Everyone's talking about writing APIs, but before you ever write your own API you should have experience using someone else's. But authentication keys, tokens, REST, JSON, endpoints-- it's a lot to learn, and hard to know where to start. This presentation will break down everything you need to know to get started with some of the most popular publicly-accessible APIs on the web, like Flickr, LinkedIn, and last.fm. From choosing an API, to authenticating, to accessing the data so you can work with it again in your own code, we'll demystify the whole path so you have no reason not to jump in and get started.
3. Today’s (and Forever’s) Ground Rules:
● If you don’t understand: Ask.
● No, really. Ask! No dumb questions.
● If you get too into the weeds, I might cut you off.
But err on the side of asking.
4. Most important ground rule:
Don’t be afraid to start slow and enjoy yourself.
So you don’t know how OAuth works. So what? You don’t need to yet.
You aren’t less of a programmer if you abstract away the complicated parts or don’t
know what “endpoint” means. (It’s just a fancy word for “URL”, anyway).
We all start somewhere.
11. Authentication
Authentication can be hard to
implement well. Fortunately, you
aren’t implementing it.
Common methods:
● No authentication
● HTTP Basic Authentication
● HMAC
● OAuth / OAuth2
12. Authentication: None!
Not very common, because it’s harder to limit abuse.
But if you find one, they make a great place to learn your tools.
Keep APIs available with one weird trick: Don’t be a jerk.
Example: http://jsonplaceholder.typicode.com/
13. Authentication: HTTP Basic Authentication
HTTP Basic Auth is as old as the internet and baked into every web browser. It’s not
the most secure method, but it is very convenient.
How it works:
1. Get a username and password
2. Base64 encode the string “username:password”
3. Pass the base64-encoded string as an HTTP header named Authorization.
4. Done.
14. Authentication: HTTP Basic Authentication
Practically speaking…
1. Use PHP:
2. Send it in the URL:
http://username:password@www.example.com/
3. Use Postman.
16. Authentication: HMAC & OAuth
HMAC = [keyed-]Hash Message Authentication Code
A pre-agreed upon way of hashing several pieces of data-- usually a username, a
secret key or password, the request being made (URL), and something that
changes every request (like a timestamp).
OAuth isn’t an acronym, but it basically means “Open Authentication”
An implementation of HMAC, plus a standard script for HTTP calls that allows a
client (ex: you) to authenticate against a server (ex: Twitter) asynchronously.
17. Authentication: HMAC & OAuth
They’re both great, but they’re a little complicated to describe in this talk.
One day you may write an OAuth server or client. That will be a great time to learn
more about it.
Until then: Use the magic OAuth button in Postman.
18. Okay, I got my instant gratification. I
need more than Postman. Now what?
Write something!
Slim: http://www.slimframework.com/
19. Possibilities
Download listening data from Last.fm and find out how many people are both
Metallica fans and One Direction fans.
Write a script that auto-rejects LinkedIn requests for every recruiter that emails you
with a job that has nothing to do with your skills.
Automatically pull every cat photo from Flickr and change your desktop every 15
minutes. (You won’t get through every cat photo, but if you try to do it in real time
you’ll probably freeze your machine.)
20. I hate those ideas.
Where can I find more?
http://www.programmableweb.com/apis/directory