Week 9 - Networking and APIs

Introduction to Networking

Client Server Model

TCP/IP Protocol

HTTP Protocol

URL Format

Web APIs

API Testing Tools

Using APIs

AI Responsible Use

Practice

Assignment

• Teachers

Back to core program

Let’s get practical

For the exercises below, you will need a local clone of the Learning-Resources repository at this link:

• GitHub - HackYourFuture/Learning-Resources

Please clone this repository to your local computer (if you have not already done so) before continuing.

Exercise 1 – GET request

The link below provides an exercise that uses the Nager.Date public Web API that we discussed in the Using APIs section:

https://github.com/HackYourFuture/Learning-Resources/tree/main/core-program/week-9/public-holidays

It consists of a pre-made web application with just one part waiting for you to complete: fetching data from the Web API. For this, you will need to study the documentation of the Nager.Date web API. Full instructions are given in the README of the example.

Exercise 2 – Using Postman

In this exercise, we will use a pre-made custom backend application to practice GET, POST, PUT, and DELETE requests. Visit the link below and follow the Getting started section in the README.

https://github.com/HackYourFuture/Learning-Resources/tree/main/core-program/week-9/simple-api

Exercise:

1. Read the API documentation and use Postman to test each of the given API endpoints.
2. For each request, observe the output logged in the terminal that is running the backend and compare it to the response you see in Postman.

Exercise 3 – Authentication

In this exercise, you will walk through a simple authentication flow using a pre-made backend and Postman.

You will:

• Register a user
• Log in and get an authentication token
• Use the token to access a protected endpoint
• Log out
• Try some requests that should fail

1. Start the backend

1. Open the repo:

   https://github.com/HackYourFuture/Learning-Resources/tree/main/core-program/week-9/auth-api

2. Follow the Getting Started section in the README to:

   • Install dependencies
   • Start the backend server

Continue once the server is running and listening on the URL and port described in the README.

2. Register a user

1. In Postman, create a POST request to the Register user endpoint.

2. Set the request body to raw JSON, for example:

   {
     "username": "alice",
     "password": "secret123"
   }
   

3. Send the request and check that the status and JSON response match the README.

3. Log in and get a token

1. Create a POST request to the Login endpoint.

2. Use the same username and password in the JSON body.

3. Send the request. The response should contain a token field.

4. Copy the token value (without quotes).

   The token is valid for a limited time (1 hour in this example).

4. Call a protected endpoint without a token

1. Create a GET request to the Get profile endpoint.
2. Do not add any Authorization header.
3. Send the request.
4. You should get a 401 Unauthorized response and a message like “Authorization header missing”.

5. Call the same endpoint with a token

1. On the same Get profile request, open the Authorization tab.
2. Choose Bearer Token and paste the token from Step 3 (without quotes).
3. Send the request again.
4. You should now get a 200 OK response and a message like “You are currently logged in as <username>”.

6. Log out

1. Create a POST request to the Logout endpoint.
2. Use the Bearer Token authorization with the same token.
3. Send the request and check the logout response.

7. Try error scenarios

Optionally, try requests that should fail with 4xx errors:

• Registering a username that already exists
• Registering without a username or password
• Logging in with a non-existing user
• Logging in with a wrong password

Pay attention to the status codes and error messages to understand how the API reports problems.

*https://hackyourfuture.net/*

Found a mistake or have a suggestion? Let us know in the feedback form.