![]() Since we do not have a web app, we do not have any URL. When working with OAuth2, you will need a web app URL and a URL to redirect the user to once they authorize/give permission. Using the GitHub API (OAuth2)Īs mentioned above, OAuth2 is mostly used with Flask/Django APPs. Let’s take a look at a couple of examples. This access token can now be used as a key and be passed as a header object when making requests to the endpoint.This code will have to be given to another endpoint which will exchange it for an access token.The authentication endpoint will ask for permission and will have to be authorized.The client ID and client Secret will be passed as query parameters. We will have to make a request to the API’s authentication endpoint.The client app will have a client ID and Client Secret.We will have to create a client app on the API’s website.If it doesn’t make sense, skip over to the Github or Genius API section and it should make more sense. I won’t be going too much into detail on how OAuth2 works since that is beyond the scope of this article. However, we will be using the OAuth2 web flow to authenticate ourselves. Although it supports key-based authentication, its endpoint requires OAuth2, it is possible to get a token and authenticate yourself by passing the key in the headers object. We will also be talking about the Genius API. The GitHub API supports OAuth2 authentication as well. However, some APIs need OAuth2 for all their endpoints. Using OAuth2 web flow to authenticate is usually used in Flask/Django apps when you need a “Sign Up using Google”, “Sign Up using Facebook” option. Our requests are still being authenticated, but the Session object takes care of it. Response = session.get(base_api_endpoint + '/emails')Īfter I set the session’s auth value to the HTTPBasicAuth instance, I can simply make requests without passing the authentication each time. Response = session.get(base_api_endpoint + '/repos') GITHUB_API_TOKEN = os.environ.get("GITHUB_API_TOKEN")Īuth = HTTPBasicAuth("rahulbanerjee26", GITHUB_API_TOKEN) You can get one by following this tutorial. The username will be your GitHub username and the password is your personal access token. We will work with the GitHub API which is secured using BasicAuth. You’ll have to authenticate once and can make requests without needing to pass the key or the auth instance. Instead of passing the API Key or HTTPBasicAuth Instance every time you make a request to a secured API endpoint, you can create a session object. This will make it significantly easier to work with the API. Before a consumer, an API directly, try searching for a wrapper around it. Unfortunately, not all APIs have a wrapper. TWILIO_ACCOUNT_TOKEN = os.environ.get("TWILIO_ACCOUNT_TOKEN")Ĭlient = Client(TWILIO_ACCOUNT_SID, TWILIO_ACCOUNT_TOKEN)Īs you can see, the code is a few lines shorter and looks much cleaner. TWILIO_ACCOUNT_SID = os.environ.get("TWILIO_ACCOUNT_SID") Let’s try to do the same thing we did in the previous section with Twilio from twilio.rest import Client It can be installed using pip pip install twilio The Twilio API we discussed earlier has a wrapper. However, the wrappers make your code look cleaner. Under the hood, the libraries still make use of requests and headers to make requests. These libraries help communicate with APIs in a syntactically cleaner way. With respect to Python, API wrappers are essentially libraries/packages which can be installed using pip. If the API you are using, uses Basic Auth to secure its endpoints, refer to the docs for the username and password. As mentioned before, it can be different for different APIs. In the case of twilio, the username is your account sid and the password is your account token. This instance is passed as an argument when making the request. It takes in the username and password respectively as arguments. Response = requests.get(api_endpoint, auth = auth) Print(f"/Calls.json?PageSize=5'Īuth = HTTPBasicAuth(TWILIO_ACCOUNT_SID, TWILIO_ACCOUNT_TOKEN) The above API returns random Cat Facts import requestsįor idx, item in enumerate(response.json()): Let’s make a request to the following endpoint The Cat Facts API does not require any authentication and is fairly straightforward to work with. ![]() If you need a refresher, you can refer to my previous article. Some familiarity with the requests library is expected. You can find the source code here Table of Contents We will be working with the following APIS This guide should help you work with APIs which are secured using Keys, BasicAuth, or OAuth2. ![]() Not all APIs are as well documented as Twilio. We will be using Python to consume the APIs. In this article, we will be working with 5 different APIs which use different types of authentication.
0 Comments
Leave a Reply. |