned by the server. 200 indicates a successful request.

</details>

### Exercise 2: Parse JSON Response

**Task**: Get the JSON data from the response and store it in a variable called `user_data`

**Expected Output**: Dictionary containing user information

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests

# Make request
response = requests.get("https://api.github.com/users/octocat")

# Parse JSON to dictionary
user_data = response.json()

# Verify it's a dictionary
print(f"Type: {type(user_data)}")
print(f"Keys available: {len(user_data)}")

# Output: Type: <class 'dict'>
```

**Why this works:**
The `.json()` method parses the JSON response body into Python data structures. In this case, it returns a dictionary containing all the user's profile information.

</details>

### Exercise 3: Extract Specific Data

**Task**: Access and print the "login" field from the user_data

**Expected Output**: The username "octocat"

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests

# Make request and get data
response = requests.get("https://api.github.com/users/octocat")
user_data = response.json()

# Access the login field
username = user_data["login"]
print(f"Username: {username}")

# Output: Username: octocat
```

**Why this works:**
Dictionary access using `["key"]` retrieves the value for that key. The GitHub API returns a "login" field containing the username. Check API documentation to know what fields are available.

</details>

### Exercise 4: Try a Different API

**Task**: Make a request to `https://jsonplaceholder.typicode.com/posts/1` and print the "title" field

**Expected Output**: The title of post #1

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests

# Make request to JSONPlaceholder API (fake REST API for testing)
response = requests.get("https://jsonplaceholder.typicode.com/posts/1")

# Get JSON data
post_data = response.json()

# Print the title
print(f"Post Title: {post_data['title']}")

# Also show other available fields
print(f"\nAvailable fields: {list(post_data.keys())}")

# Output shows the post title and available fields
```

**Why this works:**
JSONPlaceholder is a free fake API for testing and prototyping. It returns sample data in standard REST API format. This demonstrates that the same request pattern works across different APIs.

</details>

---

## Instructor Activity 4
**Concept**: Storing sensitive information securely using environment variables

Hardcoding API keys, passwords, or tokens directly in code is a security risk. If you share your code or push it to GitHub, those secrets are exposed. Environment variables provide a secure way to store sensitive data outside your code.

**Key Points**:
- Environment variables store configuration outside your code
- Never hardcode API keys, passwords, or tokens in source files
- `os.environ` is a dictionary-like object containing environment variables
- Use `.get(key, default)` to safely access variables with fallback values
- `getpass()` hides password input (shows *** instead of characters)
- In production: use .env files or cloud secret managers (AWS Secrets Manager, etc.)
- In Colab: use notebook secrets feature or getpass() for temporary values

### Example 1: Understanding Environment Variables

**Task**: View some environment variables in your system

**Expected Output**: List of environment variables

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import os

# os.environ is a dictionary-like object
print(f"Type: {type(os.environ)}")
print(f"Number of environment variables: {len(os.environ)}")

# Show a few common environment variables (may vary by system)
print("\nSome common environment variables:")
common_vars = ['PATH', 'HOME', 'USER', 'LANG']
for var in common_vars:
    value = os.environ.get(var, 'Not set')
    if value != 'Not set':
        # Truncate long values for readability
        display_value = value[:50] + '...' if len(value) > 50 else value
        print(f"  {var}: {display_value}")

# Environment variables are set by the operating system
# They provide configuration to programs
```

**Why this works:**
Environment variables are key-value pairs set by the operating system or shell. They provide configuration information to running programs. Common uses: system paths, user information, language settings, and application secrets.

</details>

### Example 2: Setting Environment Variables

**Task**: Set a custom environment variable for API configuration

**Expected Output**: Successfully set and retrieved environment variable

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import os

# Set an environment variable (simulating API key storage)
# In real apps, this would be set outside the code
os.environ["API_KEY"] = "demo_key_12345"
os.environ["API_URL"] = "https://api.example.com"

# Retrieve the variables
api_key = os.environ["API_KEY"]
api_url = os.environ["API_URL"]

print(f"API Key: {api_key}")
print(f"API URL: {api_url}")

