Intro to APIs for People Who Hate to Program
Uh. Hey casey, thank you so much for joining us on the session about apis. Yeah i'm really glad over here thanks. You know uh when you're just starting out to learn, about using apis. It's like there's this whole, unexplored. Universe. Of possibilities. Out there. Absolutely. You really just have to be. Bold enough. To seek out the knowledge and navigate, this new world. For sure so. It really seems to be a journey into the unknown at first right, i mean wait hold on. Do you guys hear that. Is that is that feedback. Or, should i mute my mic. No no wait it's a creative segment. Oh. There's just too much manual work captain we're gonna, we're gonna run out of visibility, in less than 17, parsecs. Try the api. But, but captain. Route the data. Through the api. And into the dashboard. Creating a new connection where one didn't exist before, could give us the visibility, we need to stay on target. I hope you guys know what you're doing you might want to hold on to something. Kevin, tonight's, trash night. In a minute i'm playing thwack camp with my friends. Okay, okay we should probably start the episode. On screen. I think one of the challenges. Is that when people hear, the term api, or application, programming, interface, they immediately. Think things are going to get really complicated. And very programmery. And it's not, and so i want to start off with something. Ridiculously. Simple just to show how easy it is and how powerful, it is. I've got a system here at my house, called the. Raspberry, pi, and on that raspberry pi is a, software. Called pihole. Pihole, catches, all of the requests. And makes sure i'm not getting any spam ads or things like that, and i can get information. Out of it, so what this looks like normally. Is. Just a console, that tells me the statistics. Of, the queries that are being caught and the. Number one number of queries that are being blocked and so on and so forth, what's interesting is there is an api, that goes with this. Right here same. Address. Admin. Api.php. That's just how i get to it it's just a url. And there it gives me the same statistics, it's not pretty like it is over here, but i've got the same statistics. And now what i can do is i can bring those into. Any tool that can collect them i can either ping that uh url, repeatedly. Or i can actually bring them into some software like let's say, solarwinds. So here you can see i'm monitoring, that same. Raspberry, pi, and pi hole software. Here, in solarwinds, in orion. And i can use the api, polar, to create, a new polar that pulls from that, information, what it looks like. Is this. Same url you just saw a second ago, and when i send the request. I'm pulling, all the statistics. That the api, is presenting, to me so i have, domains being blocked, and dns queries and whatever and if i want to start monitoring, let's say queries being forwarded. I can just go over here. Click this. Change the name or do whatever i want with it and now i'm beginning to also, monitor, queries being forwarded, and so on and i can save that. And what you see are the statistics. Down below. That it's collecting and that's it that's as, difficult, as complicated, as apis, can be. Steady, as we, clear the space dockinson. I i think there's something behind. I told you. That an api, would help us alert on data from the backup camera. We probably need to, automate, that. Okay so it's great for this session that we actually have casey here who's a real programmer. As opposed to leann and myself who kind of fake it, time to time we. Script kitties in a lot of ways, but. I think we just need to dive right in so casey. What is an api. So an api. Stands for application, programming, interface. But i think in this context, we're talking about a rest api. Okay. Okay, so what's that what is it yeah, follow-up, questions. Uh rest api. Actually, stands for representational. State transfer. Application, programming, interface, which is a super, complicated. And academic, way, of just saying using, you know basic vanilla, web-based, technologies. For two systems, to interact with each other. Okay, all right so it's just another, way they can talk to each other. Absolutely. So to use one of these rest apis do you have to be a programmer. Or, like what's the what's the barrier, to entry, yeah really it's pretty easy provided that you can, just, format. A url. That. Adheres to the documentation. So you might have some rest api documentation. That tells you exactly, the format, that the url, should be in, so for instance here i've got. You know i want to see the roles, that my user is in so i've got roles. User. Son of a gum. And i've just, created a url, here and then now i can see that i've got this whole response. So provided, that you're, you know comfortable, looking at the occasional. Um. You know config, file or, something like that you should be able to make sense of what the response, actually means.
