1 00:00:00,500 --> 00:00:04,350 API, the application programming interface. 2 00:00:04,350 --> 00:00:06,620 In this lesson, we're going to dig into APIs. 3 00:00:06,620 --> 00:00:08,290 Now, I've mentioned them a couple of times, 4 00:00:08,290 --> 00:00:09,510 but we've never really defined them 5 00:00:09,510 --> 00:00:11,070 and gone into depth with them. 6 00:00:11,070 --> 00:00:12,500 When we talk about an API, 7 00:00:12,500 --> 00:00:14,840 this is an application programming interface. 8 00:00:14,840 --> 00:00:16,640 It's a library of programming utilities 9 00:00:16,640 --> 00:00:18,610 that are used to enable software developers 10 00:00:18,610 --> 00:00:21,130 to access functions of another application. 11 00:00:21,130 --> 00:00:22,750 And this is one of the key things we use 12 00:00:22,750 --> 00:00:25,070 when we start talking about piecing things together 13 00:00:25,070 --> 00:00:26,860 by using things that are service-oriented 14 00:00:26,860 --> 00:00:28,290 in their architecture. 15 00:00:28,290 --> 00:00:29,690 Now, when we deal with an API, 16 00:00:29,690 --> 00:00:32,030 this is going to allow for the automated administration, 17 00:00:32,030 --> 00:00:34,160 management, and monitoring of cloud services, 18 00:00:34,160 --> 00:00:36,340 as well as lots of other applications. 19 00:00:36,340 --> 00:00:40,290 Now these APIs are commonly going to use either REST or SOAP, 20 00:00:40,290 --> 00:00:43,920 the simple object access protocol as their frameworks. 21 00:00:43,920 --> 00:00:45,840 Now, when we talk about APIs, 22 00:00:45,840 --> 00:00:49,010 we think about these from the perspective of integration. 23 00:00:49,010 --> 00:00:50,510 APIs allow for integration 24 00:00:50,510 --> 00:00:53,030 between lots of different cloud services. 25 00:00:53,030 --> 00:00:54,960 Cloud service providers also allow 26 00:00:54,960 --> 00:00:57,580 for us to do provisioning, configuration, 27 00:00:57,580 --> 00:00:59,250 deep provisioning, and lots of other things 28 00:00:59,250 --> 00:01:01,750 to their services through these APIs. 29 00:01:01,750 --> 00:01:04,680 So, APIs will allow us to have direct integration 30 00:01:04,680 --> 00:01:06,650 of different third-party applications 31 00:01:06,650 --> 00:01:08,860 into our own web applications, as well. 32 00:01:08,860 --> 00:01:10,640 And again, this is those things that allow us 33 00:01:10,640 --> 00:01:13,260 to tie things together and make function calls 34 00:01:13,260 --> 00:01:15,230 instead of having to build services ourself. 35 00:01:15,230 --> 00:01:17,050 We could just call on somebody else's function 36 00:01:17,050 --> 00:01:18,730 and let them do the work for us. 37 00:01:18,730 --> 00:01:21,530 That's the idea of a service-oriented architecture. 38 00:01:21,530 --> 00:01:22,890 Let me give you a great example 39 00:01:22,890 --> 00:01:25,550 of how we use APIs in our business. 40 00:01:25,550 --> 00:01:28,000 Now, in our business, we have a centralized 41 00:01:28,000 --> 00:01:30,990 service management system called Freshdesk. 42 00:01:30,990 --> 00:01:33,090 Freshdesk is a commercial product that we pay for, 43 00:01:33,090 --> 00:01:34,380 and we use this to be able to get 44 00:01:34,380 --> 00:01:36,190 all of our trouble tickets from our students, 45 00:01:36,190 --> 00:01:38,530 and any questions you may have, and track those things 46 00:01:38,530 --> 00:01:40,440 and make sure you're getting the answers you want. 47 00:01:40,440 --> 00:01:42,830 Now, if you email support@diontraining.com, 48 00:01:42,830 --> 00:01:44,540 it goes into our Freshdesk system, 49 00:01:44,540 --> 00:01:46,110 and my team and I can look at those 50 00:01:46,110 --> 00:01:47,260 and answer your questions. 51 00:01:47,260 --> 00:01:49,550 Think about it like a shared inbox, 52 00:01:49,550 --> 00:01:51,090 but again, it's a ticketing system, 53 00:01:51,090 --> 00:01:52,430 so we don't lose track of it, 54 00:01:52,430 --> 00:01:53,263 and we can make sure everybody's 55 00:01:53,263 --> 00:01:54,740 doing what they're supposed to. 56 00:01:54,740 --> 00:01:56,250 Now, we've had students ask questions 57 00:01:56,250 --> 00:01:57,830 as well in our Udemy courses, 58 00:01:57,830 --> 00:02:01,090 and they do it inside the Q&A section on that platform. 