AN INTRODUCTION TO

NETCENTRIC
DEVELOPMENT
HTTP, REST API, Tools

COS216
AVINASH SINGH
DEPARTMENT OF COMPUTER SCIENCE
UNIVERSITY OF PRETORIA
 IP CLASSES

Class Address range Supports

Class A 1.0.0.1 to 126.255.255.254 Supports 16 million hosts on each of 127 networks.

Class B 128.1.0.1 to 191.255.255.254 Supports 65,000 hosts on each of 16,000 networks.

Class C 192.0.1.1 to 223.255.254.254 Supports 254 hosts on each of 2 million networks.

Class D 224.0.0.0 to 239.255.255.255 Reserved for multicast groups.

Class E 240.0.0.0 to 254.255.255.254 Reserved for future use, or research and development purposes.
 IP CLASSES

https://youtu.be/0dFNpNgiTAA
IP CLASSES
 WHY 127.0.0.1?

• 127 is the last network number in a class A network with a subnet mask of
255.0.0.0.
• 127.0.0.1 is the first assignable address in the subnet.
• 127.0.0.0 cannot be used because that would be the wire number (network
address).
HYPERTEXT TRANSFER PROTOCOL

Application protocol
Hypertext Transfer
for transmitting
Protocol (HTTP)
hypermedia

Most commonly used Initiated by Tim

protocol on the web Berners-Lee
 HYPERTEXT TRANSFER PROTOCOL

• HTTP/0.9
• Created in 1991

• HTTP/1.0
• Created in 1993

• HTTP/1.1
• Created in 1997
• Still most widely used version

• HTTP/2.0
• Standardized in 2015

• HTTP/3
• Uses the QUIC protocol
HYPERTEXT TRANSFER PROTOCOL

HTTP/FTP/
POP/SMTP/IMAP

TCP/UDP

IP
 HYPERTEXT TRANSFER PROTOCOL

• HTTP assumes a reliable transmission protocol (TCP or UDP)

• HTTP is not concerned with lower network layers, it assumes they work

• HTTP is stateless
• Stateless protocols do not save states/variables/memory between requests

• HTTP Secure (HTTPS) runs over a secure/encrypted connection

• Uses SSL or TLS which utilizes RSA encryption
 • RFC: The IEFT standard (request for
comment)
• Request Has Body: Whether or not you
send a body of data to the server
• Response Has Body: Whether or not you
receive a body of data from the server
HTTP TERMS • Safe: By convention safe because it does not
change data or state on the server
• Idempotent: multiple identical requests
should have the same effect as a single
request
• Cacheable: A response that can be saved,
and retrieved and used at a later stage
 HTTP METHODS

HTTP Request Response

RFC Safe Idempotent Cacheable
Method Has Body Has Body
GET RFC 7231 Optional Yes Yes Yes Yes
HEAD RFC 7231 No No Yes Yes Yes
POST RFC 7231 Yes Yes No No Yes
PUT RFC 7231 Yes Yes No Yes No
DELETE RFC 7231 No Yes No Yes No
CONNECT RFC 7231 Yes Yes No No No
OPTIONS RFC 7231 Optional Yes Yes Yes No
TRACE RFC 7231 No Yes Yes Yes No
PATCH RFC 5789 Yes Yes No No No
 HTTP REQUEST HEADERS

• Headers can be added by the client to a HTTP request

• Provides additional client information to the server
• Can be used by the server to reject requests, provide customized responses, or
log the information for statics
• These headers are automatically set by the browser
• Many headers exists, only the most important ones are listed here
 HTTP REQUEST HEADERS
Header Name Description Example
Media type(s) that is(/are) acceptable for the response. See
Accept Accept: text/plain
Content negotiation
Accept-Charset Character sets that are acceptable Accept-Charset: utf-8

Accept-Encoding List of acceptable encodings. See HTTP compression Accept-Encoding: gzip, deflate
List of acceptable human languages for response. See Content
Accept-Language Accept-Language: en-US
negotiation
An HTTP cookie previously sent by the server with Set-Cookie
Cookie Cookie: $Version=1; Skin=new;
(below)
Content-Length The length of the request body in octets (8-bit bytes) Content-Length: 348
The Media type of the body of the request (used with POST and Content-Type: application/x-www-form-
Content-Type
PUT requests) urlencoded
The date and time that the message was originated (in "HTTP-
Date Date: Tue, 15 Nov 1994 08:12:31 GMT
date" format as defined by RFC 7231 Date/Time Formats)
The domain name of the server (for virtual hosting), and the
TCP port number on which the server is listening. The port
Host Host: en.wikipedia.org
number may be omitted if the port is the standard port for the
service requested.
HTTP REQUEST EXAMPLE
 HTTP RESPONSE HEADERS

• The server returns HTTP headers

with its response

• Provides information about the

server

• Describes the data that is being

returned

• Used by the browser to decide how

to display the data

• Many headers exists, only the most

important ones are listed here
 HTTP RESPONSE HEADERS

Header Name Description Example

Access-Control-Allow- Specifying which web sites can participate in cross-
Access-Control-Allow-Origin: *
Origin origin resource sharing
What partial content range types this server supports
Accept-Ranges Accept-Ranges: bytes
via byte serving
The type of encoding used on the data. See HTTP
Content-Encoding Content-Encoding: gzip
compression.
The natural language or languages of the intended
Content-Language Content-Language: en-US
audience for the enclosed content[38]
Content-Length The length of the response body in octets (8-bit bytes) Content-Length: 348
Where in a full body message this partial message Content-Range: bytes 21010-
Content-Range
belongs 47021/47022
Content-Type: text/html;
Content-Type The MIME type of this content
charset=utf-8
Set-Cookie: UserID=JohnDoe; Max-
Set-Cookie An HTTP cookie
Age=3600; Version=1
Server A name for the server Server: Apache/2.4.1 (Unix)
HTTP RESPONSE EXAMPLE
HTTP REQUESTS
 Type Description
application/octet-stream Any kind of binary data
application/x-www-form- Form Data
urlencoded