So. You obviously, use these to help us with what can you give us a couple examples, where you use this, sure. So, anybody that's been on thwack, and is familiar, with things like. Uh thwack, missions, or the thwack store. Or, using, the, chat feature, in solarwinds, lab, these are all actually taking advantages. Of different rest apis. So this this diagram, that i've got here actually, shows the, current architecture. Of thwack. So you can see we've got. The ability to actually go, check out that you've got a license. That's valid, with the solarwinds, licensing, api. If you're using the thwack store. We've actually got the ability to track your shipment, status. There's a fulfillment, vendor that's actually sending out. All the different products to users that are ordering things. If you're using the, missions. You know every time you answer a question correctly. That's actually going out to the gamification. Api. And giving you points. Um you are actually highlighting, all the most critical, parts, of thwack as far as a lot of our users are concerned, give me my stuff and how do i get more points, what is the shot. How much does it cost in points and when will i get them. Right. Okay keep going keep going yeah yeah and if you know and, you know if you'd like to, chat, while you're doing your uh solo wins lab, the chat api, is actually hitting a third-party. Api. And it really makes it pretty easy. To pull in lots of new functionality. Without, having to use. A lot of. The more byzantine. Um. Apis, that we used to have to depend on in the past like, corba, and soap, and net remoting. And windows, communication, foundation. I am, sad to say that i remember, those. Systems. I really wish i i had been able to forget them, but yeah they were not straightforward, and i think that for for those uh i.t folks of a certain age, when you talk about api, as being. The, inheritor, of those it's like yeah include me out like i don't want, i didn't like it then, but this is nothing like that this is way simpler. So i think one of the things that's interesting about this is, we're not having to, recreate the wheel all the time on twac you don't have to go and actually. Build all this functionality, we're basically. It's probably not the right term but we're renting, this functionality, from another provider. So, in the event that there's some type of catastrophic, failure where we decide you know in a, certain amount of time that oh we're gonna move everything again we basically just, pick up this you know these calls that you made and just put them on this other place right. Exactly, a lot of the times, that. The actual integration, work that i'm doing, is just making calls to the. You know the third party rest api. I get back, data, you know that's got information, about. You know the shipment, you know or your order, for the store, or, the mission that you're working on. And. All i'm doing is really formatting, that stuff in a way that. Looks nice. Within, the. Environment, that you're in so it's a lot of it's more about styling. And integrating, with that third-party, service. As opposed to rewriting, that whole service from scratch. And so you get a lot of leverage. Of existing, functionality. Out there and then if you do have to move from one platform, to another. Really most of the work that you're doing is just restyling. Things. To be consistent, with the look and feel of that new platform. Oh, okay. But you actually have written, a at least a response to a restful api, right. Okay all right i write them all the time, so here's a super simple example. Of, one of the methods that i would add to a rest endpoint, that i'm writing. And this is my ping pong example. It essentially gives me the ability to check, the health status. Of an api, that i've got running. So, you'll notice it's uh the url, is simple i start it with api. And then i'll have the version. On the api. And then kind of a name space so in this case i call it util. And then the actual name of the method is called ping. And the response, that i'm getting back, is just going to be something really basic, it's just pong.
So If i hook up monitoring. I can just call that url. And make sure that the response. Has pong in it and then i know that my, web api, is up and running successfully. Look we don't have to sell, you know all of us on the importance of paying i mean it's still no thing is not a problem. Yeah the fact that it comes back with pong, i just love though, that's why i i thought we had to show this in this session. In her wilhelm, please do not stray from the awaiting. Well, that's a mess. Let's see if we can use an api, to interface with this thing. So one of the things we've actually gotten over the years is people trying to report from sas based solutions, and, one of the most popular one is office 365. Which is now called microsoft, 365. Because, branding things happen. Which is, fine, but one of the things we did years ago is we used to write a bunch of powershell, calls that would go out and interact with something and bring back data and then you would have to parse through the data and, it was it was functional it was completely, functional. But a little heavy. And microsoft. In their, wisdom said you know what. We need to build a better api for this, we need to say, you know there's a way you can call and it's not just for the office stuff they also have a lot of other things but. If you haven't seen it i want to introduce. You really quickly, to what microsoft calls their graph explorer, for their graph api. So microsoft, understands, kind of like we were talking about some it's not always the easiest way to get into apis, and they have two ways to kind of get started with this the first one is of course their api reference which is available on their developer site, but what i want to show off is the graph explorer so i'm going to jump in there. So what i like about the explorer, is you can kind of. Browse around and it's, it feels like an interface, a lot of us are familiar with already so if i want to kind of get information, from my profile. I click my profile. Here's the call i can run the query, here's the response. Uh i am not megan bowen, which is totally fine, uh, this is just the response, that's kind of part of the out of the box but if you actually want to like look at your data, to make sure you can compare it and it looks good you can actually sign into the explorer. So let me do that real fast. So now we can see me and if i do the same thing again, say my profile. And then we're no longer megan bowen, yes.
