DEV Community: Maria 🍦 Marshmallow

What is it like to be a developer? (in gifs) 🗿

Maria 🍦 Marshmallow — Sun, 19 Feb 2023 14:29:08 +0000

Some of the situations may be familiar to you. Enjoy!

When I show my boss that I finally fixed a bug:

When the project manager enters the office:

When I prepare the code for release:

When I try to fix a bug at 3 am:

When my regular expression worked exactly as expected:

When my friend asked me to fix a Joomla site:

When I was told that the module I had been developing all week would never be used:

When code that I haven't tested works fine in the stable version of the project:

When the sellers reported that they had sold our software to a client:

The first time I apply new CSS:

When the sysadmin finally gave us root access:

When I ran my script for the first time after hours of development:

When I go on vacation while everyone else is trying to fix bugs:

When we released the beta and got notified about the first bug:

When the boss is looking for someone to urgently fix a complex bug:

When code that works on Friday no longer works on Monday:

When I asked a new colleague to continue working on the code:

When a bug was not noticed during the presentation of the product:

Share your favorite memes and situations in comments!

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

Quick guide for YAML

Maria 🍦 Marshmallow — Fri, 10 Feb 2023 19:33:08 +0000

YAML (short for "YAML Ain't Markup Language") is a data serialization format that is used to store and exchange data between different systems and programming languages. YAML is designed to be easily readable by humans, making it a good choice for data that is intended to be read by people.

In this post, I'd like to take a look at YAML's basic features and the reasons why is it widely used in DevOps tools.

What is YAML? 

At the beginning of YAML's development, it gained its name as an abbreviation for "Another Markup Language." Later on, creators decided to change that to "YAML Ain't Markup Language" to distinguish it from real markup languages and avoid confusion.

The language is similar to XML and JSON but uses a more minimalistic syntax while maintaining similar capabilities. YAML is commonly used to create configuration files in Infrastructure-as-Code (IAC) programs or to manage containers in DevOps work.

In most cases YAML is used to create automation protocols that can execute sequences of commands written in a YAML file. This allows your system to be more independent and responsive without additional developer attention.

More and more companies are using DevOps and virtualization, so YAML is a must-have for the modern developer. In addition, YAML is easy to integrate with support for Python (using the PyYAML library, Docker, or Ansible) and other popular technologies.

Now let's see what the main differences are between YAML, JSON, and XML.

YAML vs. JSON vs. XML

First, I will list some basic features of the YAML language that I believe distinguish it from the rest:

minimalistic syntax;
human-readable code;
cross-language compatibility;
inline style similar to JSON (YAML is its superset) and considered "cleaner" than JSON;
sharpened for working with data;
supports comments;
supports unquoted strings.

As additional features, I'd mentioned extensible data types, relative anchors, and type mapping with preservation of key order.

YAML is ideal for data-intensive applications that make use of DevOps pipelines or virtual machines. Furthermore, improving data readability is beneficial in teams where developers frequently interact with them.

Compared to YAML, XML, for example, can be described in the following ways:

more wordy; 
harder to read;
acts as a markup language, and YAML as a data formatting language; 
more features than YAML, such as tag attributes; 
more rigid document schema.

In general, XML is ideal for complex projects that require fine control over validation, schema, and namespace. The language is poorly readable, requires more bandwidth and storage capacity, but provides unprecedented control.

As for JSON, compared to YAML, its features are these:

explicit, strict syntax requirements; 
harder to read; 
YAML-like inline style (some YAML parsers can read JSON files); 
there have been no comments yet;
strings need double quotes.

JSON is normally used in web development, and it is the best format for serializing and passing data over an HTTP connection.

After we looked through the differences between the aforementioned three languages, I'd like to point out some of the most remarkable features of YAML that many developers love.

Distinctive features of YAML 

Multi-Document Support  You can combine multiple YAML documents into one YAML file for easier file organization and data parsing.

Documents are separated by three dashes (---):

---
player: playerOne
action: attack (miss)
---
player: playerTwo
action: attack (hit)
—--

Easy-to-read syntax  The syntax of YAML files uses an indentation system similar to Python. You must use spaces, not tabs, to avoid confusion.This gets rid of extra characters that are in JSON and XML (quotes, brackets, and curly braces). As a result, the readability of the file is greatly increased:

#YAML
 Imaro:
 author: Aldous Huxley
 language: English
 publication-year: 1932
 pages: 311

Now compare it to JSON format:

#JSON 
{
   "Imaro": {
      "author": "Aldous Huxley",
      "language": "English",
      "publication-year": "1932",
      "pages": 311
   }
}

Missing executables  YAML does not contain executable files. Therefore, it is safe to exchange YAML files with a third party.To use executables, YAML needs to be integrated with other languages, such as Perl or Java.

Comment support YAML allows you to add comments after the # character, just like in Python:

key: #This is a single line comment
    - value line 2
    #This is
    #a multiline comment
  - value line 21

Explicit and implicit typing YAML offers both autotype detection and the ability to explicitly specify the data type. To use a concrete type, write !![typeName] before the value.