# This is for demonstration only!
# In real code, you would NOT set secrets in code like this
# They would be set externally (shell, .env file, cloud config)
```

**Why this works:**
`os.environ` acts like a dictionary. Setting `os.environ["KEY"] = "value"` creates or updates an environment variable for the current process. In production, you set these externally (not in code) to keep secrets secure.

</details>

### Example 3: Safely Reading Environment Variables

**Task**: Use `.get()` method to safely access environment variables with defaults

**Expected Output**: Retrieved values or defaults when variables don't exist

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
import os

# Safe way: use .get() with default value
# This won't crash if the variable doesn't exist
api_key = os.environ.get("API_KEY", "default_key")
api_timeout = os.environ.get("API_TIMEOUT", "30")  # Default to 30 seconds
debug_mode = os.environ.get("DEBUG", "false")

print(f"API Key: {api_key}")
print(f"API Timeout: {api_timeout}")
print(f"Debug Mode: {debug_mode}")

# Compare with unsafe way (commented out to avoid crash):
# api_timeout = os.environ["API_TIMEOUT"]  # Would raise KeyError if not set

# .get() returns None or your default if key doesn't exist
# Direct access with [] raises KeyError if key doesn't exist
```

**Why this works:**
`.get(key, default)` safely retrieves environment variables. If the key doesn't exist, it returns the default value instead of crashing. This makes your code more robust - it works even if configuration is missing. Always use `.get()` for optional configuration.

</details>

### Example 4: Using getpass() for Password Input

**Task**: Use `getpass()` to securely input a password (hidden from view)

**Expected Output**: Prompt for password that hides what you type

In [None]:
# Empty cell for demonstration

<details>
<summary>Solution</summary>

```python
from getpass import getpass
import os

# Get password/API key from user without displaying it
print("Enter your API key (input will be hidden):")
api_key = getpass("API Key: ")

# Store in environment variable for use in this session
os.environ["SECURE_API_KEY"] = api_key

# Show that we got the key (but only show first/last chars for security)
if len(api_key) > 8:
    masked = f"{api_key[:4]}...{api_key[-4:]}"
else:
    masked = "*" * len(api_key)

print(f"API Key stored securely: {masked}")
print(f"Length: {len(api_key)} characters")

# In Colab/Jupyter, getpass shows a text box instead of command line input
# Your input is never visible on screen - perfect for passwords/keys
```

**Why this works:**
`getpass()` prompts for input but hides what the user types (shows nothing or ***). This prevents shoulder surfing and keeps passwords out of notebook output. Perfect for one-time entry of API keys in Colab notebooks. The input is returned as a string you can use or store in an environment variable.

</details>

---

## Learner Activity 4
**Practice**: Working with environment variables and secure input

Practice storing and retrieving configuration data securely.

### Exercise 1: Set and Print Environment Variable

**Task**: Set an environment variable `USER_NAME` with your name and print it

**Expected Output**: Your name printed from the environment variable

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import os

# Set environment variable
os.environ["USER_NAME"] = "Alice"  # Replace with your name

# Print it
print(f"User Name: {os.environ['USER_NAME']}")

# Output: User Name: Alice
```

**Why this works:**
Setting `os.environ["KEY"]` creates an environment variable accessible throughout your program. This is useful for configuration that different parts of your code need to access.

</details>

### Exercise 2: Use .get() with Default

**Task**: Use `os.environ.get()` to retrieve `USER_NAME` with a default value of "Guest"

**Expected Output**: Your name if set, or "Guest" if not set

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import os

# Safely get environment variable with default
user_name = os.environ.get("USER_NAME", "Guest")
print(f"Welcome, {user_name}!")

# Try with a variable that doesn't exist
email = os.environ.get("USER_EMAIL", "no-email@example.com")
print(f"Email: {email}")

# Output:
# Welcome, Alice! (or Guest if not set)
# Email: no-email@example.com
```

**Why this works:**
`.get(key, default)` provides a fallback value when a variable isn't set. This prevents crashes and makes your code more resilient to missing configuration.

</details>

### Exercise 3: Use getpass() for Password

**Task**: Use `getpass()` to ask user for a password (it will be hidden)

**Expected Output**: Password prompt with hidden input

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
from getpass import getpass

