AiPro Institute
🔒 MEMBER EXCLUSIVE RESOURCE
📡 API Integration Guide
Master API Integration for Business Applications
🎯 API Fundamentals
What is an API?
API (Application Programming Interface) is a set of rules and protocols that allows different software applications to communicate with each other.
Real-World Analogy:
Think of an API as a waiter in a restaurant:
- You (the client) make a request from the menu
- The waiter (API) takes your order to the kitchen (server)
- The kitchen prepares your food (processes the request)
- The waiter brings your food back (returns the response)
Key Benefits for Business
⚡ Automation
Automate repetitive tasks and data synchronization between systems.
🔗 Integration
Connect different tools and platforms seamlessly (CRM, payment, analytics).
📊 Real-Time Data
Access live data from multiple sources instantly.
💰 Cost Efficiency
Leverage existing services instead of building from scratch.
REST API Principles
REST (Representational State Transfer) is the most common API architecture used in modern web services.
| REST Principle | Description | Business Impact |
|---|---|---|
| Stateless | Each request contains all information needed | Scalable, reliable systems |
| Client-Server | Separation of concerns | Independent development & updates |
| Cacheable | Responses can be cached | Faster performance, reduced costs |
| Uniform Interface | Consistent API design | Easier to learn and use |
| Layered System | Architecture can be composed of layers | Security, load balancing |
🔧 HTTP Methods & Operations
Core HTTP Methods (CRUD Operations)
CRUD Mapping: Create, Read, Update, Delete
GET
Read/Retrieve Data
Use Case: Fetch user data, retrieve product list, get order details
Characteristics: Safe, idempotent, cacheable, no request body
Characteristics: Safe, idempotent, cacheable, no request body
# Python Example: GET Request
import requests
# Fetch user data
response = requests.get('https://api.example.com/users/123')
user_data = response.json()
# With query parameters
params = {'page': 1, 'limit': 10, 'status': 'active'}
response = requests.get('https://api.example.com/products', params=params)
POST
Create New Resource
Use Case: Create new user, submit form, place order
Characteristics: Not safe, not idempotent, includes request body
Characteristics: Not safe, not idempotent, includes request body
# Python Example: POST Request
import requests
# Create new user
new_user = {
'name': 'John Doe',
'email': '[email protected]',
'role': 'manager'
}
response = requests.post(
'https://api.example.com/users',
json=new_user,
headers={'Content-Type': 'application/json'}
)
if response.status_code == 201:
created_user = response.json()
print(f"User created with ID: {created_user['id']}")
PUT
Update/Replace Entire Resource
Use Case: Update user profile completely, replace document
Characteristics: Not safe, idempotent, replaces entire resource
Characteristics: Not safe, idempotent, replaces entire resource
# Python Example: PUT Request
updated_user = {
'name': 'John Doe Updated',
'email': '[email protected]',
'role': 'senior_manager',
'status': 'active'
}
response = requests.put(
'https://api.example.com/users/123',
json=updated_user
)
PATCH
Partial Update
Use Case: Update specific fields only (e.g., just email or status)
Characteristics: Not safe, partial modification
Characteristics: Not safe, partial modification
# Python Example: PATCH Request
# Only update the status field
partial_update = {
'status': 'inactive'
}
response = requests.patch(
'https://api.example.com/users/123',
json=partial_update
)
DELETE
Remove Resource
Use Case: Delete user account, remove product, cancel order
Characteristics: Not safe, idempotent
Characteristics: Not safe, idempotent
