際際滷

際際滷Share a Scribd company logo

Getting Started with Public APIs

Eryn O'Neil
Eryn O'Neil

Everyone's talking about writing APIs, but before you ever write your own API you should have experience using someone else's. But authentication keys, tokens, REST, JSON, endpoints-- it's a lot to learn, and hard to know where to start. This presentation will break down everything you need to know to get started with some of the most popular publicly-accessible APIs on the web, like Flickr, LinkedIn, and last.fm. From choosing an API, to authenticating, to accessing the data so you can work with it again in your own code, we'll demystify the whole path so you have no reason not to jump in and get started.

1 of 21
Download to read offline
Getting Started With Public APIs Eryn ONeil @eryno
Todays Agenda Evaluating an API Authentication Testing (Hello, API!) Now What?
Todays (and Forevers) Ground Rules: If you dont understand: Ask. No, really. Ask! No dumb questions. If you get too into the weeds, I might cut you off. But err on the side of asking.
Most important ground rule: Dont be afraid to start slow and enjoy yourself. So you dont know how OAuth works. So what? You dont need to yet. You arent less of a programmer if you abstract away the complicated parts or dont know what endpoint means. (Its just a fancy word for URL, anyway). We all start somewhere.
Evaluating an API Or: Um, which one should I pick?
Where should I start? Prioritize ease of use over popularity.
Reasonable Approaches Flickr Last.fm Twilio Lots and lots of other sites There Be Dragons Twitter Facebook
Evaluating an API: Documentation
Evaluating an API: Documentation
Authentication Or: I promise Im me isnt good enough for you?
Authentication Authentication can be hard to implement well. Fortunately, you arent implementing it. Common methods: No authentication HTTP Basic Authentication HMAC OAuth / OAuth2
Authentication: None! Not very common, because its harder to limit abuse. But if you find one, they make a great place to learn your tools. Keep APIs available with one weird trick: Dont be a jerk. Example: http://jsonplaceholder.typicode.com/
Authentication: HTTP Basic Authentication HTTP Basic Auth is as old as the internet and baked into every web browser. Its not the most secure method, but it is very convenient. How it works: 1. Get a username and password 2. Base64 encode the string username:password 3. Pass the base64-encoded string as an HTTP header named Authorization. 4. Done.
Authentication: HTTP Basic Authentication Practically speaking 1. Use PHP: 2. Send it in the URL: http://username:password@www.example.com/ 3. Use Postman.
Um, whats Postman? Im so glad you asked. https://www.getpostman.com/
Authentication: HMAC & OAuth HMAC = [keyed-]Hash Message Authentication Code A pre-agreed upon way of hashing several pieces of data-- usually a username, a secret key or password, the request being made (URL), and something that changes every request (like a timestamp). OAuth isnt an acronym, but it basically means Open Authentication An implementation of HMAC, plus a standard script for HTTP calls that allows a client (ex: you) to authenticate against a server (ex: Twitter) asynchronously.
Authentication: HMAC & OAuth Theyre both great, but theyre a little complicated to describe in this talk. One day you may write an OAuth server or client. That will be a great time to learn more about it. Until then: Use the magic OAuth button in Postman.
Okay, I got my instant gratification. I need more than Postman. Now what? Write something! Slim: http://www.slimframework.com/
Possibilities Download listening data from Last.fm and find out how many people are both Metallica fans and One Direction fans. Write a script that auto-rejects LinkedIn requests for every recruiter that emails you with a job that has nothing to do with your skills. Automatically pull every cat photo from Flickr and change your desktop every 15 minutes. (You wont get through every cat photo, but if you try to do it in real time youll probably freeze your machine.)
I hate those ideas. Where can I find more? http://www.programmableweb.com/apis/directory
So, what are you going to build? (Thanks!)

More Related Content

Getting Started with Public APIs

  • 1. Getting Started With Public APIs Eryn ONeil @eryno
  • 2. Todays Agenda Evaluating an API Authentication Testing (Hello, API!) Now What?
  • 3. Todays (and Forevers) Ground Rules: If you dont understand: Ask. No, really. Ask! No dumb questions. If you get too into the weeds, I might cut you off. But err on the side of asking.
  • 4. Most important ground rule: Dont be afraid to start slow and enjoy yourself. So you dont know how OAuth works. So what? You dont need to yet. You arent less of a programmer if you abstract away the complicated parts or dont know what endpoint means. (Its just a fancy word for URL, anyway). We all start somewhere.
  • 5. Evaluating an API Or: Um, which one should I pick?
  • 6. Where should I start? Prioritize ease of use over popularity.
  • 7. Reasonable Approaches Flickr Last.fm Twilio Lots and lots of other sites There Be Dragons Twitter Facebook
  • 8. Evaluating an API: Documentation
  • 9. Evaluating an API: Documentation
  • 10. Authentication Or: I promise Im me isnt good enough for you?
  • 11. Authentication Authentication can be hard to implement well. Fortunately, you arent implementing it. Common methods: No authentication HTTP Basic Authentication HMAC OAuth / OAuth2
  • 12. Authentication: None! Not very common, because its harder to limit abuse. But if you find one, they make a great place to learn your tools. Keep APIs available with one weird trick: Dont be a jerk. Example: http://jsonplaceholder.typicode.com/
  • 13. Authentication: HTTP Basic Authentication HTTP Basic Auth is as old as the internet and baked into every web browser. Its not the most secure method, but it is very convenient. How it works: 1. Get a username and password 2. Base64 encode the string username:password 3. Pass the base64-encoded string as an HTTP header named Authorization. 4. Done.
  • 14. Authentication: HTTP Basic Authentication Practically speaking 1. Use PHP: 2. Send it in the URL: http://username:password@www.example.com/ 3. Use Postman.
  • 15. Um, whats Postman? Im so glad you asked. https://www.getpostman.com/
  • 16. Authentication: HMAC & OAuth HMAC = [keyed-]Hash Message Authentication Code A pre-agreed upon way of hashing several pieces of data-- usually a username, a secret key or password, the request being made (URL), and something that changes every request (like a timestamp). OAuth isnt an acronym, but it basically means Open Authentication An implementation of HMAC, plus a standard script for HTTP calls that allows a client (ex: you) to authenticate against a server (ex: Twitter) asynchronously.
  • 17. Authentication: HMAC & OAuth Theyre both great, but theyre a little complicated to describe in this talk. One day you may write an OAuth server or client. That will be a great time to learn more about it. Until then: Use the magic OAuth button in Postman.
  • 18. Okay, I got my instant gratification. I need more than Postman. Now what? Write something! Slim: http://www.slimframework.com/
  • 19. Possibilities Download listening data from Last.fm and find out how many people are both Metallica fans and One Direction fans. Write a script that auto-rejects LinkedIn requests for every recruiter that emails you with a job that has nothing to do with your skills. Automatically pull every cat photo from Flickr and change your desktop every 15 minutes. (You wont get through every cat photo, but if you try to do it in real time youll probably freeze your machine.)
  • 20. I hate those ideas. Where can I find more? http://www.programmableweb.com/apis/directory
  • 21. So, what are you going to build? (Thanks!)