# Get hidden password input
password = getpass("Enter your password: ")

# Show that we received it (but don't print the actual password!)
print(f"Password received (length: {len(password)} characters)")
print("Password is: " + "*" * len(password))  # Show asterisks only
```

**Why this works:**
`getpass()` prompts for input without displaying it on screen. This protects sensitive information from being visible in notebook output or over someone's shoulder.

</details>

### Exercise 4: Create Secure API Key Storage

**Task**: Use getpass to ask for an API key, store it in environment variable `MY_API_KEY`, then use it in a print statement (mask most of it for security)

**Expected Output**: Securely stored API key with masked display

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
from getpass import getpass
import os

# Get API key securely
print("Enter your API key:")
api_key = getpass("API Key: ")

# Store in environment variable
os.environ["MY_API_KEY"] = api_key

# Retrieve and display masked version
stored_key = os.environ.get("MY_API_KEY")
if stored_key and len(stored_key) > 8:
    masked_key = f"{stored_key[:4]}{'*' * (len(stored_key) - 8)}{stored_key[-4:]}"
else:
    masked_key = "*" * len(stored_key)

print(f"API Key stored: {masked_key}")
print(f"Length: {len(stored_key)} characters")
print("\nAPI key is now available for use in API calls!")

# In real applications, you would use this stored key in API requests
# Example: headers = {"Authorization": f"Bearer {os.environ.get('MY_API_KEY')}"}
```

**Why this works:**
This combines `getpass()` for secure input with `os.environ` for storage. The key is never displayed in full, only a masked version. This is the pattern you'd use in Colab notebooks to securely handle API keys. The key remains available for the session but isn't hardcoded in your notebook.

</details>

---

## Optional Extra Practice
**Challenge yourself with these problems that integrate all the concepts**

These exercises combine packages, APIs, and security practices into realistic scenarios.

### Challenge 1: Weather Information Retriever

**Scenario**: Build a simple weather information tool using a public API

**Task**: 
1. Install and import `requests`
2. Make a GET request to `https://wttr.in/London?format=j1` (free weather API)
3. Parse the JSON response
4. Extract and display the current temperature and weather description

**Expected Output**: Current weather information for London

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests

# Make request to wttr.in weather API
# format=j1 returns JSON instead of ASCII art
city = "London"
url = f"https://wttr.in/{city}?format=j1"
response = requests.get(url)

# Check if request was successful
if response.status_code == 200:
    # Parse JSON data
    weather_data = response.json()
    
    # Extract current conditions
    current = weather_data['current_condition'][0]
    temp_c = current['temp_C']
    temp_f = current['temp_F']
    description = current['weatherDesc'][0]['value']
    humidity = current['humidity']
    
    # Display weather information
    print(f"Weather in {city}:")
    print(f"Temperature: {temp_c}°C ({temp_f}°F)")
    print(f"Conditions: {description}")
    print(f"Humidity: {humidity}%")
else:
    print(f"Failed to get weather data. Status: {response.status_code}")

# Try with different cities by changing the city variable
```

**Why this works:**
wttr.in is a free weather API that requires no authentication. The JSON format returns structured weather data we can parse. We check the status code, parse JSON, navigate the nested dictionary structure, and extract relevant fields. This demonstrates a complete API integration workflow: request → validate → parse → extract → display.

</details>

### Challenge 2: Secure API Client

**Scenario**: Create a secure API client that uses environment variables for credentials

**Task**:
1. Use `getpass()` to get an API key from the user
2. Store it in `os.environ` as "GITHUB_TOKEN"
3. Make an authenticated request to GitHub API using the token in headers
4. Format: `headers = {"Authorization": f"Bearer {token}"}`

**Note**: For this exercise, you can use any string as the token - authentication will fail but the structure is what matters

**Expected Output**: Request made with proper authorization header

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests
from getpass import getpass
import os

# Get API token securely
print("Enter your GitHub token (or any test string):")
token = getpass("Token: ")

# Store in environment variable
os.environ["GITHUB_TOKEN"] = token

# Retrieve token from environment for API call
api_token = os.environ.get("GITHUB_TOKEN")

# Make authenticated request
headers = {
    "Authorization": f"Bearer {api_token}",
    "Accept": "application/vnd.github+json"
}

response = requests.get("https://api.github.com/user", headers=headers)

print(f"\nRequest Status: {response.status_code}")

if response.status_code == 200:
    user_data = response.json()
    print(f"Authenticated as: {user_data['login']}")
elif response.status_code == 401:
    print("Authentication failed - token invalid or not provided")
    print("This is expected if using a test string!")
else:
    print(f"Request failed: {response.status_code}")

# Show the security pattern (without exposing the token)
print("\nSecurity Pattern Demonstrated:")
print("1. Token entered via getpass (hidden input)")
print("2. Token stored in environment variable")
print("3. Token retrieved from environment for API call")
print("4. Token sent in Authorization header")
print("5. Token never visible in code or output")
```

**Why this works:**
This demonstrates proper API key handling:
1. **Secure Input**: `getpass()` hides the token during entry
2. **Environment Storage**: Token stored in `os.environ`, not in code
3. **Header Authentication**: Token passed in Authorization header (Bearer token pattern)
4. **No Exposure**: Token never appears in code, output, or version control

In production, you'd set `GITHUB_TOKEN` externally (shell, .env file, cloud secrets) rather than via getpass. This pattern works for any API requiring token authentication (OpenAI, Anthropic, AWS, etc.).