# Python Example: DELETE Request
response = requests.delete('https://api.example.com/users/123')
if response.status_code == 204:
print("User successfully deleted")
Method Comparison Table
| Method | Purpose | Idempotent? | Safe? | Request Body? | Success Code |
|---|---|---|---|---|---|
| GET | Read data | ✓ Yes | ✓ Yes | ✗ No | 200 OK |
| POST | Create new | ✗ No | ✗ No | ✓ Yes | 201 Created |
| PUT | Full update | ✓ Yes | ✗ No | ✓ Yes | 200 OK / 204 No Content |
| PATCH | Partial update | ~ Maybe | ✗ No | ✓ Yes | 200 OK |
| DELETE | Remove | ✓ Yes | ✗ No | ~ Optional | 204 No Content |
📊 HTTP Status Codes
Understanding Status Codes
Status codes tell you the result of your API request. They're grouped into five categories:
2xx - Success ✓
Request was successful
3xx - Redirection ↪
Further action needed
4xx - Client Error ⚠
Problem with request
5xx - Server Error ✗
Server-side problem
Common Status Codes
| Code | Status | Meaning | What To Do |
|---|---|---|---|
| 200 | OK | Request successful | Process the response data |
| 201 | Created | Resource created successfully | Use returned resource ID |
| 204 | No Content | Success, but no data to return | Confirm operation completed |
| 301 | Moved Permanently | Resource has new URL | Update your endpoint URL |
| 304 | Not Modified | Cached version is current | Use cached data |
| 400 | Bad Request | Invalid request format | Check request syntax/data |
| 401 | Unauthorized | Authentication required | Provide valid credentials |
| 403 | Forbidden | No permission | Check account permissions |
| 404 | Not Found | Resource doesn't exist | Verify endpoint URL/ID |
| 429 | Too Many Requests | Rate limit exceeded | Wait and retry with backoff |
| 500 | Internal Server Error | Server-side problem | Retry later, contact support |
| 503 | Service Unavailable | Temporary server overload | Retry with exponential backoff |
Error Handling Best Practices
# Python: Comprehensive Error Handling
import requests
from requests.exceptions import RequestException
import time
def make_api_request(url, max_retries=3):
for attempt in range(max_retries):
try:
response = requests.get(url, timeout=10)
# Handle different status codes
if response.status_code == 200:
return response.json()
elif response.status_code == 429:
# Rate limit - wait and retry
wait_time = 2 ** attempt # Exponential backoff
print(f"Rate limited. Waiting {wait_time}s...")
time.sleep(wait_time)
continue
elif response.status_code == 401:
raise Exception("Authentication failed. Check API key.")
elif response.status_code == 404:
raise Exception(f"Resource not found: {url}")
else:
response.raise_for_status()
except RequestException as e:
print(f"Attempt {attempt + 1} failed: {e}")
if attempt == max_retries - 1:
raise
time.sleep(2 ** attempt)
return None
# Usage
data = make_api_request('https://api.example.com/data')
🔐 API Authentication Methods
1. API Keys
Most Common: Simple, widely used for public APIs
Security Level: Basic to Medium
Use Case: Third-party API access, internal tools
Security Level: Basic to Medium
Use Case: Third-party API access, internal tools
# Python: API Key in Header (Recommended)
import requests
api_key = "your_api_key_here"
headers = {
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json"
}
response = requests.get(
"https://api.example.com/data",
headers=headers
)
# Alternative: API Key in Query Parameter (Less Secure)
response = requests.get(
f"https://api.example.com/data?api_key={api_key}"
)
// JavaScript: API Key Authentication
const apiKey = 'your_api_key_here';
fetch('https://api.example.com/data', {
method: 'GET',
headers: {
'Authorization': `Bearer ${apiKey}`,
'Content-Type': 'application/json'
}
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
API Key Best Practices:
- Store API keys in environment variables, never hardcode
- Use different keys for development and production
- Rotate keys regularly (every 90 days)
- Implement IP whitelisting when possible
- Monitor usage to detect unauthorized access
2. OAuth 2.0
Most Secure: Industry standard for user authorization
Security Level: High
Use Case: User data access (Google, Facebook, LinkedIn APIs)
Security Level: High
Use Case: User data access (Google, Facebook, LinkedIn APIs)
OAuth 2.0 Flow
1
Authorization Request: User clicks "Login with Google/Facebook"
2
User Consent: User approves access to their data
3
Authorization Code: Provider returns a temporary code
4
Token Exchange: Your app exchanges code for access token
5
API Access: Use access token to make API requests
# Python: OAuth 2.0 Example with Google API
from google.oauth2 import credentials
from google_auth_oauthlib.flow import InstalledAppFlow
import requests
# Step 1: Get authorization URL
SCOPES = ['https://www.googleapis.com/auth/userinfo.email']
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES
)
# Step 2: Run local server to handle callback
creds = flow.run_local_server(port=8080)
# Step 3: Use access token
headers = {'Authorization': f'Bearer {creds.token}'}
response = requests.get(
'https://www.googleapis.com/oauth2/v1/userinfo',
headers=headers
)
user_info = response.json()
print(f"User email: {user_info['email']}")
3. JWT (JSON Web Tokens)
Modern Standard: Self-contained, stateless authentication
Security Level: High
Use Case: Microservices, Single Sign-On (SSO)
Security Level: High
Use Case: Microservices, Single Sign-On (SSO)
JWT Structure: header.payload.signature
# Python: JWT Authentication
import jwt
import datetime
import requests
# Step 1: Create JWT
secret_key = "your_secret_key"
payload = {
'user_id': 123,
'email': '[email protected]',
'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=1)
}
token = jwt.encode(payload, secret_key, algorithm='HS256')
# Step 2: Use JWT in API request
headers = {'Authorization': f'Bearer {token}'}
response = requests.get(
'https://api.example.com/protected',
headers=headers
)
# Step 3: Verify JWT on server side
try:
decoded = jwt.decode(token, secret_key, algorithms=['HS256'])
user_id = decoded['user_id']
except jwt.ExpiredSignatureError:
print("Token has expired")
except jwt.InvalidTokenError:
print("Invalid token")
4. Basic Authentication
Simplest Method: Username and password encoded in Base64
Security Level: Low (requires HTTPS)
Use Case: Internal tools, simple APIs with HTTPS
Security Level: Low (requires HTTPS)
Use Case: Internal tools, simple APIs with HTTPS
# Python: Basic Authentication
import requests
from requests.auth import HTTPBasicAuth
# Method 1: Using HTTPBasicAuth
response = requests.get(
'https://api.example.com/data',
auth=HTTPBasicAuth('username', 'password')
)
# Method 2: Shorthand
response = requests.get(
'https://api.example.com/data',
auth=('username', 'password')
)
Security Warning: Never use Basic Auth over HTTP (unencrypted). Always use HTTPS to prevent credential interception.
Authentication Method Comparison
| Method | Security | Complexity | Best For | Popular Services |
|---|---|---|---|---|
| API Key | ⭐⭐⭐ | Easy | Public APIs, automation | OpenAI, Stripe, SendGrid |
| OAuth 2.0 | ⭐⭐⭐⭐⭐ | Complex | User data access | Google, Facebook, GitHub |
| JWT | ⭐⭐⭐⭐ | Medium | Microservices, SSO | Auth0, Okta, Custom APIs |
| Basic Auth | ⭐⭐ | Very Easy | Internal tools, HTTPS only | Legacy systems, Simple APIs |
📦 Request & Response Structure
API Request Anatomy
Complete API Request Components:
- Base URL: API server address (e.g., https://api.example.com)
- Endpoint: Specific resource path (e.g., /v1/users/123)
- HTTP Method: Action to perform (GET, POST, etc.)
