otherWeb APIs
Now we're going to talk about using services on the Web that:
We'll start by examining twitter (woah! moment).
Pull the most recent tweets with the hashtag #cat.
You end up here: https://dev.twitter.com/rest/reference/get/search/tweets and wondering what to do next.
https://api.twitter.com/1.1/search/tweets.json
q=#cat
result_type=recent
Try it and does it work?
I want my data. Boo!
Twitter isn't going to give it to you unless you authenticate you request with additional bits.
You must provide an OAuth bearer token:
Authorization: Bearer xyzzy1234somethingcrazyencodedinbase64
How do you get one of those? It's complicated...
https://api.twitter.com/oauth2/token
with the content grant_type=client_credentials
POST /oauth2/token ... Authorization: Basic [string from #3] Content-Type: application/x-www-form-urlencoded;charset=UTF-8 grant_type=client_credentials
Basic
You can't go any farther without a CORS enabled service.
You aren't allowed to access a service from a different domain.
CORS allows the other domain to indicate whether crossing origins is allowed.
You installed the Poster Firefox Extension, right?
If you did, you can follow along with this exercise we'll do right now.
Questions to think about:
What is the same origin policy and how does it work differently for embedded objects versus XMLHttpRequest?
What is Cross-Origin Resource Sharing (CORS) and how can it be used?