# What is a REST API?
- **API** :
    - Application Progam Interface
    - Contract provided by one piece of software to another
    - Structures request and response


- **REST** :
    - Representational State Transfer
    - Achitecture style for designing networked applications
    - Relies on a stateless, client-server protocol, almost always HTTP
    - Treats server objects as resources that can be created or destroyed
    - can be used by virtually any programming language

# HTTP Methods
- **GET** : retrieve data from a specified resource
- **POST** : Submit data to be processed to a specified resource
- **PUT** : Update a specified resource
- **DELETE** : Delete a specified resource
- **HEAD** : Same as get but does not return a body
- **OPTIONS** : Returns the supported HTTP methods
- **PATCH** : Update partial resources


- some APIs require authentication to use their services. either free or paid.

# HTTP is stateless
- every request is completely independent
- similar to transactions
- programming, Local Storage, Cookies, Sessions are used to create enhanced UX.

# http status codes
- 1xx : Informational - Request received/processing
- 2xx : Success - Successfully received, accepted etc
- 3xx : Redirect - Further action must be taken / redirect
- 4xx : Client Error - Request does not have what it needs
- 5xx : Server Error - Server failed to fulfil an apparent valid request

e.g,
- 200 - OK,
- 201 - OK created,
- 301 - moved,
- 304 - mot modified(Cached version),
- 400 - Bad request,
- 401 - Unauthorized,
- 404 - Not found,
- 500 - Internal Server error,

# Using python requests

In [1]:
import requests

In [2]:
r = requests.get('https://xkcd.com/353/')

In [3]:
r

<Response [200]>

In [19]:
#print(dir(r))

In [20]:
#print(help(r))

In [21]:
from pprint import pprint
r_headers = dict(r.headers)

In [22]:
r.headers['Date']

'Sun, 03 Jan 2021 18:27:59 GMT'

In [23]:
pprint(r_headers)

{'Accept-Ranges': 'bytes',
 'Age': '0',
 'Cache-Control': 'max-age=300',
 'Connection': 'keep-alive',
 'Content-Encoding': 'gzip',
 'Content-Length': '3069',
 'Content-Type': 'text/html; charset=UTF-8',
 'Date': 'Sun, 03 Jan 2021 18:27:59 GMT',
 'ETag': 'W/"5fef5dc5-1dc6"',
 'Expires': 'Sun, 03 Jan 2021 12:40:16 GMT',
 'Last-Modified': 'Fri, 01 Jan 2021 17:37:09 GMT',
 'Server': 'nginx',
 'Vary': 'Accept-Encoding',
 'Via': '1.1 varnish',
 'X-Cache': 'HIT',
 'X-Cache-Hits': '1',
 'X-Served-By': 'cache-ams21039-AMS',
 'X-Timer': 'S1609698479.667678,VS0,VE436'}


In [16]:
# downloading images
img = requests.get('https://imgs.xkcd.com/comics/python.png')

In [17]:
with open('comic.png', 'wb') as f:
    f.write(img.content)

In [18]:
print(r.status_code)

200


In [24]:
# using httpbin.org

In [35]:
# res = requests.get('https:/httpbin.org/get?page=2&count=25')

payload = {
    'page': 2,
    'count': 25
}

res = requests.get('https://httpbin.org/get', params=payload)



In [36]:
print(res.text)
print(type(res.text))

{
  "args": {
    "count": "25", 
    "page": "2"
  }, 
  "headers": {
    "Accept": "*/*", 
    "Accept-Encoding": "gzip, deflate", 
    "Host": "httpbin.org", 
    "User-Agent": "python-requests/2.25.1", 
    "X-Amzn-Trace-Id": "Root=1-5ff21115-2407628f3ca65b2567a3dee8"
  }, 
  "origin": "106.208.207.67", 
  "url": "https://httpbin.org/get?page=2&count=25"
}

<class 'str'>


In [37]:
type(res.content)

bytes

In [41]:
payload = {'usr': 'corey', 'pass': 'testing'}
res = requests.post('https://httpbin.org/post', data=payload)

In [42]:
print(res.text)

{
  "args": {}, 
  "data": "", 
  "files": {}, 
  "form": {
    "pass": "testing", 
    "usr": "corey"
  }, 
  "headers": {
    "Accept": "*/*", 
    "Accept-Encoding": "gzip, deflate", 
    "Content-Length": "22", 
    "Content-Type": "application/x-www-form-urlencoded", 
    "Host": "httpbin.org", 
    "User-Agent": "python-requests/2.25.1", 
    "X-Amzn-Trace-Id": "Root=1-5ff2119f-1a4788746a4469832ac853ac"
  }, 
  "json": null, 
  "origin": "106.208.207.67", 
  "url": "https://httpbin.org/post"
}



In [43]:
print(res.json())
print(type(res.json()))

{'args': {}, 'data': '', 'files': {}, 'form': {'pass': 'testing', 'usr': 'corey'}, 'headers': {'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate', 'Content-Length': '22', 'Content-Type': 'application/x-www-form-urlencoded', 'Host': 'httpbin.org', 'User-Agent': 'python-requests/2.25.1', 'X-Amzn-Trace-Id': 'Root=1-5ff2119f-1a4788746a4469832ac853ac'}, 'json': None, 'origin': '106.208.207.67', 'url': 'https://httpbin.org/post'}
<class 'dict'>


In [44]:
res = requests.get('https://httpbin.org/basic-auth/corey/testing', auth=('corey', 'testing'))

In [47]:
print(res.text, res.status_code)

{
  "authenticated": true, 
  "user": "corey"
}
 200


In [49]:
res = requests.get('https://httpbin.org/delay/5', timeout=3)
res.status_code # ReadTimeoutException

ReadTimeout: HTTPSConnectionPool(host='httpbin.org', port=443): Read timed out. (read timeout=3)

# Authentication

### Authentication vs. Authorization

Authentication refers to proving the correct identity. Authorization refers to allowing a certain action.

An API might authenticate you but not authorize you to make a certain request.

---

You can attach your API key to a request in one of three ways:

- Via the apiKey querystring parameter.
- Via the X-Api-Key HTTP header.
- Via the Authorization HTTP header. Bearer optional, do not base 64 encode.

---

References: https://realpython.com/python-requests/#authentication