- Headers: Metadata (authentication, content type)
- Query Parameters: Filter/pagination (e.g., ?page=1&limit=10)
- Request Body: Data payload (for POST/PUT/PATCH)
Complete Request Example
# Python: Complete API Request
import requests
import json
# 1. Base URL + Endpoint
url = "https://api.example.com/v1/orders"
# 2. Headers (authentication, content type)
headers = {
"Authorization": "Bearer your_api_token",
"Content-Type": "application/json",
"Accept": "application/json",
"User-Agent": "MyApp/1.0"
}
# 3. Query Parameters (filtering, pagination)
params = {
"status": "pending",
"page": 1,
"limit": 20,
"sort": "created_at:desc"
}
# 4. Request Body (data to send)
data = {
"customer_id": 12345,
"items": [
{"product_id": 101, "quantity": 2, "price": 29.99},
{"product_id": 205, "quantity": 1, "price": 49.99}
],
"total": 109.97,
"currency": "USD"
}
# 5. Make the request
response = requests.post(
url,
headers=headers,
params=params,
json=data,
timeout=30
)
# 6. Handle response
if response.status_code == 201:
order = response.json()
print(f"Order created: {order['id']}")
else:
print(f"Error: {response.status_code} - {response.text}")
Common Headers
| Header | Purpose | Example Value |
|---|---|---|
| Authorization | Authentication credentials | Bearer eyJhbGc... |
| Content-Type | Format of request body | application/json |
| Accept | Preferred response format | application/json |
| User-Agent | Client identification | MyApp/1.0 |
| Accept-Language | Preferred language | en-US, en;q=0.9 |
| Cache-Control | Caching preferences | no-cache |
API Response Structure
Standard JSON Response Format
// Success Response Example
{
"status": "success",
"code": 200,
"message": "Data retrieved successfully",
"data": {
"id": 12345,
"name": "John Doe",
"email": "[email protected]",
"created_at": "2024-01-15T10:30:00Z"
},
"metadata": {
"page": 1,
"per_page": 20,
"total": 150
}
}
// Error Response Example
{
"status": "error",
"code": 400,
"message": "Validation failed",
"errors": [
{
"field": "email",
"message": "Invalid email format"
},
{
"field": "age",
"message": "Must be at least 18"
}
],
"request_id": "req_abc123xyz",
"timestamp": "2024-01-15T10:30:00Z"
}
Parsing JSON Response
# Python: Parse and Handle Response
import requests
response = requests.get('https://api.example.com/users/123')
# Check if request was successful
if response.status_code == 200:
# Parse JSON response
data = response.json()
# Access nested data
user_name = data['data']['name']
user_email = data['data']['email']
# Safe access with .get() method
user_phone = data.get('data', {}).get('phone', 'N/A')
print(f"Name: {user_name}, Email: {user_email}")
else:
# Handle error response
error_data = response.json()
print(f"Error: {error_data['message']}")
# Print validation errors if available
if 'errors' in error_data:
for error in error_data['errors']:
print(f" - {error['field']}: {error['message']}")
⚡ Rate Limiting & Performance
Understanding Rate Limits
What is Rate Limiting?
Rate limiting restricts the number of API requests you can make within a time period (e.g., 100 requests per minute). This prevents abuse and ensures fair usage.
Rate limiting restricts the number of API requests you can make within a time period (e.g., 100 requests per minute). This prevents abuse and ensures fair usage.
Common Rate Limit Headers
| Header | Meaning | Example Value |
|---|---|---|
| X-RateLimit-Limit | Maximum requests allowed | 1000 |
| X-RateLimit-Remaining | Requests left in current window | 750 |
| X-RateLimit-Reset | When limit resets (Unix timestamp) | 1705320000 |
| Retry-After | Seconds to wait before retry | 60 |
Handling Rate Limits
# Python: Rate Limit Handling with Exponential Backoff
import requests
import time
from datetime import datetime
def make_request_with_retry(url, max_retries=5):
for attempt in range(max_retries):
response = requests.get(url)
# Check rate limit headers
remaining = int(response.headers.get('X-RateLimit-Remaining', 999))
if response.status_code == 200:
# Warn if approaching limit
if remaining < 10:
print(f"Warning: Only {remaining} requests remaining")
return response.json()
elif response.status_code == 429:
# Rate limit exceeded
retry_after = int(response.headers.get('Retry-After', 60))
if attempt < max_retries - 1:
print(f"Rate limited. Waiting {retry_after}s...")