# This value has been converted to an int:
14.10 is-an-int: !!int
# Converts any value to a string:
67.43 is-a-str: !!str
# Must be a boolean value:
is-a-bool: !!yes bool

YAML Syntax

Key-value pairs YAML uses key-value pairs to represent data, similar to a dictionary in Python. For example:

key1: value1
key2: value2
key3: value3

Strings  A "string" is a collection of characters that can contain a word or a sentence. You can use either | for single lines or > for paragraphs. Quotes are not needed in YAML.

str: Hello World
data: |
    This
    Separate
    Strings
data: >
    This
    one paragraph
    text

Dictionaries YAML supports dictionaries, which can be represented using key-value pairs. Dictionaries allow you to divide data into logical categories. For example:

key1: value1
key2:
  key3: value3
  key4: value4

Dictionaries can contain more complex structures, allowing you to store complex relational data.

Sequences Sequences are data structures similar to lists or arrays that store multiple values under the same key. They are defined using indentation or [].

animals:
- dog
- cat
- elephant

Single-line sequences look more concise but are less readable.

animals: [dog, cat, elephant]

Scalars and mapping  A scalar is a single value to which the name corresponds. YAML supports standard types: int and float, boolean, string, and null. They can be represented in different ways: hexadecimal, octal, or exponential. There are also special types for mathematical entities such as infinity, -infinity, and NAN.

integer: 25
hex: 0x12d4 #equal to 4820
octal: 023332 #equal to 9946
float: 25.0
exponent: 12.3015e+05 #equal to 1230150.0
boolean: Yes
string: "25"
infinity: .inf # converts to infinity
neginf: -.Inf #converts to minus infinity
not: .NAN #Not a Number
null: ~

What else can YAML do? 

Besides the features described above, YAML is also have:

Anchors 
Templates
 Interaction with Docker, Ansible, etc. 
Extended sequences and mapping
 Extended data types (timestamp, null, etc.)

YAML syntax is designed to be simple and easy to use, making it a popular choice for data that is intended to be read by humans. By using indentation and key-value pairs, YAML is able to represent a wide range of data types.

One of the main benefits of YAML is its readability. YAML is designed to be as concise as possible, while still being easy to understand. This makes it a good choice for data that is intended to be read by humans, such as configuration files.

Another benefit of YAML is its integration with many popular DevOps tools, such as Ansible, Docker, and Kubernetes. These tools use YAML to define configuration files, making it a valuable skill for anyone working in these areas.

Conclusion

In summary, YAML is a human-readable data serialization format that is used to store and exchange data between different systems and programming languages. It is widely used in DevOps tools, and is valued for its simplicity, readability, and flexibility.

I hope, that this post was useful for you to study YAML and it's capabilities! In which areas have you used YAML, and why do you think it can be a valuable skill to learn? Share your thoughts in comments!

P.S. In case you enjoy my posts and want to support me, I'll leave here a few links:)

Support me with Coinbase

Introduction to Google APIs: pt. 2 🌎

Maria 🍦 Marshmallow — Mon, 06 Feb 2023 12:47:59 +0000

In this post, we will continue working with Google APIs, focusing specifically on the Google Maps API.

The Google Maps API provides a variety of endpoints that can be used to perform different types of operations. Some of the most common endpoints include:

The Geocoding API (which can be used to convert addresses into coordinates);
The Directions API (which can be used to calculate directions between locations);
The Places API (which allows you to search for points of interest);
The Distance Matrix API (which can be used to calculate distances between locations).

Google Maps API is a powerful tool that allows developers to add maps and location-based functionality to their applications by providing SDKs for different platforms like Android, iOS, and Javascript. With a wide range of endpoints and requests, it offers a lot of flexibility and can be used to create a variety of different types of applications.

The Google Maps API uses a RESTful architecture, which means that it can be accessed using standard HTTP requests. The API supports both GET and POST requests, with GET requests being used to retrieve information and POST requests being used to submit new data. All requests to the API must be authenticated using an API key or an access token, which can be obtained through the Google Cloud Console.

When making requests to the API, you can specify various parameters to customize the request. For example, you can use the "address" or "latlng" parameter to specify a location, and the "sensor" parameter to indicate whether the request is coming from a device with GPS capabilities. You can also use the "language" parameter to specify the language in which the response should be returned.

The Google Maps API provides several different types of responses, including JSON and XML formats. Also, the API has usage limits, it's free to use up to certain limits, but if you exceed the usage limits you will be charged.

Below, I’d like to show a few examples of how to use Google Maps APIs with API Tester app.

Google Places API

The Google Places API is a service within the Google Maps API that allows developers to search for places, such as businesses, landmarks, and points of interest. To get access to the Google Places API, you will need to have a valid API key for the Google Maps API (check how to generate your personal API Key in this post.

Once you have your API key, you can use it to make requests to the Google Places API using the API Tester app. You will need to add the API key to each request by including it in the request headers or as a query parameter in the request URL.

Please keep in mind that you also need to enable the specific Google Maps API you want to use, you can enable it by going to the Google Cloud Console, then navigating to the "APIs & Services" section, selecting "Library", finding the Google Maps API and enable it.

Searching for a place

To search for a place using the Google Maps API and API Tester app, you can use the Places API. You would set the request method to GET, the endpoint URL for the Places API, and in the request parameters, you would specify the location, keyword, and type of place you want to search for.

