Authentication, GitHub, Git g to APIs part 1
We were simply able to use it online without any concerns, thats, not how most apis work and, in fact, most apis online. Today, you have to you, have to and want to log in in order to access them properly, for example, sending an email to somebody. You want to make sure only the proper person who can log in and send the email under your name or making trade uh stock trades. Only the proper person should be able to do that. Therefore, you would have to authenticate to the api to perform the stock trade. So lets talk about one example of an api that we can use right here. Im going to go out to github now github is a great way to be able to help organize. All of your information helps store scripts and programs and other projects that you might be working on and the github has an api uh specifically. If we go to docs.github.com, i believe that will give us to the documentation great on the left hand side here we can see there is a rest api right. There rest api and inside the rest, api. We can view the reference and there are a lot of different options for us to look at here. The simplest one that im going to go for here is under repositories and once that opens up well find an example for a user uh user. Slash repos option lets see uh list organization list, repository list repositories for the authenticated user.
So here we have the address of slash user, slash repos. That will allow us to see all of the repositories that the current user currently logged in user has access to now. For us to be able to do this, we have to one be logged in and then to perform the api call its not overly difficult. Just learning about how to authenticate is probably the biggest issue first off before we get too far. Yes were seeing. Here is slash user repositories, but that is only the end of the address. Let me copy that so thats the end of the address. What you now need the beginning of the address and, if believe, if we scroll up well, actually see the full url, oh its in there somewhere there, we go its a api.github.com, so api.github.com forward, slash users, slash repos. That should be the full address for our new api now, in order to log into this, we need an authentication token in order to get authentication tokens. Well, we go back to github and, as you can see, with my picture up here, im currently logged in im going to go ahead and create whats called a token so im going to come down here to so i clicked on my icon or my avatar, going To settings and then under account settings im going to scroll down until i see developer settings believe it or not, youre a developer and then under developer settings im going to click personal access tokens.
I currently dont have any tokens so im going to click over here. Uh generate new token, it confirms who i am maybe confirms, who i am okay, so it confirmed who i was and now takes me to creating a personal access, token, fairly, simple process. We give this a description im going to call this demo script. That is a friendly description, its not overly uh important, what you type in there, its more for you and your your reference. How long do we want this to last? Well, im gon na actually specify this to be one day. Its gon na be eight, not nine. Eight and see tomorrow is the 7th 21. im actually going to specify it as one day, because i want this token to automatically expire so that when youre watching this video, you cant attack my account. It then gives me a lots of scopes or permissions that i want to specify in this case im just going to choose repo. I want to view the repositories we talked about seeing that in the api, so i want to view the repositories and thats all uh dont, really care about workflows or creating users or anything along those lines when its all done. Im gon na click generate token, and it gives me the token right there im gon na copy, that to my clipboard and then copy it into notepad. Just so i dont lose it great now. If anything ever happens to this, if i think that token has been compromised, i will delete it and create a new one, not super difficult.
The process is built specifically for that. Okay, now that i have my token, i now want to try to access that api. The easiest way i find to test out apis without having to program or script a whole bunch is again to use postman great okay, so the postman url that we are looking for, we said, was going to be this right here. Lets copy that and before we go too far, lets look back at the documentation, so that was lists repositories for authenticated user. This documentation tells me yes, this is going to be a get request, not a post, not a put, not not a delete uh. Just simply a get request, which is what weve been working with all along parameters for the most part, these parameters arent overly necessary. It does tell us that we might want to choose, accept to application github v3 dot, plus json um yeah. We can also specify some time frames in here as well as page numbers yeah for the most part im going to set the application im. Sorry, i have the accept so come back in here. Uh thats going to be under headers im, just going to type accept and im just going to do a very simple application, slash json! I could be more specific, as requested i mean, but im not going to. If i click send. It gives me an error message. Saying uh yeah, you know what you you have to authenticate against this, but thats fine, because i have the authentication that i need and what i need to do is i need to go back into my headers here and i need to add in another key for My authentication options im just going to come in here and im going to type in authentic authorization.
Excuse me and then for the authorization i type in token, and i paste in the key the personal access token that i got from right here, and that is my authorization. That is essentially my username and password combined in one big log string and will log me in with the appropriate perfections at this point. I click send and i see oh yes, i actually have quite a few repositories down here, as well as lots of information regarding them. Thats, awesome and authentication is just that simple now, yes, i could have come here under authorization and i could have chosen token, uh bearer token, basic auth and so on. However, this method, i know, works, and you stick with what you know all right so now that we have that lets see how we can access this from a different format. For instance, if we come over here to the scripting pane, it will give us various options. Im going to try curl, see, url, go and copy that there and lets just paste that in and run it uh before we paste it lets actually check it out. So it starts off with curl again it does. The dash dash location specifies it as a get request. The url of the api were accessing dash dash header to add one of the headers and then dash dash header again to add the other header interesting thing to note here is the headers are all key value.
Pairs key on the left is accept colon and then the value application json key on the left, authorization, colon and then the token on the right hand, side and i hit enter, and i get all of the results right there to the screen. Great lets do the same thing again this time through python, python, requests client copy that go into visual studio code lets create a new new script here. Lets call this uh list, repos dot, py, not sure why right clicks not working, and i can see im importing requests im building up my url here. My headers have my key and value pairs. This looks a little bit different than what i did from the c url line again, however, i have the key on the left and then the value on the right separated by colons. Finally, my response is my request.get im. Sorry request.request get type url, headers and data, and then we print out the results to the screen. If i run this Music and and the results print out down at the bottom, and if i look through these results well, i can see they are in fact json results, which i can then use my json formatting in order to get a little bit more detail And break through them and point out the information a little bit more fresh friendly uh, for instance. Lets comment out that print statement and lets do a lets, see items equals response, dot, json because im using json, i now need to import json.
There we go and now i can do. I can identify all of the repositories that i have so, for instance, uh. For repository in, i think, just items lets see how this works print repository and then specifically, i want to print out the name of that repository lets actually confirm that through the postman go away all right, so ive got my items here and then my repository name, That should work lets, try it so it will convert the data into json and then cycle through each one one step at a time and there we have it. It took a few seconds on my computer, so i paused this video, but we can see yep. It went ahead and printed out the name of all of my repositories down here and just the name all that other information that we identified in postman, for instance, the full name, whether its private who the owner is and so on, can all be included as well. Such as the url for the repository can all be included as well.