time.sleep(retry_after)
else:
raise Exception("Max retries exceeded")
else:
response.raise_for_status()
return None
# Usage with rate limit monitoring
def batch_requests(urls):
results = []
for url in urls:
result = make_request_with_retry(url)
results.append(result)
# Add small delay between requests
time.sleep(0.1)
return results
Exponential Backoff Strategy
# Python: Exponential Backoff Implementation
import time
import random
def exponential_backoff(attempt, base_delay=1, max_delay=60):
"""Calculate wait time with exponential backoff and jitter"""
delay = min(base_delay * (2 ** attempt), max_delay)
jitter = random.uniform(0, delay * 0.1) # Add randomness
return delay + jitter
def resilient_api_call(url, max_attempts=5):
for attempt in range(max_attempts):
try:
response = requests.get(url, timeout=10)
if response.status_code == 200:
return response.json()
elif response.status_code in [429, 503]:
wait_time = exponential_backoff(attempt)
print(f"Attempt {attempt + 1}: Waiting {wait_time:.2f}s")
time.sleep(wait_time)
else:
response.raise_for_status()
except requests.RequestException as e:
if attempt == max_attempts - 1:
raise
wait_time = exponential_backoff(attempt)
time.sleep(wait_time)
API Integration Best Practices
DO's:
- Use HTTPS for all API calls
- Implement retry logic with exponential backoff
- Cache responses when appropriate
- Set reasonable timeout values
- Log all API errors with context
- Validate data before sending
- Use pagination for large datasets
- Monitor API usage and costs
DON'Ts:
- Hardcode API keys in code
- Ignore rate limiting
- Make synchronous calls in loops
- Skip error handling
- Request more data than needed
- Forget to implement timeouts
- Expose API keys in client-side code
- Skip API version checking
Performance Optimization Techniques
🔄 Batch Requests
Combine multiple operations into single API call when supported. Reduces network overhead and improves throughput.
💾 Response Caching
Cache API responses for frequently accessed data. Use cache headers to determine freshness.
⚡ Async/Parallel Requests
Make multiple API calls concurrently for independent requests. Significantly reduces total execution time.
📉 Pagination
Request data in chunks instead of all at once. Improves response time and memory usage.
Async API Requests (Python)
# Python: Async API Calls for Better Performance
import asyncio
import aiohttp
async def fetch_data(session, url):
async with session.get(url) as response:
return await response.json()
async def fetch_all(urls):
async with aiohttp.ClientSession() as session:
# Create tasks for all URLs
tasks = [fetch_data(session, url) for url in urls]
# Execute all tasks concurrently
results = await asyncio.gather(*tasks)
return results
# Usage: Fetch 10 endpoints concurrently
urls = [f'https://api.example.com/users/{i}' for i in range(1, 11)]
results = asyncio.run(fetch_all(urls))
# This is much faster than sequential requests!
🎨 Common API Patterns
1. Pagination
Why Pagination? Breaking large result sets into smaller pages improves performance and user experience.
Pagination Methods
Offset-Based Pagination
GET /users?offset=20&limit=10
# Skip 20, return next 10
Simple
Can miss items
Page-Based Pagination
GET /users?page=3&per_page=10
# Get page 3 (items 21-30)
User-friendly
Most common
Cursor-Based Pagination
GET /users?cursor=abc123&limit=10
# Continue from cursor
Consistent
Best for real-time
Pagination Implementation
# Python: Paginate Through All Results
def fetch_all_users(base_url):
all_users = []
page = 1
per_page = 100
while True:
response = requests.get(
base_url,
params={'page': page, 'per_page': per_page}
)
data = response.json()
users = data['data']
all_users.extend(users)
print(f"Fetched page {page}: {len(users)} users")
# Check if there are more pages
if len(users) < per_page or data['metadata']['has_more'] == False:
break
page += 1
return all_users
# Usage
users = fetch_all_users('https://api.example.com/users')
print(f"Total users fetched: {len(users)}")
2. Filtering & Sorting
# Filtering Examples
GET /products?category=electronics&status=active&price_min=100&price_max=500
# Sorting Examples
GET /products?sort=price:asc # Sort by price ascending
GET /products?sort=-created_at # Sort by date descending (- prefix)
GET /products?sort=category,price # Multi-field sort
# Search
GET /products?q=laptop&search_fields=name,description
# Python: Advanced Filtering
params = {
# Filtering
'status': 'active',
'category': 'electronics',
'price_min': 100,
'price_max': 500,
'brand': ['Apple', 'Samsung'], # Multiple values
# Sorting
'sort': '-popularity,price', # Multi-field
# Pagination
'page': 1,
'per_page': 20,
# Field selection
'fields': 'id,name,price,image' # Only return specific fields
}
response = requests.get('https://api.example.com/products', params=params)
3. Webhooks
What are Webhooks?