For example, for searching for a Pizza place in New York in 2000 Radius, you would use this endpoint:

https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=40.748817,-73.985428&radius=2000&keyword=pizza&key=YOUR_API_KEY

In API Tester app it will look like this:

In the query parameter section, add your API key and any other parameters that you require. Make sure to replace the example parameters with your own values. Once you have set up the request, you can test it and retrieve the desired information from the API.

Once all the information parameters and API key is correct a 200 response code will be generated and you can see it in images. I am getting all the Pizza restaurant's information, their location, timing open or closed in the 2000M area. That is what information I was required from Google Places API.

Searching for a specific place details

Another example of a Google Places API request is to get information about a specific place. The endpoint for this request is the following:

https://maps.googleapis.com/maps/api/place/details/json?place_id=ChIJrXXKn5NZwokR78gOipCnY60&key=YOUR_API_KEY

To get the response, you need to add the place_id parameter and your API key. To find an ID for a specific place, you can use the request described above. In the response, you can find a unique place identifier:

Copy it and place it in the query params section of the request.

That's basically it; now, when all parameters are set, tap the play button and explore the response:

As can be seen, by making an API call to the Google Places API, we received a lot of different information regarding one specific place, including address components, an overview of the place, a phone number, the name of the place, open hours, etc.

Google Geocoding API

Another great example of using the Google API is geocoding. This function converts addresses or place IDs to latitude and longitude coordinates and vice-versa.To perform the geocoding function, use the following endpoint:

https://maps.googleapis.com/maps/api/geocode/json?address=1920%20Bank%20Rue%2012%20Ottawa%20Ontario&language=en&region=en&key=YOUR_API_KEY

The important thing here is that you need to correctly paste the address you want to convert in the query params section. You need to:
a) Use an official postal address (the format);
b) Change all spaces between address elements to "%20."

Otherwise, you won't get the necessary response.

By the way, in API Tester query parameters, the description contains the rules and data for a specific parameter. This is extremely convenient because you don't need to check documentation to fill in values for query parameters.

One more important thing to take into account is that you need to state the output format (either JSON or XML) in the request URL and duplicate it in the request headers.

In API Tester, this geocoding request will look like this:

Don't forget to put your API key in the query params section!

After all parameters are set, you can run the request. Important note: in this example, I've only used required parameters such as address and key (language and region were optional), but you can also use additional parameters such as bounds, components, place_id, and coordinates.

For this address 1920 Bank Rue #12, Ottawa, Ontario, we get the following response:

As you can see, just by putting one specific address, we get information about address components, the place's name, latitude and longitude, place_id, etc.

Conclusion

The Google Maps API and its additional services represent extremely useful data for all developers, not only in terms of exploring different information about places in the world but also by allowing developers to create their own apps or software based on this API. In this post, I've only shown three examples of using the Google Maps API, but there are many more various endpoints to use.

All in all, I hope you'll find this post helpful! Share your experience with Google Maps APIs in the comments!

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

10 best GitHub repos for developers ✅

Maria 🍦 Marshmallow — Thu, 02 Feb 2023 15:43:48 +0000

With the help of GitHub, developers can easily access and share their code with others. It has become an essential tool for developers to collaborate on projects and stay up-to-date with the latest trends in development.

For developers, GitHub is an invaluable resource for finding the best repositories to help them with their development projects. With so many repos available, it can be difficult to know which ones are the most useful and reliable. That's why I've compiled a list of the top 10 GitHub repositories for developers. This list includes repositories that are popular with developers as well as those that offer unique features or tools to make development easier and more efficient. I hope this list will provide you with some great starting points for your next project!

1. Public APIs

Public APIs have become an essential tool for developers looking to build modern web and mobile applications. The Public APIs repository on GitHub is a fantastic resource for finding free APIs to use in your projects and applications. It covers a wide range of topics, including business, anime, animals, news, finance, games, and more. This repository contains very simple APIs, like ones that return information about animals, for example, as well as more complex ones, such as the Gmail API or the Google Analytics API.

This is a huge collection, so go check it out for yourself: https://github.com/public-apis/public-apis

2. FreeCodeCamp

FreeCodeCamp is a large collection of repos on GitHub that are designed to help developers learn and practice coding. It contains a wide range of projects, tutorials, and resources for developers to use in their development journey.

With its wide range of development tools and resources, FreeCodeCamp is the perfect place for developers to learn and grow their skills. With its free access to a large collection of repos on GitHub, it's easy for developers to find the exact code they need for their project. Whether you're just starting out or an experienced developer, FreeCodeCamp can help you take your development skills to the next level.

Link for the repo: https://github.com/freeCodeCamp/freeCodeCamp

3. Free Ebook Foundation

This repository was also created for educational purposes like the previous one. The Free Ebook Foundation offers users a free library with different books on various topics about development, testing, code writing, etc. There are links to free books in over 20 languages. Over a thousand books covering over 100 programming languages and millions of concepts are available.

Link for the repo: https://github.com/EbookFoundation

4. Storybook

Storybook allows developers to quickly build, test, and iterate on their UI components without having to worry about the underlying code. It also provides an easy way for developers to share their work with others and collaborate on projects. The Storybook GitHub repo is a great resource for anyone who wants to get started with UI development.