</details>

### Challenge 3: GitHub User Profile Explorer

**Scenario**: Build an interactive tool to explore GitHub user profiles

**Task**:
1. Import requests
2. Ask user for a GitHub username using `input()`
3. Make API call to `https://api.github.com/users/{username}`
4. Display: name, bio, public repos count, followers, following
5. Handle the case where the user doesn't exist (404 error)

**Expected Output**: User profile information or error message

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests

# Get username from user
username = input("Enter a GitHub username to explore: ")

# Make API request
url = f"https://api.github.com/users/{username}"
response = requests.get(url)

# Handle different response codes
if response.status_code == 200:
    # Parse user data
    user = response.json()
    
    # Display profile information
    print(f"\n{'='*50}")
    print(f"GitHub Profile: {username}")
    print(f"{'='*50}")
    print(f"Name: {user.get('name', 'Not provided')}")
    print(f"Bio: {user.get('bio', 'No bio')}")
    print(f"Location: {user.get('location', 'Not specified')}")
    print(f"\nStats:")
    print(f"  Public Repos: {user['public_repos']}")
    print(f"  Followers: {user['followers']}")
    print(f"  Following: {user['following']}")
    print(f"\nProfile URL: {user['html_url']}")
    print(f"Created: {user['created_at'][:10]}")
    
elif response.status_code == 404:
    print(f"\nUser '{username}' not found on GitHub.")
    print("Please check the spelling and try again.")
    
else:
    print(f"\nError: Unable to fetch user data")
    print(f"Status Code: {response.status_code}")

# Try with: octocat, torvalds, gvanrossum
```

**Why this works:**
This demonstrates a complete interactive API application:
1. **User Input**: `input()` gets the username dynamically
2. **Dynamic URL**: f-string creates URL with user-provided username
3. **Error Handling**: Checks status codes and handles different scenarios
4. **Safe Access**: Uses `.get()` with defaults for optional fields
5. **User-Friendly Output**: Formats data nicely for readability

This pattern applies to any API: get input → construct URL → make request → check status → parse response → format output. You could extend this to fetch user repositories, check if they're hireable, etc.

</details>

### Challenge 4: Multi-API Data Integration

**Scenario**: Combine data from two different APIs to create a richer dataset

**Task**:
1. Call GitHub API to get user data: `https://api.github.com/users/octocat`
2. Call JSONPlaceholder API to get post data: `https://jsonplaceholder.typicode.com/posts/1`
3. Store API endpoints in environment variables
4. Combine data into a single dictionary with keys: `github_user`, `post_title`, `combined_date`
5. Print the combined data

**Expected Output**: Dictionary with data from both APIs

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import requests
import os
from datetime import datetime

# Store API endpoints in environment variables (configuration)
os.environ["GITHUB_API"] = "https://api.github.com/users/octocat"
os.environ["POSTS_API"] = "https://jsonplaceholder.typicode.com/posts/1"

# Get endpoints from environment
github_url = os.environ.get("GITHUB_API")
posts_url = os.environ.get("POSTS_API")

# Make both API calls
print("Fetching data from GitHub...")
github_response = requests.get(github_url)

print("Fetching data from JSONPlaceholder...")
posts_response = requests.get(posts_url)

# Check both requests succeeded
if github_response.status_code == 200 and posts_response.status_code == 200:
    # Parse both responses
    github_data = github_response.json()
    posts_data = posts_response.json()
    
    # Combine data into single dictionary
    combined_data = {
        "github_user": github_data['login'],
        "github_name": github_data.get('name', 'N/A'),
        "github_repos": github_data['public_repos'],
        "post_title": posts_data['title'],
        "post_body": posts_data['body'][:50] + "...",  # Truncate for display
        "combined_date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
        "data_sources": ["GitHub API", "JSONPlaceholder API"]
    }
    
    # Display combined data
    print("\n" + "="*60)
    print("COMBINED DATA FROM MULTIPLE APIs")
    print("="*60)
    
    for key, value in combined_data.items():
        print(f"{key}: {value}")
    
    print("\nData successfully integrated from multiple sources!")
    
else:
    print("Error: One or both API calls failed")
    print(f"GitHub status: {github_response.status_code}")
    print(f"Posts status: {posts_response.status_code}")
```

