0 1 00:00:00,439 --> 00:00:05,700 Welcome back to BackSpace Academy. In this lab I'm going to run through how to 1 2 00:00:05,700 --> 00:00:11,700 use the AWS api gateway service to create a REST API and then we'll look at 2 3 00:00:11,700 --> 00:00:18,119 connecting to this REST API and sending HTTP requests to it from our desktop 3 4 00:00:18,119 --> 00:00:26,910 computer. From the services menu we go to application services and API gateway. 4 5 00:00:26,910 --> 00:00:30,929 If we haven't already created an API we're going to be presented with the welcome 5 6 00:00:30,929 --> 00:00:35,219 screen. So we just click on get started, the message comes up saying that there's 6 7 00:00:35,219 --> 00:00:39,090 already an example API we can use to get started, and that's 7 8 00:00:39,090 --> 00:00:43,860 what we'll do, so there's our example API and there's the swagger definition as 8 9 00:00:43,860 --> 00:00:48,149 well, if we want to have a look at that for that example API. We're just going to 9 10 00:00:48,149 --> 00:00:59,820 import that. Ok we can see there it has created that API for us, So we are 10 11 00:00:59,820 --> 00:01:04,920 currently in the resources section of our API and we can see there we've 11 12 00:01:04,920 --> 00:01:11,400 got a number of methods that have been defined for how our API responds to 12 13 00:01:11,400 --> 00:01:14,880 different types of requests and what we've got set up here is how it 13 14 00:01:14,880 --> 00:01:21,780 responds to "get" requests to the route endpoint and also how it responds to the 14 15 00:01:21,780 --> 00:01:28,560 - "pets" additional to that and also "pets" followed by a "pet ID" so if we want to 15 16 00:01:28,560 --> 00:01:35,009 get the feedback or the the data concerning a "pet" an individual "pet" with 16 17 00:01:35,009 --> 00:01:39,210 a "pet ID" we can put that out there as a get request and it will be returned with 17 18 00:01:39,210 --> 00:01:43,950 that information if it's available, now before we can actually use this we need 18 19 00:01:43,950 --> 00:01:49,320 to deploy it so what we do is, we go to actions and then we go to deploy API and 19 20 00:01:49,320 --> 00:01:54,240 that will create a stage, so our deployment stage will be a new stage and 20 21 00:01:54,240 --> 00:01:57,570 we're just going to call it demo that will be fine 21 22 00:01:57,570 --> 00:02:02,130 we're not going to worry about having a description and a deployment description 22 23 00:02:02,130 --> 00:02:06,180 but in a production environment you would definitely put that in but it's 23 24 00:02:06,180 --> 00:02:08,840 not necessary 24 25 00:02:09,619 --> 00:02:14,900 so now we have very quickly deployed our API and what we have here is an invoke 25 26 00:02:14,900 --> 00:02:23,690 URL and so that is the the root of our our API endpoint so we can click on that 26 27 00:02:23,690 --> 00:02:27,260 and it will give us a response, and its given us a response in the form of 27 28 00:02:27,260 --> 00:02:36,400 some some HTML there, so we're not going to be using the console to send out our 28 29 00:02:36,400 --> 00:02:41,480 HTTP request, we're going to be using it from our desktop side using an 29 30 00:02:41,480 --> 00:02:46,069 application but just to get started we can use this this postman 30 31 00:02:46,069 --> 00:02:50,690 application, just go to getpostman.com and download that, it's available for Mac 31 32 00:02:50,690 --> 00:02:57,230 Windows and Linux and then we can use that to to test our API and send 32 33 00:02:57,230 --> 00:03:03,319 requests and see what comes back. Ok so once you're downloaded and installed 33 34 00:03:03,319 --> 00:03:07,400 postman and you've got it up and running you'll be presented in with a screen 34 35 00:03:07,400 --> 00:03:11,870 similar to this, so what I'm going to do is just give you a quick idea of how to 35 36 00:03:11,870 --> 00:03:17,329 use it, so we've got here the different types of HTTP requests we can send to 36 37 00:03:17,329 --> 00:03:24,230 our