otherWeb APIs
Now we're going to talk about using services on the Web that:
We'll start by examining twitter (woah! moment).
Pull the most recent tweets with the hashtag #cat.
You end up here: https://dev.twitter.com/rest/reference/get/search/tweets and wondering what to do next.
https://api.twitter.com/1.1/search/tweets.jsonq=#catresult_type=recentTry it and does it work?
I want my data. Boo!
Twitter isn't going to give it to you unless you authenticate you request with additional bits.
You must provide an OAuth bearer token:
Authorization: Bearer xyzzy1234somethingcrazyencodedinbase64
How do you get one of those? It's complicated...
https://api.twitter.com/oauth2/token with the content grant_type=client_credentialsPOST /oauth2/token ... Authorization: Basic [string from #3] Content-Type: application/x-www-form-urlencoded;charset=UTF-8 grant_type=client_credentials
Basic
You can't go any farther without a CORS enabled service.
You aren't allowed to access a service from a different domain.
CORS allows the other domain to indicate whether crossing origins is allowed.
You installed the Poster Firefox Extension, right?
If you did, you can follow along with this exercise we'll do right now.
Questions to think about:
What is the same origin policy and how does it work differently for embedded objects versus XMLHttpRequest?
What is Cross-Origin Resource Sharing (CORS) and how can it be used?