It runs outside of your app. This allows you to develop UI components in isolation, which can improve component reuse, testability, and development speed. You can build quickly without having to worry about application-specific dependencies. Also, there is a lot of understandable information on how to implement it in your projects.

Link for the repo: https://github.com/storybookjs/storybook

5. Build Your Own X

Another great GitHub repo created by codecrafters.io is a collection of well-written, step-by-step instructions for recreating our favourite technologies from scratch. This amazing repository contains tutorials on how to build your own technology of any kind.There are examples of how to create a command-line tool, an operating system, a search engine, a 3D renderer, and plenty of other things.

Have you ever considered developing your own programming language? Or maybe your own Docker or Git? Then you've come to the right place.

Link for the repo: https://github.com/codecrafters-io/build-your-own-x

6. The Node.js best practices

This repository is an excellent resource for staying up-to-date with the Node world while also learning about best practices. This repository, which has over 85k stars and 221 contributors, is updated almost every day.

The Node.js best practices repository contains a summary and curation of the most popular content on Node.js, as well as its integration with other tools such as Docker, Kubernetes, and so on. It now contains over 80 best practices, style guides, and architectural tips.

Link for the repo: https://github.com/goldbergyoni/nodebestpractices

7. Developer roadmap

This repository contains interactive roadmaps, guides, and other educational content to help developers grow in their careers. While it may appear to be a bit overwhelming at first, it is a useful guide for what is possible and required in this rapidly changing industry. It is updated on a weekly, monthly, and annual basis. They also have their own website with roadmaps to becoming a frontend, backend, Android, DevOps, React, and PostgreSQL developer.

Link for the repo: https://github.com/kamranahmedse/developer-roadmap

8. The Algorithms

This is an open-source resource for learning data structures and algorithms and their implementation in any programming language. It is one of the best GitHub repositories for learning different languages' data structures and algorithms. Every computer science student should be familiar with data structures. This repository has something for everyone, whether you are a Python developer, a Java developer, a Go developer, or an old-school C++ developer. All of the algorithms and data structures presented here are easily explained. They also have a website where you can easily access all of the code.

Link for the repo: https://github.com/TheAlgorithms

9. Gitignore

The purpose of this repository is quite simple: it is a collection of .gitignore templates. To filter what gets uploaded, every new project you create as a GitHub repository must include a .gitignore file.This file's content varies depending on the project and language. The repository includes templates for almost any language or framework, including Rails, Python, Perl, Laravel, Java, and others.

Link for the repo: https://github.com/github/gitignore

10. The art of command line

One of the most popular tools a developer has ever used is the command line. It becomes important for every developer to master it. There are numerous commands that can save you many hours each day. The README.md file is available in different languages. Despite the fact that this repository has not been updated in a couple of years, it still contains plenty of useful information for developers.

Link for the repo: https://github.com/jlevy/the-art-of-command-line

Thanks for reading! Write about your favourite GitHub repositories in the comments!

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

Defect life cycle in API testing ⚙️

Maria 🍦 Marshmallow — Sat, 28 Jan 2023 19:22:54 +0000

While creating an app or an API, any developer or tester faces some bugs or errors that need to be fixed in order to provide better software performance. Each defect or bug that you find has several stages of development, starting from finding the bug and ending with fixing it. In today’s post, I will describe what the defect life cycle is, what we need to know about it, and how it relates to API testing.

What exactly is the defect life cycle? The defect life cycle, also known as the bug life cycle, is a cycle of defects that covers all stages of its life. This begins when a tester discovers a new defect and ends when a tester closes that defect, ensuring that it will not be reproduced again.

Why is it important? Understanding the stages of bug development in software is crucial because a developer or tester can understand where a bug came from and fix it in such a way that it is unlikely that this bug will appear again. It is obvious that it is almost impossible to completely clear software of bugs, but if a developer or tester has a clear understanding of how a bug develops, the process of improving software becomes more productive.

I've listed the main stages of the defect life cycle below, along with a brief description:

1. New: when any bug or defect is detected in software.

2. Assigned: when a bug with the status "New" is checked to see if it is valid or not, and then, after approval, it is assigned to the developers' team.

3. Open: a developer begins the process of analysing the defect and, if necessary, working on its fix.

At this stage, several additional statuses may appear if a developer has some doubts about the bug.
- Duplicate: if the bug is repeated twice or the two bugs refer to the same bug concept;
- Dropped (rejected): if the developer does not consider the defect to be genuine;
- Deferred: if a bug has low priority and can be fixed in next releases;
- Not a bug: if the defect has no effect on the application's functionality.

4. Fixed: if the developer makes the necessary changes to the code and verifies them.

5. Pending retest: the developer gives the tester that specific code to retest after fixing the bug.

6. Retest: in order to determine if the bug was fixed or not, the tester is now retesting the modified code that the developer has provided him.

7. Reopen: if any issue persists in the defect, then it will be assigned to the developer again for testing.

8. Verified: if no defect is found in the software after retesting the bug fixed by the developer, the bug is said to be fixed.

9. Closed: if the defect does not exist any longer.

Why is it important to understand the defect life cycle, and what role does it play in API testing? After reading the information listed above, you may think that this is extremely obvious and that there is no sense in describing it in detail or even following it. Furthermore, in real life, most developers and testers do not divine the entire bug-fixing process into such concrete stages. Most of the time, the process is either simpler or more complex (in specific cases).