Huh But what i think is really interesting about this is this is profile information this so this is obviously from active directory, which, is. Part of office 365. But it wasn't originally in the, overwrapping, o365. Instead it is now. Part of microsoft, 365.. I can find out stuff about my manager. And, there she is and, i can, look at specific, applications. Or what group membership, or i can make calls to teams or they actually are breaking out these are some beta features that will probably eventually be rolled in, they're also really good about, not, taking away features if they're going to have something there they're going to make it available, but what i really think is interesting for something like this. Is like mail, because that's where the o365. Kind of stuff started. So i can actually get a list of all my important mail. There it is, and it's running the query. There we go. And it just comes back in a big old json, blob, which is fine. But, what is interesting is you actually get the url that call was made to, so i can see how, you know the filter, was, built you know this is important, equals high. But what's nice about this particular, one which doesn't apply for our monitoring, discussion. Is you can send posts. As well so you have your traditional, kind of crud stuff so you can actually send an email, through the microsoft, 365. Graph api. That will actually, go out, using this technology. I haven't done it except for testing it here. But it's something i'm really interested in. And like you alluded to, the the real impact for us here, is that, all this information can be monitored it can be picked up it can be tracked, it can be, you know alerted, on all those things, and all you're using is a url to get, that information. Yeah well you're using a url, and you're actually using a set of authentication. And for that what you actually do is to see that you can go to access token. Now here's my access token, i can actually take that information, so let's go ahead. And. I copy it to my clipboard. And then i can go to my monitoring, solution. So i can copy my access token and the url i want to use including if i want to change the filter. And then i can build it into an api poller. So like before. Create. And then i can paste in my url. And i can send the request. And this should come back. Bad. Correct it's unauthorized, because i didn't include my token, and that makes sense, so we would just say you know what i need to configure, this. This is, technically, the graph. Api, call. And, i want to do this, with. A bearer token. So i'll create a new cred, and this is for, microsoft, 365. Paste in my token. Save it. And just select it from the list. Save that. And send the request. And you can see the response code came back 200, and okay, so. It's only pulling the first 10 items which is fine, we can work with that because we can always request more and more. But this is the beginnings of actually how you pull information, in so it's not that complex a scenario, you know whether it's a bearer token or whether it's oauth 2 or whether it's you know. Standard, kind of basic authentication, on http. All this information is available then it's just learning how to cycle through it, now what i like about the graph api, is it kind of lets me explore, as i want to build more information, i maybe i want information about teams maybe i want information maybe i just want information on one drive like, how large, are the files, in one drive or how many files just get a count. This is just, pretty much a quick and easy call. Now, i need to preface everything with this is that, this was built, and is specifically bound to my account. If you want to do the same thing kind of for your, you know the admin level account to kind of get information, about the entire. Uh microsoft 365. Infrastructure, as a whole, you obviously have to have different permissions.