59 00:02:01,090 --> 00:02:03,550 Well, I don't own Udemy, and I don't have the ability 60 00:02:03,550 --> 00:02:06,500 to do what I want and program their system how I want. 61 00:02:06,500 --> 00:02:08,320 But they do have an API, 62 00:02:08,320 --> 00:02:10,550 so instead of me having to log into Udemy 63 00:02:10,550 --> 00:02:13,160 to answer those questions, we instead have an application 64 00:02:13,160 --> 00:02:15,320 we built that uses Udemy's API. 65 00:02:15,320 --> 00:02:16,760 Whenever there's a question that's posted 66 00:02:16,760 --> 00:02:18,820 inside the Q&A section on Udemy, 67 00:02:18,820 --> 00:02:21,030 we actually get notified from their API 68 00:02:21,030 --> 00:02:22,510 to our Freshdesk API, 69 00:02:22,510 --> 00:02:25,380 and we create a new ticket in our service management tool 70 00:02:25,380 --> 00:02:28,100 and tag those as a Udemy Q&A question. 71 00:02:28,100 --> 00:02:31,120 That all goes from API to API and sends that data back. 72 00:02:31,120 --> 00:02:33,370 This is the type of integrations you can do. 73 00:02:33,370 --> 00:02:34,560 Now, all of this is being done 74 00:02:34,560 --> 00:02:36,410 with a very small program that we wrote. 75 00:02:36,410 --> 00:02:39,100 That integration program is less than 50 lines of code 76 00:02:39,100 --> 00:02:41,150 inside of Python, and we're actually connecting 77 00:02:41,150 --> 00:02:44,010 these two different cloud systems, Udemy and Freshdesk, 78 00:02:44,010 --> 00:02:45,450 to be able to accomplish everything we want 79 00:02:45,450 --> 00:02:47,090 with just 50 lines of code. 80 00:02:47,090 --> 00:02:49,140 Now, when either myself or one of my team members 81 00:02:49,140 --> 00:02:51,330 answers those questions inside of Freshdesk 82 00:02:51,330 --> 00:02:52,770 and we close that ticket, 83 00:02:52,770 --> 00:02:55,290 it then triggers a function in the Udemy API 84 00:02:55,290 --> 00:02:58,090 to take our response and post it back as a reply 85 00:02:58,090 --> 00:03:00,300 to your question in the Udemy Q&A. 86 00:03:00,300 --> 00:03:02,370 For you, it's going to look just as if I went in there 87 00:03:02,370 --> 00:03:03,860 and answered it directly on Udemy, 88 00:03:03,860 --> 00:03:05,660 but for us, it's easier to manage 89 00:03:05,660 --> 00:03:07,940 and allows us to help more students quicker. 90 00:03:07,940 --> 00:03:09,610 In addition to that, there's a function in there 91 00:03:09,610 --> 00:03:11,470 that will mark that answer as the top answer 92 00:03:11,470 --> 00:03:13,700 because we wrote it and we want it to be the top answer 93 00:03:13,700 --> 00:03:16,470 that you see when you ask a question inside of Udemy. 94 00:03:16,470 --> 00:03:17,780 Now, all of that is how you can use 95 00:03:17,780 --> 00:03:19,310 some of these things to integrate. 96 00:03:19,310 --> 00:03:20,930 Another example of using an API 97 00:03:20,930 --> 00:03:22,720 to access an online cloud service 98 00:03:22,720 --> 00:03:25,480 is how we integrate our hands-on, cloud-based labs 99 00:03:25,480 --> 00:03:28,100 into our products inside of our own website. 100 00:03:28,100 --> 00:03:30,190 Now, we integrate these labs from our partners, 101 00:03:30,190 --> 00:03:31,880 using their API. 102 00:03:31,880 --> 00:03:34,550 We create all the videos, we create all of the lessons, 103 00:03:34,550 --> 00:03:36,760 we create all the study guides and all the quizzes, 104 00:03:36,760 --> 00:03:38,950 but when it comes to the labs, we don't build that ourself. 105 00:03:38,950 --> 00:03:40,747 We have a third-party partner that we work with, 106 00:03:40,747 --> 00:03:43,300 and we want to integrate theirs into our course experience, 107 00:03:43,300 --> 00:03:44,860 and we want it to be native for you 108 00:03:44,860 --> 00:03:46,950 so it feels like it's much more integrated. 109 00:03:46,950 --> 00:03:48,030 So, if you're taking this course 110 00:03:48,030 --> 00:03:49,760 at diontraining.com, for instance, 111 00:03:49,760 --> 00:03:52,340 you have access to that full lab environment. 