Book Image

Python API Development Fundamentals

By : Jack Chan, Ray Chung, Jack Huang
Book Image

Python API Development Fundamentals

By: Jack Chan, Ray Chung, Jack Huang

Overview of this book

Python is a flexible language that can be used for much more than just script development. By knowing the Python RESTful APIs work, you can build a powerful backend for web applications and mobile applications using Python. You'll take your first steps by building a simple API and learning how the frontend web interface can communicate with the backend. You'll also learn how to serialize and deserialize objects using the marshmallow library. Then, you'll learn how to authenticate and authorize users using Flask-JWT. You'll also learn how to enhance your APIs by adding useful features, such as email, image upload, searching, and pagination. You'll wrap up the whole book by deploying your APIs to the cloud. By the end of this book, you'll have the confidence and skill to leverage the power of RESTful APIs and Python to build efficient web applications.

Related Content you might be interested in

Current Title:

Small book image
Python API Development Fundamentals
Jack Chan | Ray Chung | Jack Huang
Nov, 2019 | 372 pages
Small book image
Hands-On RESTful Python Web Services
Gaston C Hillar
Dec, 2018 | 500 pages
Small book image
Mastering Flask Web Development
Jack Stouffer | Daniel Gaspar
Oct, 2018 | 332 pages
Table of Contents (12 chapters)
Preface
Preface
About the Book
Free Chapter
1
1. Your First Step
1. Your First Step
Introduction
Understanding API
RESTful API
HTTP Protocol
HTTP Methods and CRUD
The JSON Format
HTTP Status Codes
Open API
The Flask Web Framework
Building a Simple Recipe Management Application
Using curl or httpie to Test All the Endpoints
Postman
Summary
2
2. Starting to Build Our Project
2. Starting to Build Our Project
Introduction
What is Flask-RESTful?
Virtual Environment
Creating a Recipe Model
Configuring Endpoints
Making HTTP Requests to the Flask API using curl and httpie
Summary
3
3. Manipulating a Database with SQLAlchemy
3. Manipulating a Database with SQLAlchemy
Introduction
Databases
SQL
ORM
Defining Our Models
Password Hashing
Summary
4
4. Authentication Services and Security with JWT
4. Authentication Services and Security with JWT
Introduction
JWT
Flask-JWT-Extended
Designing the Methods in the Recipe Model
Refresh Tokens
The User Logout Mechanism
Summary
5
5. Object Serialization with marshmallow
5. Object Serialization with marshmallow
Introduction
Serialization versus Deserialization
marshmallow
A Simple Schema
UserSchema Design
RecipeSchema Design
The PATCH Method
Summary
6
6. Email Confirmation
6. Email Confirmation
Introduction
Mailgun
User Account Activation Workflow
HTML Format Email
Summary
7
7. Working with Images
7. Working with Images
Introduction
Building the User Avatar Function
Flask-Uploads
Image Resizing and Compression
Introduction to Pillow
Summary
8
8. Pagination, Searching, and Ordering
8. Pagination, Searching, and Ordering
Introduction
Pagination
Paginated APIs
Recipe Searching
Sorting and Ordering
Summary
9
9. Building More Features
9. Building More Features
Introduction
Caching
Flask-Caching
API Rate Limiting
Flask-Limiter
Summary
10
10. Deployment
10. Deployment
Introduction
Deployment
Comparing SaaS, PaaS, and IaaS
The Heroku Platform
Configuration Handling in Smilecook
Heroku Application
Heroku Add-Ons
Setting Up Environment Variables for the Heroku App
Setting Up Variables in Postman
Setting up the Front-end Interface to Work with the Smilecook API
Summary
Appendix
Appendix
1: Your First Step
2: Starting to Build Our Project
3: Manipulating a Database with SQLAlchemy
4: Authenticated Services and Security with JWTs
5: Validating APIs Using marshmallow
6: Email Confirmations
7: Working with Images
8: Pagination, Searching, and Ordering
9: Building More Features
10: Deployment

JWT

JWT is used for user authentication and is passed between the user and the server. The full definition of the acronym is JSON Web Token. The way they work is to encode the user identity and sign it digitally, making it an unforgeable token that identifies the user, and the application can later control access for the user based on their identity.

A JWT is a string composed of the header, payload, and signature. Those three parts are separated by a .. Here is an example:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NjQ5ODI5OTcs Im5iZiI6MTU2NDk4Mjk5NywianRpIjoiMGIzOTVlODQtNjFjMy00NjM3LTkwMzYtZjgyZDgy YTllNzc5IiwiZXhwIjoxNTY0OTgzODk3LCJpZGVudGl0eSI6MywiZnJlc2giOmZhbHNlLCJ 0eXBlIjoiYWNjZXNzIn0.t6F3cnAmbUXY_PwLnnBkKD3Z6aJNvIDQ6khMJWj9xZM

The header of the JWT contains the encryption type, "alg": "HS256", and the encryption algorithm, "typ": "JWT". We can see this clearly if we base64 decode the header string:

>>> import...
Previous Section
End of Section 3
Next Section