Instead of your app repeatedly asking "anything new?" (polling), webhooks let external services notify your app when events occur.
Instead of your app repeatedly asking "anything new?" (polling), webhooks let external services notify your app when events occur.
Webhook Flow
1
Register: Provide your webhook URL to the service
2
Event Occurs: Something happens (payment, new order, etc.)
3
Service Notifies: Service sends POST request to your URL
4
Process: Your app processes the event data
5
Respond: Return 200 OK to acknowledge receipt
# Python Flask: Simple Webhook Receiver
from flask import Flask, request, jsonify
import hmac
import hashlib
app = Flask(__name__)
WEBHOOK_SECRET = "your_webhook_secret"
@app.route('/webhook/stripe', methods=['POST'])
def stripe_webhook():
# 1. Verify webhook signature
signature = request.headers.get('Stripe-Signature')
if not verify_signature(request.data, signature):
return jsonify({'error': 'Invalid signature'}), 403
# 2. Parse webhook payload
event = request.get_json()
event_type = event['type']
# 3. Handle different event types
if event_type == 'payment_intent.succeeded':
payment = event['data']['object']
handle_successful_payment(payment)
elif event_type == 'payment_intent.failed':
payment = event['data']['object']
handle_failed_payment(payment)
# 4. Return success response
return jsonify({'status': 'success'}), 200
def verify_signature(payload, signature):
computed = hmac.new(
WEBHOOK_SECRET.encode(),
payload,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(computed, signature)
4. File Upload/Download
Upload File to API
# Python: File Upload
import requests
# Upload single file
with open('document.pdf', 'rb') as file:
files = {'file': file}
data = {
'title': 'Annual Report',
'category': 'financial'
}
response = requests.post(
'https://api.example.com/upload',
files=files,
data=data
)
# Upload multiple files
files = [
('files', open('doc1.pdf', 'rb')),
('files', open('doc2.pdf', 'rb'))
]
response = requests.post('https://api.example.com/upload', files=files)
Download File from API
# Python: File Download
response = requests.get('https://api.example.com/download/report.pdf', stream=True)
if response.status_code == 200:
with open('downloaded_report.pdf', 'wb') as file:
for chunk in response.iter_content(chunk_size=8192):
file.write(chunk)
print("File downloaded successfully")
# Get filename from response headers
content_disposition = response.headers.get('Content-Disposition')
if content_disposition:
filename = content_disposition.split('filename=')[1].strip('"')
💼 Business Use Cases
🛒 E-Commerce Integration
APIs Used: Stripe, PayPal, Shopify
- Process payments securely
- Manage inventory in real-time
- Track shipments automatically
- Sync orders across platforms
📊 CRM Automation
APIs Used: Salesforce, HubSpot, Pipedrive
- Auto-create leads from forms
- Sync contacts between systems
- Trigger email campaigns
- Generate sales reports
📧 Email Marketing
APIs Used: Mailchimp, SendGrid, Twilio
- Send personalized campaigns
- Track email open/click rates
- Manage subscriber lists
- Automate follow-ups
📅 Calendar Scheduling
APIs Used: Google Calendar, Calendly, Zoom
- Book meetings automatically
- Send calendar invitations
- Create video conference links
- Sync across team calendars
💬 Customer Support
APIs Used: Zendesk, Intercom, Slack
- Create support tickets
- Route inquiries automatically
- Send automated responses
- Track resolution time
📊 Analytics & Reporting
APIs Used: Google Analytics, Mixpanel, Tableau
- Pull analytics data
- Generate custom reports
- Track KPIs in real-time
- Visualize business metrics
Complete Business Integration Example
Scenario: Automate lead generation workflow
When someone fills out a contact form, automatically create a CRM lead, send a welcome email, and notify the sales team on Slack.
When someone fills out a contact form, automatically create a CRM lead, send a welcome email, and notify the sales team on Slack.