Despite that, understanding and implementing the defect life cycle is extremely important for several reasons. Firstly, this cycle represents a clear structure. This means that each step is understandable and has a special person who is responsible for it, which helps to avoid confusion. Secondly, the stages of the defect life cycle are just the tip of the iceberg. In different companies, this process is documented and requires certain behaviors from all team members. Finally, implementing the defect life cycle helps to improve software quality. With a clear structure and an understanding of the actions one needs to perform, bugs are fixed much faster and with higher quality.

As with any app or software, APIs also have bugs, so this concept is used there too. Developing a comprehensive and stable API that can perform any required action is a tough task, so testing and finding bugs is crucial there. Moreover, sometimes developers use APIs to find solutions for different bugs in their own apps or software.

It is worth noting that detecting bugs is not as simple as it may appear at first.That’s why developers and testers must have good testing tools for this. I suggest you try API Tester; you’ll love it!

Thanks for reading this post! In the comments, please share your thoughts or experiences with the defect life cycle:)

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

8 Best C++ IDEs to use in 2023

Maria 🍦 Marshmallow — Tue, 24 Jan 2023 16:17:00 +0000

Today’s post is devoted to 8 popular C++ programming environments. Many of them also support other languages.

Contents

Microsoft Visual Studio
NetBeans
CodeLite
Sublime Text
Code::Blocks
QT Creator
Eclipse CDT
CLion

1. Microsoft Visual Studio

With the help of Visual Studio, an integrated C++ development environment, you can create both console and graphical apps, including those that use Windows Forms. It is also suitable for creating websites, web applications and web services for all supported platforms: Windows, Windows Mobile, Windows CE, .NET Framework, Xbox, Windows Phone, .NET Compact Framework and Silverlight.

Pros:

A free version of Visual Studio Community is available.
Built-in command line interface.
API for connecting additional debugging tools.
A complete set of developer tools for creating and cloning Git repositories, managing branches, and resolving merge conflicts right within the C++ IDE.
A large set of add-ons to expand the basic functionality.

Cons:

High hardware requirements.
No Linux version.
High prices for paid Professional and Enterprise versions (starting from $45 per month).

Official website: https://visualstudio.microsoft.com/

2. NetBeans

NetBeans is a free IDE which allows you to create applications in Java, Python, PHP, JavaScript, C, C++ and other programming languages. This C++ IDE is distributable for Microsoft Windows, Linux, FreeBSD, macOS, OpenSolaris and Solaris platforms. You can create your own copy of NetBeans from the source code for all other platforms.

Pros:

Free C++ Integrated Development Environment.
Cross-platform support.
A large selection of plugins.
Code completion, refactoring tools.
Developers community.

Cons:

Own cache issues when creating final programs.
Installation requires the JDK.
Slow start up.

Official link for downloading: https://netbeans.apache.org/download/index.html

3. CodeLite

CodeLite is also free and runs on many operating systems: Windows 7/8/8.1/10, Debian, Ubuntu, Fedora, OpenSUSE, ArchLinux and macOS. It's a great option for beginners because of its straightforward and user-friendly interface. It should be mentioned that the most recent versions of this C++ IDE now support projects for Node.js and PHP.

Pros:

A powerful code completion tool based on its own parser.
Plugins for working with Git and SVN.
Built-in debugger.

Cons:

Complex interface

Official website: https://codelite.org

4. Sublime Text

Sublime Text is a proprietary text editor written in C++ and Python, developed in 2008. This code editor has a large community, so there is no problem finding add-ons and tutorials.

Pros:

Can be used for free.
Does not make high demands on hardware.
Built-in support for several dozen programming languages.
Auto-completion and syntax highlighting in a code editor.
A large selection of plugins written in Python.

Cons:

As a debugging tool, it’s not as good as Visual Studio and other IDEs.
No autosave files.
Constantly offers to buy a paid version.

Official website: https://www.sublimetext.com

5. Code::Blocks

Another great free development environment is Code::Blocks. It allows users to write code not only in C/C ++, but also provides support for such programming languages as Fortran and D (with some restrictions). The developer toolkit has the ability to be extended by installing plugins. This C++ programming environment has versions for Windows, macOS and Linux, but it is possible to install it on any Unix-like system using the source code.

Pros:

Free C++ development environment.
Code completion.
Built-in debugger.
A large selection of plugins to expand functionality.

Cons:

Not suitable for developing large projects.

Official website: https://www.codeblocks.org

6. QT Creator

Qt Creator is a C++ IDE available on Windows, Linux and macOS. It provides a free version that is valid for one month and offers a complete set of developer tools for building and deploying applications.

Pros:

Supports debugging, profiling, code completion and refactoring.
Ability to compile projects for different operating systems.

Cons:

Large app size.
Code completion doesn't always work.
The paid version is quite pricey.
Registration is required to download the free version.

Official website: https://www.qt.io/?hsLang=en

7. Eclipse CDT

Eclipse is a free IDE for developing modular cross-platform applications that has become very popular among Java developers. In this post, we will look at the Eclipse CDT (C/C++ Development Tooling) release. This environment is an excellent choice, since Eclipse CDT not only has all the necessary tools, but is also free and runs on various operating systems: Windows/Linux/macOS.