112 00:03:52,340 --> 00:03:54,630 Now, what happens is, as you're going through the course, 113 00:03:54,630 --> 00:03:57,217 you'll watch a video and eventually get to one that says, 114 00:03:57,217 --> 00:03:59,097 "Now there's a lab, and in this lab, 115 00:03:59,097 --> 00:04:00,717 you're going to do X, Y, and Z. 116 00:04:00,717 --> 00:04:02,470 Click this link to start the lab." 117 00:04:02,470 --> 00:04:04,440 And that link actually looks something 118 00:04:04,440 --> 00:04:05,700 like what you see here on the screen. 119 00:04:05,700 --> 00:04:07,950 It'll say diontraining.com, question mark, 120 00:04:07,950 --> 00:04:11,000 action equals run instance and ID equals, 121 00:04:11,000 --> 00:04:13,530 and the count, and the access key, and all those things. 122 00:04:13,530 --> 00:04:15,210 These are the perimeters that we're passing 123 00:04:15,210 --> 00:04:17,820 to the API of our cloud service provider. 124 00:04:17,820 --> 00:04:19,440 So, when we go to the lab partner, 125 00:04:19,440 --> 00:04:21,310 they're knowing who the student is, 126 00:04:21,310 --> 00:04:23,200 where they are in the course, what lab to run, 127 00:04:23,200 --> 00:04:24,310 and which one to start up. 128 00:04:24,310 --> 00:04:27,600 And all of that is stuff we send over through an API call 129 00:04:27,600 --> 00:04:29,710 from our system to their system. 130 00:04:29,710 --> 00:04:31,030 And then, it gives you a link, 131 00:04:31,030 --> 00:04:32,950 you click on it, and it loads up. 132 00:04:32,950 --> 00:04:35,830 Now, notice here you have an authorization token, as well. 133 00:04:35,830 --> 00:04:37,130 This is because the cloud provider 134 00:04:37,130 --> 00:04:38,760 needs to be able to know who they're servicing 135 00:04:38,760 --> 00:04:41,140 because we have hundreds of thousands of students, 136 00:04:41,140 --> 00:04:43,200 and by knowing which student you are, 137 00:04:43,200 --> 00:04:44,570 they know which lesson you're on, 138 00:04:44,570 --> 00:04:46,330 and they can know which lab you need to have. 139 00:04:46,330 --> 00:04:47,910 And so, they can give you the right services 140 00:04:47,910 --> 00:04:50,630 that you paid for and the ones that you've already used. 141 00:04:50,630 --> 00:04:52,220 Now, when you're doing APIs, 142 00:04:52,220 --> 00:04:54,900 there are lots of different tools you can use to do this. 143 00:04:54,900 --> 00:04:56,900 One of the ways you can test APIs 144 00:04:56,900 --> 00:05:00,510 is by using a tool known as curl, C-U-R-L. 145 00:05:00,510 --> 00:05:04,010 This is a tool to transfer data from one server to another, 146 00:05:04,010 --> 00:05:06,170 and you can do this using any supportive protocol, 147 00:05:06,170 --> 00:05:09,743 including HTTP, HTTPS, FTP, FTPS, 148 00:05:10,605 --> 00:05:15,280 SCP, SFTP, TFTP, DICT, TELNET, LDAP, or FILE. 149 00:05:17,670 --> 00:05:19,480 All of these are valid ways of doing it. 150 00:05:19,480 --> 00:05:22,820 So, if I wanted to test an API as a cybersecurity analyst, 151 00:05:22,820 --> 00:05:24,450 I could test it by using curl, 152 00:05:24,450 --> 00:05:26,070 and I might do something like this, 153 00:05:26,070 --> 00:05:29,460 curl --data, and then the data I want to send. 154 00:05:29,460 --> 00:05:31,840 In this case, I'm sending firstname equals boolean 155 00:05:31,840 --> 00:05:33,430 and last name equals world. 156 00:05:33,430 --> 00:05:34,930 And then where I'm sending it. 157 00:05:34,930 --> 00:05:38,750 In this case, https://httpbin.org/post. 158 00:05:41,810 --> 00:05:44,510 When I send that information, what do I get back? 159 00:05:44,510 --> 00:05:46,320 This list as you see here on the screen, 160 00:05:46,320 --> 00:05:48,150 which is a list of arguments and fields 161 00:05:48,150 --> 00:05:50,450 that came back from that particular API. 162 00:05:50,450 --> 00:05:52,330 This allows you to send the data over 163 00:05:52,330 --> 00:05:53,720 and see what comes back. 164 00:05:53,720 --> 00:05:56,000 So, if you were hired to do testing of our server 165 00:05:56,000 --> 00:05:57,020 and make sure the right student 166 00:05:57,020 --> 00:05:58,570 is getting sent to the right lab, 167 00:05:58,570 --> 00:05:59,870 you would have to know how to do this 168 00:05:59,870 --> 00:06:01,750 to make sure the API calls are being programmed 169 00:06:01,750 --> 00:06:03,290 correctly by our developer 170 00:06:03,290 --> 00:06:05,640 and that we're getting the responses we expect.