API
LESSON 2
API
The term API is an acronym, and it
stands for “Application
Programming Interface.”
API
► An API (Application Programming Interface) is an interface
between two applications that enables them to communicate
with each other.
► Any communication between two applications that involves
calling a function from within the first software and sending a
request to retrieve some data from the second software is an
API.
► APIs are sets of definitions and protocols that allow software
components to talk and interact with each other using a
simple set of commands.
HOW IT WORKS
• API: The "hidden"
portion of a website • Client: A program that
that is meant for exchanges data with a
computer server through an API
consumption
• Server: A powerful
computer that runs an
API
► Client
► The HTTP client sends a request to the server in the form
of a request method, URI, and protocol version, followed
by a MIME-like message containing request modifiers,
client information, and possible body content over a
TCP/IP connection.
► Server
► The HTTP server responds with a status line, including
the message's protocol version and a success or error
code, followed by a MIME-like message containing server
information, entity meta information, and possible entity-
body content.
API Calls
An API call is the process of a client application
submitting a request to a server's API. An API call also
comprises everything that happens after the request
is submitted. This includes when the API retrieves
information from the server and delivers it back to
the client.
What is API authorization?
API authorization determines what actions a client can
perform once they are authenticated by the API.
Authentication comes before authorization. This is where
the client's identity is confirmed via an API key,
authentication tokens, or other credentials.
One common form of authentication used in the
authorization process is an API key.
What is an API key?
An API key is a unique identifier used to authenticate calls to an API. The key is
made up of a string of letters and numbers that identify the client. (Remember,
this is the application or site making the request.)
Benefits of APIs
1. New data available: an API allows all of the information generated
at the government level to be available to every citizen, not just a
select few.
2. Efficiency: when access is provided to an API, the content
generated can be published automatically and is available for every
channel. It allows it to be shared and distributed more easily.
3. Integration: APIs allow content to be embedded from any site or
application more easily. This guarantees more fluid information
delivery and an integrated user experience.
4. Adaptation: needs change over time and APIs help to anticipate
changes. When working with this technology, data migration is
supported better, and the information is reviewed more closely. In
short, APIs make service provision more flexible.
What are APIs used for
Data sharing.
Any time a program needs to get data from a
third party (e.g., a travel app compiling flight
times from airlines), data can be shared through
an API.
App integrations.
When two digital applications work in conjunction
— HubSpot and Gmail, for example — an API is
likely involved.
What are APIs used for
Embedded content.
To embed a piece of content that is hosted on a
different website — like a YouTube video — a request
is made to the embedded content's owner to retrieve
it.
Internal systems.
APIs aren't only for sharing data externally.
Businesses frequently divide their software
infrastructure into smaller components. These
elements communicate with each other through APIs,
like in a microservice architecture.
Types of APIs
Private APIs. These APIs are only made available to a
company's internal team to boost productivity and
transparency. Developers working for the company can
use these APIs as needed. Third-party developers can’t.
Partner APIs. These APIs are shared externally but only
with those with a business relationship with the API
company. Some businesses use partner APIs because they
want control over who can access their resources and how
they get used.
Open APIs. Open APIs, or public APIs, are available for
external use. While some open APIs are free, others
require a subscription fee, which is often tiered based on
usage.
Benefits of APIs
1. Automation: with APIs, computers rather than people can
manage the work. Through APIs, agencies can update work
flows to make them quicker and more productive.
2. Application: because APIs can access the app components, the
delivery of services and information is more flexible.
3. More scope: with an API an application layer can be created
which can be used to distribute information and services to
new audiences which can be personalized to create custom
user experiences
4. Personalization: through APIs any user or company can
customize the content and services that they use the most.
How to Use an API
1. Select an API.
2. Choose your authorization method.
3. Review the API documentation.
4. Write a request to an endpoint.
5. Connect your app.
We have two new concepts
here:
► protocol
► format
Protocol & Format
► The protocol is the set of rules that defines how applications can interact
with each other
► Format specifies how the data can be sent to and accessed by other
applications.
► The most used protocol is HTTP, which stands for Hypertext Transfer
Protocol, but SOAP, REST and XML-RPC can also be used as means of
communication.
HTTP protocol
► HTTP is the protocol used by web
browsers — referred to as clients —
for communicating with web
servers.
► Here’s how this process looks:
1. The request in this case is sent by
the browser, and includes the
request method, the URI and the
protocol version, followed by other
information.
2. The server receives the request,
and runs a program to process it.
3. The server returns the HTTP
HTTP GET: Your Safe Bet
The HTTP standard says that a GET request is a
request for a representation. It’s not intended to
change any resource state on the server. This
means that if you have a URL to a resource and don’t
know anything more, you can always make a GET
request and get a representation in return. Your GET
request won’t do something disastrous like delete all
the data. We say that GET is a safe method.