# Python: Complete Business Workflow Integration
import requests
class LeadAutomation:
def __init__(self):
self.salesforce_api = "your_salesforce_token"
self.sendgrid_api = "your_sendgrid_key"
self.slack_webhook = "your_slack_webhook_url"
def process_form_submission(self, form_data):
"""Complete workflow for new lead"""
# Step 1: Create lead in Salesforce CRM
lead_id = self.create_crm_lead(form_data)
# Step 2: Send welcome email via SendGrid
email_sent = self.send_welcome_email(form_data['email'])
# Step 3: Notify sales team on Slack
self.notify_sales_team(form_data, lead_id)
return {
'lead_id': lead_id,
'email_sent': email_sent,
'status': 'success'
}
def create_crm_lead(self, data):
"""Create lead in Salesforce"""
url = "https://api.salesforce.com/services/data/v52.0/sobjects/Lead"
headers = {
"Authorization": f"Bearer {self.salesforce_api}",
"Content-Type": "application/json"
}
payload = {
"FirstName": data['first_name'],
"LastName": data['last_name'],
"Email": data['email'],
"Company": data['company'],
"Status": "New",
"LeadSource": "Website"
}
response = requests.post(url, json=payload, headers=headers)
return response.json()['id']
def send_welcome_email(self, email):
"""Send email via SendGrid"""
url = "https://api.sendgrid.com/v3/mail/send"
headers = {
"Authorization": f"Bearer {self.sendgrid_api}",
"Content-Type": "application/json"
}
payload = {
"personalizations": [{"to": [{"email": email}]}],
"from": {"email": "[email protected]"},
"subject": "Welcome! Let's get started",
"content": [{
"type": "text/html",
"value": "
Welcome to our service!
" }] } response = requests.post(url, json=payload, headers=headers) return response.status_code == 202 def notify_sales_team(self, data, lead_id): """Send Slack notification""" payload = { "text": f"🎉 New Lead: {data['first_name']} {data['last_name']}", "blocks": [{ "type": "section", "text": { "type": "mrkdwn", "text": f"*New Lead Created*\n" f"Name: {data['first_name']} {data['last_name']}\n" f"Email: {data['email']}\n" f"Company: {data['company']}\n" f"Salesforce ID: {lead_id}" } }] } requests.post(self.slack_webhook, json=payload) # Usage automation = LeadAutomation() form_data = { 'first_name': 'John', 'last_name': 'Doe', 'email': '[email protected]', 'company': 'Tech Corp' } result = automation.process_form_submission(form_data)🔍 Testing & Debugging APIs
Popular API Testing Tools
📬 Postman
Best For: Visual API testing & documentation
- Visual request builder
- Environment variables
- Collection management
- Automated testing
⚡ Insomnia
Best For: REST & GraphQL APIs
- Clean interface
- Code generation
- GraphQL support
- Plugin ecosystem
🔧 cURL
Best For: Command-line testing
- Universal availability
- Scriptable
- Lightweight
- CI/CD integration
cURL Examples
# GET request
curl https://api.example.com/users/123
# GET with headers
curl -H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
https://api.example.com/data
# POST request with JSON data
curl -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name":"John","email":"[email protected]"}'
# PUT request
curl -X PUT https://api.example.com/users/123 \
-H "Content-Type: application/json" \
-d '{"name":"John Updated"}'
# DELETE request
curl -X DELETE https://api.example.com/users/123 \
-H "Authorization: Bearer YOUR_TOKEN"
# Save response to file
curl https://api.example.com/data -o response.json
# Show response headers
curl -i https://api.example.com/data
# Follow redirects
curl -L https://api.example.com/redirect
# Upload file
curl -X POST https://api.example.com/upload \
-F "[email protected]" \
-F "title=My Document"
Debugging Techniques
# Python: Comprehensive API Debugging
import requests
import logging
import json
# Enable detailed logging
logging.basicConfig(level=logging.DEBUG)
# Enable HTTP request logging
import http.client
http.client.HTTPConnection.debuglevel = 1
def debug_api_call(url, method='GET', **kwargs):
print(f"\n{'='*60}")
print(f"DEBUG: {method} {url}")
print(f"{'='*60}")