INTERNET text/plain
text/html
Plain Text
HTML

MIME application/xml
application/json
XML
JSON

TYPES application/javascript JavaScript

application/pdf Adobe Portable Document
Format (PDF)
application/zip ZIP archive
font/ttf TrueType Font
image/jpeg JPEG Images
video/mpeg MPEG Video
audio/mpeg or audio/mp3 MP3 Audio
Many more …
HTTP STATUS CODES
 Code Description
1XX Informational Responses
HTTP 2XX Success
STATUS 3XX Redirection

CODES 4XX Client Errors

5XX Server errors
XXX Other Unofficial Codes
 HTTP STATUS CODES
Code Description
200 OK
301 Moved Permanently
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
405 Method Not Allowed
408 Request Timeout
500 Internal Server Error
502 Bad Gateway
503 Service Unavailable
418 I’m a teapot
Many more …
 HTTP PARAMETERS

• Customize the request

• Request specific values from the server
• Send data to server to update values on server/database

• Separated by an ampersand (&)

• Format: parameterName=parameterValue
• Example: username=satoshi&password=Complex$1Pass
 HTTP GET PARAMETERS

• Send parameters as part of the request URL

• The URL and its parameters can be bookmarked for quick access
• Not secure
• Parameters are sendt as raw text
• Does not benefit from HTTPS (SSL/TLS) since parameters are not encrypted
• Do not use for passwords or any sensitive data

• Example:
• Request URL: http://moviesite.com/api?type=movie&title=avatar&year=2009
• Request Body: None
 HTTP POST PARAMETERS

• Send parameters as part of the request body

• The URL can be bookmarked, but without its parameters
• Secure
• Parameters are send as part of the body, not as part of the URL
• Does benefit from HTTPS (SSL/TLS) since the entire body is encrypted
• Use for passwords or any sensitive data

• Example:
• Request URL: http://moviesite.com/api
• Request Body: action=login&username=satoshi&password=Complex$1Pass
 URLENCODE

• Characters in a URL have to be encoded:

• For some non-ASCII characters
• Characters reserved for URLs (eg: / : @ . )

• For instance, sending an URL as a GET parameter:

• Wrong: http://api.mysite.com/submit?url=http://cs.up.ac.za
• Correct: http://api.mysite.com/submit?url=http%3A%2F%2Fcs.up.ac.za

• Work out the URL encoding yourself or use a tool:

• https://www.urlencoder.org
 REST APIS

• Public or private stateless APIs running mostly over HTTP

• Retrieve information from or change data on a server
• Send a HTTP request to the server and retrieve the data
• Traditionally APIs returned XML data
• Almost all APIs return JSON data these days

• Examples:
• Twitter & Facebook: Retrieve your friend’s latest post/tweet
• Trakt.tv: Retrieve movie and TV information
• CoinMarketCap.com: Retrieve the latest crypto currency prices
 REST APIS

https://www.youtube.com/watch?v=7YcW25PHnAA
 • Request: https://api.coinmarketcap.com/v1/ticker/
• Response:
[
{
"id": "bitcoin",
"name": "Bitcoin",
"symbol": "BTC",
HTTP APIS – "rank": "1",
"price_usd": "8558.77",
COINMARKETCAP.COM "price_btc": "1.0",
"24h_volume_usd": "10752600000.0",
"market_cap_usd": "144242234626",
"available_supply": "16853150.0",
"total_supply": "16853150.0",
"max_supply": "21000000.0",
"percent_change_1h": "1.1",
"last_updated": "1518094763"
},
...
]
 • Request: https://api.trakt.tv/movies/tron-legacy-2010
• Response:
{
"title": "TRON: Legacy",
"year": 2010,
"ids": {
"trakt": 343,
"slug": "tron-legacy-2010",

HTTP APIS –
"imdb": "tt1104001",
"tmdb": 20526
},

TRAKT.TV "released": "2010-12-16",

"runtime": 125,
"updated_at": "2014-07-23T03:21:46.000Z",
"trailer": null,
"homepage": "http://disney.go.com/tron/",
"rating": 8,
"language": "en",
"genres": ["action"],
"certification": "PG-13"
}
 HTTP REQUEST TOOLS

• HTTP requests can be send:

• Directly inside a browser
• Inside your JS or PHP scripts
• Using external tools:
• Online website tools (eg: https://www.hurl.it, )
• Browser addons (eg: Firefox RESTClient, Talend API Tester)
• Command-line tools (eg: cURL in Linux)
• GUI tools (eg: Postman, Insomnia, ThunderClient)
HTTP REQUEST TOOLS – TALEND API
TESTER

Set HTTP method API URL

Add HTTP query parameters Send request

Add HTTP headers

Returned HTTP status code

Returned HTTP response Returned HTTP body data

HTTP REQUEST TOOLS – TALEND API
TESTER
HTTP REQUEST TOOLS –
THUNDERCLIENT
 ONLINE RESOURCES – W3SCHOOL.COM

• Everything web-
related (HTML, JS,
CSS, PHP, MYSQL,
much more …)
 ONLINE RESOURCES – PHP.NET

• More documentation
on PHP
 ONLINE RESOURCES –
STACKOVERFLOW.COM
• Questions,
code snippets, and more
QUESTIONS?