WEBVTT

00:00.540 --> 00:05.640
So every time that we've been working with the API, we've been doing it over the browser and we have

00:05.640 --> 00:12.270
the special ability where if someone signs in via the normal site, then they can use the API here and

00:12.270 --> 00:12.930
this all works.

00:12.960 --> 00:20.460
But what if you were trying to access the API from a mobile device or via a Kerl command, you would

00:20.460 --> 00:25.920
not have this luxury to be able to, you know, first log in and then do this like you have to do everything

00:26.160 --> 00:28.500
via Jason over an API.

00:28.640 --> 00:29.590
So to sure.

00:29.600 --> 00:31.440
To so you show you what this would look like.

00:31.780 --> 00:34.530
I'm going to make a new tab in my terminal here on the Mac.

00:34.530 --> 00:39.080
It's Command T, it might be different from your system or you could open up a new terminal window.

00:39.120 --> 00:44.360
But wherever it is, let's go ahead and do a curl for our projects.

00:44.370 --> 00:49.950
So we're gonna say Kearl and let's go ahead and just get all the different to DOS that we have, our

00:49.950 --> 00:52.140
current ones, which is just one right now.

00:52.170 --> 00:53.670
But let's go ahead and copy that.

00:53.670 --> 00:55.020
You are also going to copy that.

00:55.590 --> 01:00.300
Come back to my code here and I'm going to say Kerl and I'm going to pass in the Eurail that I'm looking

01:00.300 --> 01:07.170
for and if I hit Enter, it tells me, look, you didn't you don't have any authentication credentials.

01:07.200 --> 01:09.630
We're not going to give you anything which is really good.

01:09.930 --> 01:16.560
We don't want any bit anybody to be able to access these two dos unless that they're their own to do

01:16.560 --> 01:16.950
objects.

01:16.950 --> 01:17.100
Right.

01:17.130 --> 01:19.950
And if we don't know whose they are, we can't even provide them back.

01:19.980 --> 01:21.600
So it really makes sense that this is happening.

01:21.960 --> 01:25.820
But the question is, OK, how do I provide the information for this user, Nic?

01:25.980 --> 01:30.120
Well, using basic authentication, that's what it's called in the jangle risk framework.

01:30.690 --> 01:38.970
If we want to, you know, get this information we can using Kerl do Kerl do the full you are all there

01:38.970 --> 01:45.390
but then also pass a dash, underscore you and then provide inside of a string here like you'll see.

01:46.260 --> 01:49.020
Let me go ahead and stretch this out so you can see what this looks like.

01:50.090 --> 01:51.340
I think it's a little bit bigger.

01:51.370 --> 01:52.690
I'm going to do the user, Nick.

01:52.870 --> 01:59.070
And then you do Colen and then you type the parser, which in my case, I chose the ultra secure ABC

01:59.070 --> 02:00.070
d one, two, three, four.

02:00.250 --> 02:02.650
OK, so I'm going to provide that in a string.

02:02.650 --> 02:07.460
So the dash use for user and it also passes in that password if I hit enter.

02:07.480 --> 02:09.520
Now on this we'll look at this.

02:09.640 --> 02:10.390
Isn't this cool.

02:10.390 --> 02:13.900
It gives me back, you know, the same piece of information here.

02:13.920 --> 02:17.290
And you know, hey, this is how I can add an API to my Web site.

02:17.740 --> 02:18.520
All that good stuff.

02:18.550 --> 02:22.390
And if we wanted to, we also could do posts if we wanted to.

02:22.690 --> 02:26.920
Now, in order for this to happen, we're gonna have to pass on a lot of information, like we're gonna

02:26.920 --> 02:32.830
have to do the flag that says Capital X to specify that this is going to be a post.

02:33.280 --> 02:37.270
And, you know, we're going to say that we're gonna do this for Jason and we're going to type out the

02:37.270 --> 02:37.740
Jason.

02:37.750 --> 02:43.200
And I'd rather not get into that right now because we're gonna be doing this later when we're gonna

02:43.210 --> 02:47.380
learn how to make it so that someone can sign up for an account in log in for an account.

02:47.410 --> 02:53.260
Because what we've seen here, if someone, you know, wants to access the API and use the basic authentication,

02:53.800 --> 02:55.870
well, they can technically.

02:56.200 --> 02:58.900
But what if someone's signing up for the very first time?

02:59.290 --> 03:04.210
You know, because, you know, in our situation, no one needs to, quote, unquote, log in if they're

03:04.210 --> 03:05.290
using the API.

03:05.620 --> 03:11.080
Really, we just from the API perspective, need to know that this is the correct user and that they're

03:11.080 --> 03:17.140
authenticated, like sort of they have the right information to be able to use this API.

03:17.500 --> 03:20.280
And so, you know, we don't really need a log in.

03:20.290 --> 03:24.520
But if someone doesn't have an account or they could never, ever use the site.

03:24.550 --> 03:30.040
And there are some security issues, I think, with using the basic authentication here where people,

03:30.100 --> 03:36.130
every request have to pass in, you know, the username and the password, the big one being that if

03:36.130 --> 03:37.500
this does not go over H.

03:37.510 --> 03:41.230
TDP s, then none of this is going to be encrypted.

03:41.260 --> 03:43.040
And then you've got a big security fund.

03:43.180 --> 03:45.590
You should be using HTP s on your Web site.

03:45.640 --> 03:48.250
But even then, it's just one layer deeper.

03:48.250 --> 03:52.290
And for that we're gonna be using something called authentication tokens.

03:52.420 --> 03:55.600
So really a lot to get to here with authentication.

03:55.630 --> 03:59.260
But I wanted to show you one way that's already built in right now.

03:59.860 --> 04:06.730
But the big topics that we're gonna be diving into is making a sign up form for our API and then also

04:07.030 --> 04:13.450
passing back to the user authentication tokens, which in my opinion, is a much better way to use an

04:13.450 --> 04:14.770
authenticated API.