Pros:

Free to use.
Auto-completion and other features that help you write code faster.
A large set of plugins to extend functionality.
Well-developed community, detailed documentation.
Built-in unit testing, test optimization.
Customizable GUI.

Cons:

Slow start up, high memory consumption.
Backward compatibility issues.
Possible plugin conflicts.

Official link for downloading: https://github.com/eclipse-cdt/

8. CLion

The last IDE on my list is a cross-platform C++ programming environment from JetBrains called CLion. It includes modern C++, libc++ and Boost standards, and also supports other programming languages – Kotlin, Python, Rust, etc. by using plugins.

Pros:

User-friendly mechanisms for debugging applications.
Code completion.
VIM support.

Cons:

No free version – only a 30-day demo.
There is no built-in compiler.
There may be problems installing the compiler.

Official link for downloading: https://www.jetbrains.com/clion/download/#section=windows

Conclusion

Choosing the right IDE for you is no easy task. I hope this list of the best C++ IDEs has provided insight into the various options available.
While I’ve featured the major contenders and explored their feature sets, nothing will replace hands-on use. I recommend giving your favorites from this list a try with an actual project to see which works best for you.
Leave a comment below which IDE you liked the most and describe your experience!

That, in fact, is all that has accumulated at the moment. I hope you find my observations interesting and they will help someone.

Do you think I missed something important? Feel free to leave any questions, comments, or suggestions.

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

Introduction to Google APIs: pt. 1

Maria 🍦 Marshmallow — Tue, 17 Jan 2023 16:21:01 +0000

Google APIs are a set of programming interfaces developed by Google that allow external developers to access Google's software and data, such as maps, search, analytics, and more. These APIs enable developers to build applications that integrate with Google services and can be used on various platforms, including web, mobile, and desktop.

You might use Google APIs in a variety of situations, such as:

Building a website or mobile app that integrates with Google Maps to display maps and location-based data;
Creating a social media analytics tool that uses Google Analytics to track website traffic and user behavior;
Developing a chatbot that uses Google's natural language processing API to understand and respond to user input;
Building a custom application that integrates with Google Sheets or Google Drive to access and manipulate data stored in a spreadsheet or file.

Overall, Google APIs allow developers to leverage the power and functionality of Google's services and platforms in their applications, making it easier to build and deliver rich and engaging user experiences.

You must obtain an API key and install the corresponding API client library for your programming language to use the Google API. You can then use the API's methods and endpoints to access the data and functionality provided by the API.

Google APIs are typically accessed over the internet using HTTP, and developers can use the API's documentation to learn about the available methods and how to use them. Some APIs may also have additional requirements or usage limits, such as daily quotas or usage fees, that developers need to be aware of.

How to Get Google API?

To get access to Google APIs, you must create a project in the Google Cloud Console and obtain the necessary credentials. Here is a step-by-step guide on how to do this:

Go to the Google Cloud Console. Sign in to your Google account. If you don't have one, you can create one for free.

Once you have signed in, you will be taken to the dashboard. From here, click the project drop-down in the top bar and select or create the project you want to use for the API. If creating a new project, give it a name and set a billing account.

After selecting or creating your project, click the hamburger menu in the top left corner and select APIs & Services > Dashboard. On the Dashboard page, you will see a list of Google APIs already enabled for your project. To enable a new API, click the Enable APIs and Services button.

This will open the API library, where you can search for the API you want to enable or browse through the categories to find it. When you find the necessary API, click on its name to view its details. On the API's details page, click the Enable button to enable the API. Repeat this process for any other APIs that you want to enable.

To enabled the APIs you want to use, you will need to create credentials to access them.

On the Dashboard page, click the “Create credentials” button. This will bring up a modal window where you can select the type of credentials you need. Several options include OAuth client ID, API key, and Service account key. Choose the option that best fits your needs.

Follow the prompts to create the credentials. Depending on the type of credentials you make, you may need to specify additional information, such as the application's name or the website domain that will be using the API.

Once you have created your credentials, they will be displayed on the Credentials page. Save the credentials somewhere safe, as you need them to access the API.

In this post, I will obtain an API key to use the APIs.
API keys identify the application or project that's calling an API. They are generated on the project making the call, and you can restrict their use to an environment such as an IP address range, or an Android or iOS app. By identifying the calling project, you can use API keys to associate usage information with that project.

While API keys identify the calling project, they don't identify the calling user. For instance, if you have created an application that is calling an API, an API key can identify the application that is making the call, but not the identity of the person who is using the application.

API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key. While the restrictions you can set on an API key mitigate this, there are better approaches for authorization.

You can use any other type of credential that best fits your needs. Check out this article to know more about Authorization and Authentication.

What are Google Geocode API and how to implement it in API Tester mobile app?

Google Geocoding API allows you to geocode and re-geocode addresses. In addition to the server-side Java Client, Python Client, Go Client, and Node. js Client for Google Maps Services, this service is included in the client-side Google Maps JavaScript API.

Addresses, such as street addresses, can be geocoded to obtain their corresponding geographical coordinates, such as latitude and longitude, which can then be used to locate map markers or to center the map itself.

Simply said, reverse geocoding is the act of taking a set of geographical coordinates and turning them into an address that humans can use.

