API for non-devs 101?

SpaceIgniter

Master of Messengers
Joined
Mar 31, 2006
Messages
24,062
Hey freaks,

Could anyone with API knowledge please share a basic 101 tutorial?

There's some web solutions I use that I'd like API integration.
I want to learn how to do it, properly.

Thanks :D
Have a cool day.
 

John_Phoenix

Senior Member
Joined
Jul 8, 2017
Messages
975
How much programming knowledge do you have? That'll help set the tone, and what do you think is the function of an api?
 

Nemoneiros

Executive Member
Joined
Feb 14, 2012
Messages
6,942
Hey freaks,

Could anyone with API knowledge please share a basic 101 tutorial?

There's some web solutions I use that I'd like API integration.
I want to learn how to do it, properly.

Thanks :D
Have a cool day.
I've stopped with the phreaking long time ago.
 

SpaceIgniter

Master of Messengers
Joined
Mar 31, 2006
Messages
24,062
Thanks, but no.

The API is there.
I don't want to make my own.
I want the API to pull/push updates to my site in realtime.

Any takers?
 

B-1

Expert Member
Joined
Apr 17, 2020
Messages
1,316
As an example can you tell me how a book ends? There are many different types, languages etc etc of API's you will need to be specific.
 

SpaceIgniter

Master of Messengers
Joined
Mar 31, 2006
Messages
24,062
As an example can you tell me how a book ends? There are many different types, languages etc etc of API's you will need to be specific.
I have no clue, hence the reference that I need a tutorial for beginners.
It's like you asking me, where's the house? I answer you, build it first?

Get my drift?
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
40,967
I have no clue, hence the reference that I need a tutorial for beginners.
It's like you asking me, where's the house? I answer you, build it first?

Get my drift?
Relatively simple with requests and json on python.
How is your website built? Static html or php? Because you can so do api requests using php and client javascript.
 

SpaceIgniter

Master of Messengers
Joined
Mar 31, 2006
Messages
24,062
Relatively simple with requests and json on python.
How is your website built? Static html or php? Because you can so do api requests using php and client javascript.
Hi.

It's static, but the pages are html, similar to a WordPress site. The framework is PHP.
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
40,967
Hi.

It's static, but the pages are html, similar to a WordPress site. The framework is PHP.
Then it may be an idea to do the coding in php, and use a server side include to add item in your page.

Whatever framework you are using probably already has the objects available to make your api calls.


Or you can use something like this :
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
28,114

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
40,967
Would probably do it full in javascript since just keep it in browser (can also do the token storage/handling there, etc.). This is free: https://www.coursera.org/projects/restful-api-http-javascript

If you want a full book explaining Rest: https://pepa.holla.cz/wp-content/uploads/2016/01/REST-in-Practice.pdf but don't think you need it unless you're designing stuff tbh, still an interesting read if you're new to it (the book is the MS recommended reading).
I thought of that. The only issue with client javascript is your pull is exposed, and be quite easily copied. So pull it to your server in serverside script, and pull it from your server using samesite checks and javascript.
 

SpaceIgniter

Master of Messengers
Joined
Mar 31, 2006
Messages
24,062
Thanks guys,
That should set me on the right path.
If I get stuck I'll ask.
Sleep well.
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
40,967
Thanks guys,
That should set me on the right path.
If I get stuck I'll ask.
Sleep well.
Keep in mind there are often limits to how often you can pull data from api. If you are sending your get request on page load, you might come a cropper as you can't control how often people load a page.

So you need some timestamp and caching mechanism so that if a certain time has not passed from the last request, it loads from local cache as opposed to requesting again. This can even be achieved by text files, so it's relative easy. Will also speed up the end user experience of your site
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
28,114
I thought of that. The only issue with client javascript is your pull is exposed, and be quite easily copied. So pull it to your server in serverside script, and pull it from your server using samesite checks and javascript.
Shouldn't matter, either the API is open, or it requires credentials to access. If the actual pull is supposed to be private, don't host it and rather keep a copy of the site on google drive or behind an htaccess block.
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
40,967
Shouldn't matter, either the API is open, or it requires credentials to access. If the actual pull is supposed to be private, don't host it and rather keep a copy of the site on google drive or behind an htaccess block.

I think you misunderstand. Using client side javascript to make a rest request exposes where the source of the data is. I have seen n00bs who have exposed their entire website content sources including api keys using ajax, and didn't even know that the keys to the kingdom are just outside the door.

Whilst javascript can be and will be used to pull the data in and display it. It needs to pull from a source that you control rather than one controlled by a 3rx party. So in essence there is server side script required
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
28,114
I think you misunderstand. Using client side javascript to make a rest request exposes where the source of the data is. I have seen n00bs who have exposed their entire website content sources including api keys using ajax, and didn't even know that the keys to the kingdom are just outside the door.

Whilst javascript can be and will be used to pull the data in and display it. It needs to pull from a source that you control rather than one controlled by a 3rx party. So in essence there is server side script required
Does it matter where the source of the data is? You should be securing the source rest API (which I assume the other person did), and it should be using a token for each individual client fetch/post, it shouldn't be a hardcoded token that belongs to tera. Otherwise you make it so that there's an input field at the beginning and you hit go and it fetches/pushes it based on the token entered for the duration of the session.
 

IndigoIdentity

Expert Member
Joined
May 10, 2010
Messages
1,464
I think you misunderstand. Using client side javascript to make a rest request exposes where the source of the data is. I have seen n00bs who have exposed their entire website content sources including api keys using ajax, and didn't even know that the keys to the kingdom are just outside the door.

Whilst javascript can be and will be used to pull the data in and display it. It needs to pull from a source that you control rather than one controlled by a 3rx party. So in essence there is server side script required

Well, most web frameworks tackle this in two parts:

1.) Routing which takes a request such as GET /mypage and routes it to some logic ../controllers/myPageController
2.) Routing policies which apply certain logic to incoming requests such as when an "authenticated" user can see a specific page

The combination of these two and some lower level stuff I guess can produce an "API" which would be able to serve responses for various external requests (say from ajax via a web client).

I may be mis-understanding you when you say that making a request client side exposes where the source of the data, how else is a client supposed to communicate with a server if you're not exposing this information? In actual fact exposing an API endpoint would only have a negative consequence if the endpoint responded to unauthorised requests such as in your example where an endpoint might output sensitive information to parties which should not be authorised to access the information.
 
Top