And Have additional information. But, this is really it maybe i just want to know, how many are there, uh. 10. Save. Save. And it's done it's really that simple to use them in the orion platform, but the graph explorer, also, gives you sort of a little bit of training wheels. For the experience, especially when you're just trying to figure out do i want this value or that value i'm not sure. It it's, a really, nice, utility. To have it at your fingertips. Yeah it's one of the things and i like the ability to be able to search, and that have the api documentation, right there, you know it's a click away to kind of see that information, and be like oh, yes. That's what i need or for that filter example we had that filter's, fine, but maybe i need something very specific. And, the, although it gives us a clean example that makes sense. To understand how the, filtering, works like the fact that n e, or i'm sorry eq. Is equals, instead of the actual equal sign. Those are the kind of nuanced things you need to understand. And being able to actually have that all in one place. Is the way you can really kind of enhance, the abilities, and understand, what you want to monitor and how you want to monitor that. And this is a great place to pivot into something that i wanted to make sure was in this session which was how apis, can help, a network engineer, i know when you first hear about apis. It sounds like it's really just for, the you know frou-frou, for, server, and application, admins but that's not the case, lots of network engineers, now, now lots of network gear now come with their own apis. So, uh just use an example, here in my house i have some unify, equipment it's sort of on the edge of of professionals. Prosumer. Equipment. And it's got an api, so you see, the data here you know there's the ip address and the url. For. Uh. The controller. Software for my unify, equipment, right. And. I am like a good monitoring, engineer. Monitoring, my. Uh. Unify, equipment, there it is that's you know the ip address and everything, but i want to be able to collect, my good wonderful. Network, information, off of it and there's an api, to do that. So. It took a little bit of kicking around and i actually have a thwack post, about, it, but there's, a couple of urls, i needed and kevin this goes back to. The, authentication. That we talked about before, i found i had to authenticate. First. And then i had to. Um. Get the data i wanted. So the first thing i needed to do, was to, put in my authentication. And if i do that. It's going to be a whole bunch of errors, the remote certificate, is invalid. Well that's because it uses ssl, but i can tell it yeah don't check that, it's in my house i trust it fine. Okay. So. Still bad, because i needed to send it some additional, information, i actually needed to put in some other, values. And this is the kind of stuff that you find in that documentation, we were talking about casey said that the devs go and actually build the documentation, so if you just read it that's how you got here.
Right, Exactly it took a little poking around, so i needed to set up a, request. Body. With my username, and my password. That is not my password. But i'm putting it up on the screen. So when i hit the send request and i do want to point out this is a post, not a get. When i send the request. I get a 200, code yay, i got it and in the response, headers i get a cookie. That is, my, authentication, token so you can see that i've actually set that up and i'm saving it now, i can go get, the actual, status, health. So i hit send request that is a regular, get. And i get some data. I can get uh information, on my wan connection. What the ip address, is, the number of bytes transferred, and received, and so on and i can start to monitor, those things also, so there you go you can see, that with a little bit of kicking around you can get the epi, working, and i have to admit, that more and more network, vendors, are building apis. Into their equipment so it's going to become. An even more necessary. Technique, to use to get the data that you need out of your network gear, as time goes on. Now earlier when we talked we talked about thwack and how it works with all these various apis, but the thwack, platform, right now actually tracks kudos as well it's just kind of another metric. And, uh with some reading in the documentation, understanding how to do some authentication. And build kind of custom queries in it i was actually, able to pull out my kudo account so right now i have a thousand and seventy eight kudos. On the current thwack platform. So, yeah, kudos, yes indeed. Thank you, thank you, um. One of the other things we played with uh leon and i we were talking about you know leon casey and i were coming back and forth about like what can we show what can we talk about and i wanted to give one more quick example. And that's our folding at home project so we actually have a team four solarwinds, in there we have a bunch of people that are joined in where they're kind of just donating their extra cpu, cycles, to do protein folding. But. These are unauthenticated. Calls that you just need some information for again all documented, on their site, so we can see here that like my personal credits are in the you know seven seven seven six zero. And, my current rank is abysmal. But the team rank for solarwinds. Uh which we've only set up i think in february. We're already ranked in 3500. So, it's not bad this is just a couple quick little examples, of things you can do with apis, and these are kind of more for fun than kind of like the real business end of things. Kevin. Dinner's, ready, yeah yeah. Thank you hun yeah we'll be done in just another minute. Oh thanks. Scooter. Setting a course for the orion system. Full speed ahead. Aye aye. Captain. You.