API, you've got "get", "post", "put", "delete", we put in our URL for our endpoint and 37 38 00:03:24,230 --> 00:03:29,120 then we click on send, and then what will come back will be the response from that 38 39 00:03:29,120 --> 00:03:35,840 so I'm going to start off with our deployed stage and the invoke URL for 39 40 00:03:35,840 --> 00:03:47,090 that, so I'm just going to copy that URL, and then paste that in here, now just 40 41 00:03:47,090 --> 00:03:51,560 looking here we've got "no auth" so this doesn't require any authorization for a 41 42 00:03:51,560 --> 00:03:57,379 "get" you just getting information so we haven't setup authentication for 42 43 00:03:57,379 --> 00:04:01,099 that, but there are a number of options that we can do and one of them is AWS 43 44 00:04:01,099 --> 00:04:05,180 signature and although that's a pretty cool thing that they've put that in 44 45 00:04:05,180 --> 00:04:11,090 there never ever use it and there's a reason why because you never ever want 45 46 00:04:11,090 --> 00:04:16,940 to write code that contains your access key and your secret access key because 46 47 00:04:16,940 --> 00:04:21,739 that is just plain, stupid, so please don't do it and you'll be exposing 47 48 00:04:21,739 --> 00:04:26,240 yourself big time to access to your AWS account so 48 49 00:04:26,240 --> 00:04:31,910 the best way to do it is if you want authentication for your API use an iam 49 50 00:04:31,910 --> 00:04:36,410 roll the same as you would with with any website, so use an 50 51 00:04:36,410 --> 00:04:42,620 IAM role and verify or authenticate your end user using Facebook or Google 51 52 00:04:42,620 --> 00:04:46,190 or Microsoft Active Directory or whatever you want to use, so that is the 52 53 00:04:46,190 --> 00:04:51,560 way that you would do it you would never put in your access key and your secret 53 54 00:04:51,560 --> 00:04:57,200 access key in code, especially if it's going on the client-side so you've been 54 55 00:04:57,200 --> 00:05:01,100 warned about that and we'll go back to "NoAuth" and we're going to put in our 55 56 00:05:01,100 --> 00:05:10,340 endpoint and we're going to click on send, so what is returned from a "get" 56 57 00:05:10,340 --> 00:05:17,330 request to the root of their endpoint is that HTML web page that the introduction 57 58 00:05:17,330 --> 00:05:24,140 to to the API and that's what we would expect Now there is also, if we have a 58 59 00:05:24,140 --> 00:05:29,480 look in the methods, so if we go back to resources or if you actually see it from 59 60 00:05:29,480 --> 00:05:35,720 here I believe, so we've actually got a "get" for "pets" we can use, so let's go 60 61 00:05:35,720 --> 00:05:43,520 into a "get" request on "pets" so I just put "pets" on the end here and we'll send it 61 62 00:05:43,520 --> 00:05:48,710 and see what comes back, and so what gets returned from that method is a list of 62 63 00:05:48,710 --> 00:05:55,610 all the pets and they come back as a JSON objects an array of pet objects 63 64 00:05:55,610 --> 00:06:00,919 here which have an ID a type and a price. We've got three pets there we've got 64 65 00:06:00,919 --> 00:06:06,530 dog cat and fish. We can also there is another method there which is a "get" 65 66 00:06:06,530 --> 00:06:11,690 which followed by the "pet ID" and that's when we can also use that one, so if we 66 67 00:06:11,690 --> 00:06:17,330 put a "pet ID" of say three it should come back as a fish so put in three and we 67 68 00:06:17,330 --> 00:06:22,460 click send and there you go so we've got the object for ID number three which is 68 69 00:06:22,460 --> 00:06:28,940 type fish and a price of 99. So everything seems to be working fine from 69 70 00:06:28,940 --> 00:06:34,970 this end and now what we can do is we can look at writing an application, a 70 71 00:06:34,970 --> 00:06:40,880 real application in JavaScript that can do this and access all this 71 72 00:06:40,880 --> 00:06:45,490 information programmatically and we'll do that in the next lab