Rails API
Part 1 of 2: Obtaining and Hiding an API key
APIs (Application Programming Interface) are essential to programming. They carry communiques between computer programs that provide a service of data or functionality. This service can be provided by the creator or owner of the API for free or for a fee. They will also provide an API specification or documentation which are detailed instructions on how to implement the API in a computer system.
An API provides data, tools, or services that developers can use to enhance a program’s performance. Different parts of an API can be utilized through calls using method requests. API instructions can be basic standard code executions or more complex classes providing class methods.
Implementing an API in a Rails application is relatively simple if you understand what you’re executing. The more challenging task is usually finding a free API that contains the data needed for a particular app. To find an API, you can Google your API requirements. For example “free Corona virus API” or “restaurant api” or “cat pics api” or… you get the idea. These APIs will give you access to relevant Corona virus stats for free, pertinent restaurant dining information, and adorable (or heinous) cat images respectively.
To give you a quick example of what an API can deliver, copy and paste the following API address in your browser window:
https://api.thecatapi.com/v1/images/search?format=json%27%20
Press enter/return and what you see in your browser is a JSON object. JSON stands for JavaScript Object Notation. It simply packages data in a format that can be transmitted over the internet from a server holding the data to a client browser that will display the data to a user. Do you see the url inside of the JSON object? Click on it… if you dare. That is what was delivered by this sample API!
Now imagine the real API holding 100s or 1000s of these JSON objects, and each object containing its very own url address. That’s how you’re able to browse through a web application at leisure.
NOTE If you copy and paste the API address in another browser window, a different url address appears in the JSON object because the API address is set to “search” for and return a different image each time.
OK, let’s get our hands dirty. In your terminal, navigate to where you want your API to be located. Then, in the command line, run the following, but substitute app_name with the name of your app:
Move into your newly created back end application with:
Now we have a Rails application ready to receive an API.
OBTAIN AND HIDE AN API KEY
Now I’ll take you through the process of obtaining an API that requires a key. A key is used to identify the user of the API. This is how the API owner maintains control over how their API is used. The key is tied to a specific user, so if you make your key public, somebody could copy and misuse it and as the owner, you’re held responsible for this misuse. Similar to if somebody gets access to your social media password and uses it to cause havoc, then you are blamed.
If you don’t want the hassle of dealing with an API key, you can search https://github.com/public-apis/public-apis for an API without a key. Just scroll down past the Index list until you see the first table (currently Animals). In the Auth column, you have one of three choices: no, apiKey, or OAuth. Make an API selection with a “no” in the Auth column. Once you have your API without a key, you can skip down to the section RETRIEVE DATA WITH AN API.
I obtained a movie API key from https://www.themoviedb.org. You have to sign up for an account to use their API. Read instructions on obtaining their API at https://www.themoviedb.org/documentation/api. Notice that part of the requirements for using their API is to attribute TMDb as the source of your data.
After following their instructions, my request was approved and I was given a TMDb API key! And my API key number is…
You’ve got to keep your API key top secret!
You actually hide it in your app. Here’s how.
First, add the following gem to your Rails app Gemfile:
This enables the ability to separate the secret API key number from the source code. Remember to run bundle update to implement this:
Now in your root directory (your Rails application folder) at the top level, create a .env file:
This is the file you store your key in by creating a constant variable and assigning (storing) your API key as a string to that variable. Replace top_secret_API_key_number with your actual API key number:
So now, instead of using your actual API key number, use:
ENV[“KEY”]
Now to hide your key, open .gitignore file and add .env:
Your key is safely hidden now. When you push your app files online, the .env file with your secret key will not be included. You simply refer to your key by using ENV[“KEY”].
RETRIEVE DATA WITH AN API
Your API instructions should outline and give examples of how to write your API address to fetch data. Mine gave me a sample to test in my browser. I’m substituting top_secret_API_key_number for my real API key number here to keep it safe:
https://api.themoviedb.org/3/movie/550?api_key= top_secret_API_key_number
This returned the following sample of a single JSON object:
This single movie object contains a lot of data on the movie my API retrieved. The genre is a drama, the homepage website link for the movie is provided, the original & current title is “Fight Club” and the release date was in 1999, and so much more information is included. Now I will be able to retrieve this kind of data on movies to display in my app. And the steps for doing that will be the topic of my next blog post.