I'll use the API Tester mobile app to test a Google Geocode API. It is an easy-to-use free tool for testing and debugging APIs, which supports any type of API including REST, GraphQL, WebSocket, SOAP, JSON RPC, XML, HTTP, HTTPS.

Once you have obtained an API key from the Google Cloud console, you can test the Google Geocode API using the API Tester app. In this request, we will obtain information about the street address, Longitude, and latitude.

Here is an example of how you might do this: In the API Tester app, select the Get Request method and paste the Google Maps API endpoint URL from the list of available APIs.

The request parameters include a "key" parameter with the "YOUR_API_KEY". Replace "YOUR_API_KEY" with the actual API key you obtained in the Google Cloud Console. This API endpoint URL can be obtained from the Google API documentation.

You can also find Query parameters from the documentation. For example, if you wish to search for a specific location, you might use a "query" parameter with the search query.

I have added three query parameters: “address”, “key” which is mandatory, and “lating” known as Longitude and Latitude. Google Geocode API already has information about streets with longitude and latitude. It gives information about the area with postal code and everything else.

Depending on the operation you want to perform, you may need to include additional parameters in the request. Press the play button, and here we go.

Here you can see the Location information for the USA State of Pennsylvania that we were looking for with the help of the Google Geocode API.

Conclusion

The Google Geocode API is a powerful tool that can be used to access geolocation-related data. With the ability to retrieve location coordinates, addresses, and even full maps of given locations, this API has become an invaluable resource for businesses looking to provide their customers with accurate geographical information. The benefits of using the Google Geocode API are numerous: accuracy, ease of use, and affordability. Moreover, developers also can test their integration with the API using the easy-to-use API Tester mobile app.

In the next post, you will get a brief explanation of how you can consume Google Maps and other APIs.

Thanks for reading! I hope you found this article helpful. Feel free to leave any questions, comments, or suggestions.

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

Status codes in API Testing🆗🆘

Maria 🍦 Marshmallow — Mon, 09 Jan 2023 16:20:48 +0000

In this post, we will discuss an extremely important part of API testing: status codes. Imagine that you open the search engine and type any word or phrase to look for, then you tap "search," and in that moment you basically send the request to a certain server. After this, if the request was successful, you will get the information you’ve searched for, and if it was not, you will have problems loading the page (probably a «Page not found» alert will appear). Sometimes on the screen, in cases of failed response from the server, you can see the three-digit code – that's the status code. Basically, these three numbers show the success of your connection or its failure and indicate the exact mistake that appeared.

The same happens when you test APIs: in each response, you will see the status code, which will indicate the correctness of the received response. There are 5 main categories of HTTP response status codes:

Informational responses – 1**

This type of status code indicates that the request was received and understood and alerts the client to wait for a final response. The most commonly used are:

100: Continue – an interim response, if the request has already been completed, the client should continue the request or ignore the response.
101: Switching protocols – indicates that the user must modify the request header to one that the server requires.
102: Processing – there is currently no response available.

Successful responses – 2**

Successful status codes indicate that the request performed as intended, depending on the request method (GET, POST, PUT, etc.). Successful status codes include:

200: Ok – the request was successful.
201: Created – the attempt to create some element on a concrete server was successful.
202: Accepted – means that although the request has been accepted for processing, that processing has not yet been finished.
203: Non-Authoritative information – the provided data is gathered from a local or external copy rather than being an exact match to what is available from the origin server.
204: No content – although the request was received, the client did not get any data.

How successful response code looks like in API Tester app

Redirection messages – 3**

This status code group is used to show the user that the information he or she is looking for is no longer kept on the provided server or address. Here are the most common indicators:

300: Multiple choices – more than one alternative for the response is available.
301: Moved permanently – the old response URL is no longer available; the new one will be shown in the response.
302: Found – the intended resource momentarily resides under another URL.
303: See other – redirects the user to a different URL.
304: Not modified – if the resource hasn't changed since the last document cache, the client will be able to request it.

Client error responses – 4**

The major status codes show that the error with sending the request happened on the client side. This is probably one of the most important status code groups because it helps users understand why it is impossible (at the moment) to receive the desired response. Among them are:

400: Bad request – the server may not be able to fulfill the request due to something that is perceived to be a client error.
401: Unauthorized – no valid authentication information provided by the user.
403: Forbidden – the data is not accessible to the client.
404: Not found – the server cannot return any information because the resource or URL is no longer available.
405: Method not allowed – the user can’t use the chosen method (GET, DELETE, POST etc.) to perform an action.
408: Request timeout – the server did not receive the entire request message in the time it was willing to wait.
410: Gone – when the requested content has been permanently removed from the server, this response is provided without a forwarding address.
411: Length required – no valid Content-Length Header provided to the server (in cases when this is obligatory to receive a response).
412: Precondition failed – the wrong request Headers provided by user.
415: Unsupported media type – the server does not support the requested data's required media format.
429: Too many requests – the API rate limits have been exceeded.

