In this AutoHotkey Webinar we cover an Intro to API calls with AutoHotkey.
Video Hour 1: High-level:
- What is a Webservice API call
- Web Scraping vs. WebServices / API
- List of some “fun” WebService / APIs as well as links to resources to tens-of-thousands!
- Differences between a Get vs. Post request
- High-level look at oAuth1 vs. oAuth2
- Resources
- HTTP: Intro to HyperText Protocol, Types of Requests, oAuth, Parsing XML, XPath, JSON
- AutoHotkey resource: Syntax writer, winHTTPrequest, Msxml2 vs. WinHTTPrequest, Parsing XML & JSON
- Basic examples of API requests (compared using browser and winHTTP request)
Video Hour 2: Coding and Q&A
- Played with several APIs
- Discussed & demonstrated reverse-engineering API calls from a website
- Passing key-value pairs (and using a function to keep it organized)
- Reviewed additional APIs
- Q&A
If you’re new to API calls, be sure to get our API Syntax Writer
Or use one of our Fiddler Rippers
Script Highlight: Select text and “pretty” hyperlink text
The below script demonstrates how you can use AHK to automate highlighting text on a page and then, using the winClip library, constructing a “pretty” html link. Here are links to the GetActiveBrowserURL and WinClipAPI / WinClip
Intro to API calls with AutoHotkey
What is a Webservice API? (Application Programming Interface?)
Examples of Webservice / API calls with AutoHotkey
- Application / Software querying products for sale on Amazon.com
- App on your phone getting latest Weather
- Database pulling updated sales report
- Using your Tablet to Select movies to watch on Netflix
- DropBox application syncing files between your computer & cloud
- Google places search
APIs are becoming increasingly available!
…Since 2005, we’ve seen APIs grow from a curiosity, to a trend, and now to the point where APIs are core to many businesses. APIs have provided tremendous value to countless organizations and developers, which is reflected in their continued growth. Source: Programmable Web
Main Differences between WebService / API call & Web Browser
When to use API verse Web Scraping?
Some Webservices / APIs
Some of the Amazing APIs out there…
Programmable Web – list of thousands of APIs as well as a great, six-part, article reviewing APIs
Short-list of APIs open to public on Wikipedia, Google APIs– Over 100 APIs @ Google; Yahoo APIs
Social Sites : Twitter, Pinterest, Google+, YouTube, Facebook, LinkedIn, reddit, StumbleUpon, WordPress, Instagram
Contact / Business Lookup: ClearBit, Pipl, FullContact, Dunn & Bradstreet , Foursquare, Google Places, Yelp, GeoNames
Weather: Weather Underground, Yahoo Weather, World Air
Finance: Google Finance, Yahoo Finance, PayPal, Stripe, XigniteRealTime, Ally Invest
Government: A bunch of Government APIs, Cloud.Gov, US Census, 18F.gsa.gov
Additional: Wikipedia, Amazon Product, email to text, SmartSheet,SurveyGizmo, Bitly, SnapOCR, PasteBin, DropBox, Zoho, Zillow, imugr, Mailgun, MailChimp, Microsoft: Graph, MS Office: Excel Word SharePoint OneNote Outlook Yammer PowerPoint
Break-down of a REST API request via COM object
- Create COM object
- Open Endpoint (w/ parameters & Authentication if GET request)
- Set RequestHeader(s)
- Send (w/”payload & Authentication” for POST requests)
- Get response (body or text)
Main differences of oAuth1 verse oAuth2
Unfortunately there is no “standard” implementation of oAuth1 or oAuth2 however, at a high-level, here are some of the main conceptual differences:
oAuth1:
- Need a Key & Token from Webservice API (typically different than your username and password)
- You use your Key & Token in your API call
- oAuth1 is less secure and, generally, being phased out
- While being phased out often the “developers” (us) can use oAuth1 for development of the “app”
oAuth2:
- Need a Key and Token (same as oAuth1) however you use the Key & Token and some other parameters to perform a “handshake” which returns a secure token which typically times-out in seconds / minutes/hours
- Your token is restricted to the level of your account (or what has been authorized)
- The secure token is what is shared with your actual endpoint. (this allows other Social sites (like LinkedIn, Facebook, etc.) to assist your login but not have your username/password to the endpoint
HTTP and AutoHotkey Resources
HTTP Protocol & General Tutorials
- What is an HTTP Request
- Intro to REST APIs (Representational State Transfer) vs SOAP APIs (Simple Object Access Protocol)
- HTTP Headers for Dummies Request Headers ; HTTP Made really easy
- Types of Requests (GET and POST are by far the most frequent)
- YouTube discussion comparing Get vs Post
- 4 YouTube videos on oAuth2 Part 1, Part 2, Part 3, Part 4 ; Good video discussing various Authentication protocols
- Parse XML DOM, Xpath ,XDOM Properties & Methods, JSON
- Tools: Fiddler, Wireshark, Postman, Boomerang, SoapUI, F12/Developer tools / Network Traffic
AutoHotkey specific
- AHK Functions: WinHttpRequest by tmplinshi HTTPRequest from VxE
- URLDownloadToVar XMLHTTP Request for Asynchronous downloads
- Msxml2.XMLHTTP vs WinHttpRequest
- Multi-part/form data and AHK function to post it (often used when dealing with binary)
- Parsing: XML: XMLclass
- JSON: COCO JSON and Jxon AHK_Lib-JSON , VxE: AHK-Lib-JSON_ToObj , AHK-Lib-JSON_FromObj
Let’s make some API calls with AutoHotkey!
Weather Underground
- Dallas forecast in XML
- Dallas forecast in JSON
- Using WinHttpRequest
- Example with browser
Yahoo business
- Pizza restaurants in zip code 75019 in XML
- Pizza restaurants in zip code 75019 in JSON
- Using WinHTTPRequest