# Print request details
if 'headers' in kwargs:
print("Headers:")
print(json.dumps(kwargs['headers'], indent=2))
if 'json' in kwargs:
print("Request Body:")
print(json.dumps(kwargs['json'], indent=2))
# Make request
response = requests.request(method, url, **kwargs)
# Print response details
print(f"\nStatus Code: {response.status_code}")
print("Response Headers:")
for key, value in response.headers.items():
print(f" {key}: {value}")
print("\nResponse Body:")
try:
print(json.dumps(response.json(), indent=2))
except:
print(response.text)
return response
# Usage
response = debug_api_call(
'https://api.example.com/users',
method='POST',
headers={'Authorization': 'Bearer token123'},
json={'name': 'John Doe'}
)
Common Issues & Solutions
| Issue | Possible Cause | Solution |
|---|---|---|
| 401 Unauthorized | Invalid/missing API key | Check API key, verify header format |
| 403 Forbidden | No permission for resource | Verify account permissions/subscription |
| 404 Not Found | Wrong endpoint URL | Check API documentation, verify URL |
| 429 Too Many Requests | Rate limit exceeded | Implement backoff strategy, slow requests |
| 500 Server Error | API server issue | Retry later, contact API support |
| Timeout | Slow API/network | Increase timeout, check network |
| SSL Certificate Error | Certificate validation failed | Update certificates, check date/time |
🛡️ API Security Best Practices
Security Checklist
Authentication & Authorization
- Always use HTTPS, never HTTP
- Store API keys in environment variables
- Use OAuth 2.0 for user data access
- Implement token expiration
- Rotate API keys regularly
Data Protection
- Validate all input data
- Sanitize user inputs
- Encrypt sensitive data at rest
- Use TLS for data in transit
- Implement data retention policies
Request Security
- Implement rate limiting
- Verify webhook signatures
- Use IP whitelisting when possible
- Log all API access attempts
- Monitor for suspicious activity
Error Handling
- Don't expose sensitive error details
- Use generic error messages for users
- Log detailed errors internally
- Implement proper exception handling
- Return appropriate status codes
Secure API Key Management
# Python: Secure API Key Storage using Environment Variables
import os
from dotenv import load_dotenv
# Load environment variables from .env file
load_dotenv()
# Retrieve API keys
OPENAI_API_KEY = os.getenv('OPENAI_API_KEY')
STRIPE_API_KEY = os.getenv('STRIPE_API_KEY')
DATABASE_URL = os.getenv('DATABASE_URL')
# Validate keys exist
if not OPENAI_API_KEY:
raise ValueError("OPENAI_API_KEY not found in environment")
# .env file (NEVER commit to git!):
# OPENAI_API_KEY=sk-abc123xyz...
# STRIPE_API_KEY=sk_live_abc123...
# DATABASE_URL=postgresql://user:pass@host:5432/db
# .gitignore file:
# .env
# *.key
# secrets/
⚡ Quick Reference
HTTP Method Quick Guide
GET
Read data
GET /users/123
POST
Create new
POST /users
PUT
Full update
PUT /users/123
PATCH
Partial update
PATCH /users/123
DELETE
Remove
DELETE /users/123
Status Code Cheat Sheet
✓ Success (2xx)
- 200: OK (success)
- 201: Created
- 204: No Content
⚠ Client Errors (4xx)
- 400: Bad Request
- 401: Unauthorized
- 403: Forbidden
- 404: Not Found
- 429: Too Many Requests
↪ Redirects (3xx)
- 301: Moved Permanently
- 304: Not Modified
✗ Server Errors (5xx)
- 500: Internal Server Error
- 502: Bad Gateway
- 503: Service Unavailable
Python Requests Library Essentials
# Import
import requests
# Basic requests
requests.get(url)
requests.post(url, json=data)
requests.put(url, json=data)
requests.delete(url)
# With parameters
requests.get(url, params={'key': 'value'})
requests.post(url, json=data, headers=headers, timeout=10)
# Response handling
response.status_code # HTTP status code
response.json() # Parse JSON response
response.text # Raw text response
response.headers # Response headers
response.raise_for_status() # Raise exception for 4xx/5xx
# Common patterns
if response.status_code == 200:
data = response.json()
else:
print(f"Error: {response.status_code}")
