<a href="https://colab.research.google.com/github/yuliiabosher/Cyber_Resilience_Course/blob/main/Accessing_API_data.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Accessing API data with Python
---

Now that you have accessed an API with Postman, which makes the process a little easier.  Have a go at calling the API using Python, again a reasonably easy process.


### First store the API key in an environment variable for security
---

Python is an interpreted language and the code exists in its text form while it is running. It can be relatively easily stopped and viewed during execution. This means that setting the key in the code is not really secure.

Most development environments provide the facility to store '**environment variables**'. These are kept separate from the code and so can be kept private.

**Setting an environment variable in a colab notebook**
The main thing is to not store the key in the notebook (as these can be shared). You can avoid this by making sure that all who will run the code in the notebook know the key and can copy it in just for when they are working in the notebook. The notebook will delete all data on closing the session and so the notebook can be shared without sharing the key.

Here is a way to store data in the notebook environment when it is opened so that it is then available just for that session.

First: install a library into the notebook to manage the environment:
Then:  import that library, along with an operating system library and a function that can manage the output in a colab.

Then:  get the key from the user (who could paste it in) and store that key in the notebook's operating system environment (calling it 'API_KEY')

Then:  clear the output so that there is no visibility of the key.  It will still be there to use until the notebook is closed, and it won't be included in any copy of the notebook shared on Github.

In [1]:
!pip install python-dotenv
import dotenv
import os
from google.colab import output

key = input("Enter the API key: ")
os.environ['API_KEY'] = key
output.clear()

### Run the code in the cell ABOVE, before running the code below

### The requests library
Python has a requests library which has the instructions to make the request.

*  Import the requests library  
*  Create a request headers (containing the API key WHICH MUST BE ENTERED EACH TIME FOR SECURITY)   
*  Clear the display so that the security key is immediately hidden
*  Create the payload (same as in postman - *the payload is the data needed to clarify what you are requesting*)
Send the request (with url, the request header and payload as data (the body))    
*  Print the response

**REMEMBER** to add your name in the `admin_name` field to allow the database to be named with your name.  This allows you to have a database file that only you are editing, so that the data remains as expected during the testing process.

In [3]:
import requests
import json

key = input("Enter the API key: ")
os.environ['API_KEY'] = key
output.clear()

def run_test_setup():

  url = "https://32614btzed.execute-api.eu-west-2.amazonaws.com/testing/savings-app"

  headers = {
      "Content-Type":"application/json",
      "x-api-key": os.environ.get('API_KEY')
  }

  payload = {
      "instruction":"setup_for_testing",
      "data":{},
      "admin_name":"Yulia"
  }

  response = requests.post(url, headers=headers, data=json.dumps(payload))
  print(response.text)

#########################################################################################################
# run_test_setup to make a request to setup the database for testing using the setup_for_testing function
run_test_setup()

"Database connected and savings table created. Test data added"


### Create a new request for the get_columns function
---
Again, ensure that you ask for input of the API key.  This is only so that if you upload this worksheet to Github, you won't expose the key as long as you haven't saved it in the worksheet.

Add the request code in the code cell below.

In [4]:
import requests
import json

key = input("Enter the API key: ")
os.environ['API_KEY'] = key
output.clear()

def run_get_columns():

  url = "https://32614btzed.execute-api.eu-west-2.amazonaws.com/testing/savings-app"

  headers = {
      "Content-Type":"application/json",
      "x-api-key": os.environ.get('API_KEY')
  }

  payload = {
      "instruction":"get_columns",
      "data":{},
      "admin_name":"Yulia"
  }

  response = requests.post(url, headers=headers, data=json.dumps(payload))
  print(response.text)

run_get_columns()

["user_id", "balance"]


### Now add the other two requests (get_data, add_funds)

In [5]:
import requests
import json

key = input("Enter the API key: ")
os.environ['API_KEY'] = key
output.clear()

def run_get_data():

  url = "https://32614btzed.execute-api.eu-west-2.amazonaws.com/testing/savings-app"

  headers = {
      "Content-Type":"application/json",
      "x-api-key": os.environ.get('API_KEY')
  }

  payload = {
      "instruction":"get_data",
      "data":{},
      "admin_name":"Yulia"
  }

  response = requests.post(url, headers=headers, data=json.dumps(payload))
  print(response.text)

run_get_data()

[[1, 44.0], [2, 5.0], [3, 42.0], [4, 32.0], [5, 25.0], [6, 5.0], [7, 26.0], [8, 39.0], [9, 45.0], [10, 29.0]]


In [7]:
import requests
import json

key = input("Enter the API key: ")
os.environ['API_KEY'] = key
output.clear()

def run_add_funds():

  url = "https://32614btzed.execute-api.eu-west-2.amazonaws.com/testing/savings-app"

  headers = {
      "Content-Type":"application/json",
      "x-api-key": os.environ.get('API_KEY')
  }

  payload = {
      "instruction":"add_funds",
      "data":{"user_id":3,"amount":20},
      "admin_name":"Yulia"
  }

  response = requests.post(url, headers=headers, data=json.dumps(payload))
  print(response.text)

run_add_funds()

"Record for user: 3 updated - 20 added"


### And finally - add your own request to remove funds of 5 from user_id 2

In [9]:
import requests
import json

key = input("Enter the API key: ")
os.environ['API_KEY'] = key
output.clear()

def run_remove_funds():

  url = "https://32614btzed.execute-api.eu-west-2.amazonaws.com/testing/savings-app"

  headers = {
      "Content-Type":"application/json",
      "x-api-key": os.environ.get('API_KEY')
  }

  payload = {
      "instruction":"remove_funds",
      "data":{"user_id":5,"amount":7},
      "admin_name":"Yulia"
  }

  response = requests.post(url, headers=headers, data=json.dumps(payload))
  print(response.text)

run_remove_funds()

"Record for user: 5 updated - 7 removed"


### Upload the worksheet to Github but only if the API key is not showing anywhere in the worksheet.