HTTP Requests
To make a valid request, the client needs to include
four things:
► URL (Uniform Resource Locator)
► Method
► List of Headers
► Body
HTTP Requests
► URL
► is a unique address for a thing (a noun). Which things get
addresses is entirely up to the business running the server
► become an easy way for the client to tell the server which thing it
wants to interact with
In a typical REST API, a resource will have two URL patterns
assigned to it:
Plural or collection: This represents a collection or group of
resources.
Singular: This respresents a single resource.
HTTP Requests
► Method
► The request method tells the server what kind of action the
client wants the server to take. In fact, the method is
commonly referred to as the request "verb.“
► There are four main types of methods:
► GET — which means that you want to get data from the second
application
► POST — you want to create information and add it in the second
application
► PUT — you want to change data in the second application
► DELETE — you want to delete information from the second
application
HTTP REQUEST
► Headers
► provide meta-information about a request.
They are a simple list of items like the time
the client sent the request and the size of
the request body.
► Body
► The request body contains the data the
client wants to send the server.
HTTP RESPONSE
In the response, the start line includes:
► the HTTP version,
► the status code, which tells you whether or not
the API transaction worked
► folders and parameters that indicate where to
search for data and what exactly to look for
GUESS WHAT IS THE MEANING OF THIS 3 DIGIT
CODE?
200
301
400
500
How to Read an HTTP Response
RESPONSE CODE SAMPLES
200 (OK)
301 (Moved Permanently)
400 (Bad Request)
500 (Internal Server Error)
HTTP GET: How to Read an HTTP Response
HTTP/1.1 200 OK
ETag: "f60e0978bc9c458989815b18ddad6d75"
Last-Modified: Thu, 10 Jan 2013 01:45:22 GMT
Content-Type: application/json
{ "collection":
{
"version" : "1.0",
"href" : "http://www.youtypeitwepostit.com/api/",
"items" : [{ "href" : "http://www.youtypeitwepostit.com/api/messages/21818525390699506",
"data": [
{ "name": "text", "value": "Test." },
{ "name": "date_posted", "value": "2013-04-22T05:33:58.930Z" }
],
"links": []
}
{
How to Read an HTTP Response
The entity-body, sometimes called just the
body
This is a document written in some data
format, which the client is expected to
understand.
If you think of a GET request as a request
for a representation, you can
think of the entity-body as the
representation
How to Read an HTTP Response
These are a series of key-value pairs describing
the entity-body and the HTTP response in
general.
Response headers are sent between the status
code and the entity-body.
How to Read an HTTP Response
The most important HTTP header is Content-Type, which tells the
HTTP client
how to understand the entity-body. It’s so important that its value has
a special
name.
We say the value of the Content-Type header is the entity-body’s
media
type. (It’s also called the MIME type or the content type. Sometimes
“media type” is
hyphenated: media-type.)
JSON (JavaScript Object Notation)
If you’re a web developer, you probably recognize this entity-body as a JSON
document.
In case you don’t, here’s a very quick introduction to JSON.
JSON, described in RFC 4627, is a standard for representing simple data
structures in plain text. It uses double quotes to describe strings:
"this is a string"
It uses square brackets to describe lists:
[1, 2, 3]
It uses curly brackets to describe objects(collections of key-value pairs):
{"key": "value“}
Understanding REST Headers
and Parameters
Headers
The REST headers and parameters contain a wealth of
information that can help you track down issues when you
encounter them. HTTP Headers are an important part of the
API request and response as they represent the meta-data
associated with the API request and response. Headers carry
information for:
► Request and Response Body
► Request Authorization
► Response Caching
► Response Cookies
Headers
► The headers that you will encounter the most during API testing are the following, you may
need to set values for these or set assertions against these headers to ensure that they
convey the right information and everything works fine in the API:
► Authorization: Carries credentials containing the authentication information of the client
for the resource being requested.
► WWW-Authenticate: This is sent by the server if it needs a form of authentication before it
can respond with the actual resource being requested. Often sent along with a response
code of 401, which means ‘unauthorized’.
► Accept-Charset: This is a header which is set with the request and tells the server about
which character sets are acceptable by the client.
► Content-Type: Indicates the media type (text/html or text/JSON) of the response sent to
the client by the server, this will help the client in processing the response body correctly.
► Cache-Control: This is the cache policy defined by the server for this response, a cached
response can be stored by the client and re-used till the time defined by the Cache-Control
header.
Parameters
► REST parameters specify the variable parts of your
resources:
► the data that you are working with. In a REST request the
resource that you are working with is specified in the URL –
Uniform Resource Locator. The URL is a special case of the
URI – Uniform Resource Identifier – which consists of four
parts:
► Sample
► scheme_name:hierarchical_part?query#fragment
RESTful Resources
► RESTful service it is very desirable to have all your resources structured by
their hierarchy. These are then specified in the hierarchical part of the
URL.
The hierarchical parts are all
1) required,
2) unique. This means that none of them can be omitted, and all of them can
appear only once. Certain parts of the URL are going to be fixed (such as the
server name, port, and endpoint), and certain parts are going to be
parametrized. The parametrized parts are often denoted in code and in
documentation by curly braces.
Sample
http://server.test:8080/order_api/{customer_id}/{order_id}/{book_id}