Jesse Wolgamott • Former Instructor, Back-End Engineer at TIY Houston • Currently: Director, Back-end Engineering, The Iron Yard • Developer since 1997 • First JSON API: 2002
History, Quickly • API: “Application Programming Interface” • Standard input/output for a library to be used and re-used • Computers have APIs (BIOS, Hard Drives, Operating Systems)
History, Quickly • Software worked over the “network” before the internet • They would connect via “APIs” to a remote server. • Known as “Client/Server”
API Requests • There’s no difference between your browser requesting facebook.com and a computer program making an “API” call • facebook.com might return HTML to your browser and JSON to the program
Headers • Both requests and responses contain “headers” • Headers are sent/received with all requests/responses • They help browsers and computers do their thing
Method • Each Request has an HTTP-Method • GET -> request data • POST -> here’s new (or updated) data • DELETE -> delete data at this URL • PATCH -> here’s what to update
Shape of Data • Each server will return different shapes of data • This is dependent of whatever developer happened to code that one day they were employed there
Shape of Data • You have to exactly know the shape of data to get anything of value out of the API • You won’t know the shape of data until making calls and manually looking at data
Essential Tools • You have to exactly know the shape of data to get anything of value out of the API • You won’t know the shape of data until making calls and manually looking at data • Sometimes you get documentation • Sometimes documentation is out of date
User Authentication • User Authorization: Trade username and password for a token • All requests then contain token. • Without request, 401 • Token can be in Header or a URL parameter.
Two Types • Password Grant - used for me to trade my username/password on a site for an auth token • Sign in with Facebook / Google / Spotify / GitHub, etc
Oauth Difficulty • Difficult to get the “Connect” oauth right • It is also the only responsible way to get a user’s information to your site from a second site