**Why this works:**
This demonstrates several advanced patterns:
1. **Configuration Management**: API URLs stored in environment variables (easy to change)
2. **Multiple API Calls**: Fetching from different sources in one program
3. **Data Integration**: Combining responses into a unified data structure
4. **Error Handling**: Checking both requests before processing
5. **Data Enrichment**: Adding metadata (timestamp, sources) to combined data

This is common in real applications - RAG systems combine vector database results with LLM APIs, analytics dashboards pull from multiple data sources, etc. The key is: fetch → validate → parse → combine → use.

</details>

### Challenge 5: Import Styles Comparison

**Scenario**: Compare different import styles for the same functionality

**Task**:
Write the same API call three different ways:
1. Using `import requests` (full package name)
2. Using `import requests as req` (alias)
3. Using `from requests import get` (specific function)

All three should make a GET request to `https://api.github.com` and print the status code.

**Expected Output**: Three different approaches producing the same result

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
# Method 1: Full package import
print("Method 1: Full Package Import")
print("-" * 40)
import requests

response1 = requests.get("https://api.github.com")
print(f"Code: response1 = requests.get(url)")
print(f"Status: {response1.status_code}")
print(f"Pros: Clear where functions come from")
print(f"Cons: More typing\n")

# Method 2: Import with alias
print("Method 2: Import with Alias")
print("-" * 40)
import requests as req

response2 = req.get("https://api.github.com")
print(f"Code: response2 = req.get(url)")
print(f"Status: {response2.status_code}")
print(f"Pros: Less typing, still clear")
print(f"Cons: Need to remember alias\n")

# Method 3: Import specific function
print("Method 3: Import Specific Function")
print("-" * 40)
from requests import get

response3 = get("https://api.github.com")
print(f"Code: response3 = get(url)")
print(f"Status: {response3.status_code}")
print(f"Pros: Cleanest, least typing")
print(f"Cons: Less clear where 'get' comes from\n")

# Verify all methods produced same result
print("=" * 40)
print("All three methods work identically!")
print(f"Same status code: {response1.status_code == response2.status_code == response3.status_code}")
print("\nChoose based on:")
print("- Team conventions")
print("- How often you use the function")
print("- Code readability preferences")
```

**Why this works:**
All three import styles access the same underlying function, just with different syntax:
1. **Full Import** (`requests.get`): Most explicit - always clear where functions come from
2. **Alias** (`req.get`): Balances clarity with brevity - common in data science (np, pd)
3. **Specific Import** (`get`): Most concise - good when you use a function frequently

No method is "better" - it's about context:
- Use full import when clarity matters most
- Use alias for long package names (like `matplotlib.pyplot as plt`)
- Use specific import when you use a function heavily in a module

Following community conventions is usually best: `import requests` is standard, `import numpy as np` is standard, etc.

</details>

---

## Summary

**What You Learned:**
- Install packages with pip to extend Python's capabilities
- Use different import styles to organize code effectively
- Make HTTP API calls to retrieve data from external services
- Parse JSON responses and extract useful information
- Handle sensitive information securely using environment variables
- Use getpass() to hide password/API key input

**Real-World Applications:**
- **Software Engineering**: Integrate third-party services, manage configuration, protect secrets
- **AI/ML Development**: Call OpenAI, Anthropic, or Gemini APIs; install ML libraries
- **RAG Systems**: Query vector databases, fetch documents, generate embeddings
- **Agentic AI**: Enable agents to call external tools and services securely

**Best Practices:**
1. Always install packages before importing them
2. Check API response status codes before processing data
3. Never hardcode API keys or passwords in source code
4. Use environment variables for configuration and secrets
5. Use `.get()` with defaults when accessing environment variables
6. In Colab, use getpass() for one-time secret entry
7. Read API documentation to understand rate limits and authentication
8. Handle errors gracefully (404s, timeouts, etc.)

**Next Steps:**
- Explore more complex APIs (POST requests, authentication, pagination)
- Learn about .env files for local development
- Study API rate limiting and error handling
- Practice with real AI APIs (OpenAI, Anthropic, etc.)
- Build complete applications that integrate multiple services

Great work! You now have the skills to integrate external services into your Python programs safely and effectively. 🚀