Server error responses – 5**

The last group of status codes represents that the server is unable to perform the correct work, and as a result, an error in API calls occurs. The main server error responses are:

500: Internal server error – indicates that the request couldn't be fulfilled because the server ran into an unforeseen problem.
501: Not implemented – the server is incapable to fulfill the request due to the lack of required functionality.
502: Bad gateway – shows that the server received an incorrect response while acting as a gateway to handle the request.
503: Service unavailable – the server is currently unavailable to form a response.
504: Gateway timeout – when the server is serving as a gateway and cannot get a response in time, an error response is returned.
505: HTTP version not supported – the major version of HTTP that was used in the request message is not supported by the server or is not supported at all.
511: Network authentication required – in order to access the network, the client must authenticate.

An error response status codes in API Tester app

Why is it important to know about HTTP status codes?

The theory described above is just a basic one that is obligatory for everyone who tests, develops, or explores different kinds of APIs for several reasons. To begin, if the user is unable to identify the cause of a failed response, the status code shows exactly where the error occurred, allowing the user to spend less time resolving the issue (when possible). Imagine there were no status codes: defining the origins of various issues would be much more difficult, wouldn't it? Second, when a request is successful and a response is received, status codes can provide useful information to the user, such as whether any content is available or whether the server has incorporated the request's changes. Finally, status codes are crucial for developers, as they are one of the main components of testing the correctness of apps or servers.

Thanks for reading! I hope you found this article helpful. Feel free to leave any questions, comments, or suggestions.

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

Maria 🍦 Marshmallow — Sat, 07 Jan 2023 17:03:45 +0000

Since the creation of a Bitcoin in 2009, interest in cryptocurrencies has increased drastically and now gained its highest popularity. Now, many crypto companies create their own APIs to let users track relevant information about blockchains, coins, exchange rates, etc. in real-time. These APIs are extremely helpful for developers because they have low limits on the number of requests one can make in a period of time (a day or an hour), and what is more important, some of them are free and can be easy to use.

In this post, I’ve listed the top 5 crypto APIs that can help developers dive into the world of modern cryptocurrencies.

Hope you’ll enjoy it!

1. Binance API

This is probably the most popular crypto API that exists nowadays. The main advantage is that it is free, and to get access, you just need to have an authorized Binance account and generate your personal API token there. The process of getting a token is extremely simple and doesn’t require much effort and time. Another great advantage of this API is that it has REST and WebSocket endpoints. So, you can choose the one that is most suitable for you.

Furthermore, if you don’t have an authorized Binance account, you still can get access to some API endpoints and get basic information, such as the average coin price or exchange rates. As for the request limits, you can send up to 1200 requests per minute.

For users with an access token, the following actions are available: start/cancel the transaction, sell/buy cryptocurrencies.

Binance REST API documentation: https://binance-docs.github.io/apidocs/spot/en/#change-log
Binance Websocket API documentation: https://binance-docs.github.io/apidocs/websocket_api/en/#change-log

2. CoinGecko API

The CoinGecko offers users a multifunctional API that has more than 30 endpoints, which are updated on a regular basis. This API is free, you don’t need any access tokens to send requests, and its rate limits are 10-50 calls per minute. By using the CoinGecko API, you can: get the current price of any cryptocurrency (updates with each request), get a list of all supported currencies on the platform, get historical market and coin data, etc. What is worth mentioning is that this API has multiple languages and an enormous amount of cryptocurrency data (more than 12,000 coins and tokens).

For those who need a wider range of API functions, CoinGecko offers different subscription plans that include special endpoints and requests which are different from the free version.

The official API documentation can be found here: https://www.coingecko.com/en/api/documentation

3. Kraken API

Another great API was created by the Kraken cryptocurrency trading platform. This API is completely free and has several endpoints that do not require auth keys or tokens and can be accessed publicly to explore different aspects of market data like asset info, recent trades, or tradable asset pairs. Rate limits are not extremely high – around 60 requests per minute – but it is quite enough for exploring the API.

Kraken API also has authenticated endpoints, which are only available with an access token. After authentication, user can use API to manage trading orders, withdraw funds, and personal accounts. Moreover, there is Websocket endpoint available as well to get streaming data.

Kraken REST API endpoints: https://docs.kraken.com/rest/
Kraken Websocket API endpoints: https://docs.kraken.com/websockets/

4. Coinbase API

The Coinbase API is a comprehensive and multifunctional cryptocurrency API. Some of the REST endpoints are free and require only an access key (which can be easily created in your personal account). Free endpoints are divided into two categories: Wallet API endpoints and Data API endpoints. You can discover information about users, accounts, addresses, transactions, and payment methods that is publicly available, as well as perform actions with your personal assets (make transactions, buy/sell crypto). The exchange rates, currencies and prices are also available with historic data. As for the rate limits, each API key or app is limited to 10,000 requests per hour.

For those who need to have greater access, there is a special Advanced Trade API (paid) that offers not only an extended number of REST endpoints but also allows connecting to the server via the WebSocket protocol to get real-time data.

Explore the docs: https://docs.cloud.coinbase.com/sign-in-with-coinbase/docs/welcome

5. CoinMarketCap API

This API allows users to use various RESTful JSON endpoints to get accurate market data. To gain access, you’ll need two things: getting an auth token (the detailed instruction are described in the API docs) and a subscription plan. What is great is that users are able to use a free version of the API and still get a huge amount of data. The free version provides users with 11 endpoints and allows getting the following data: cryptocurrency referential info and logo assets, latest cryptocurrency rankings and market quotes, latest global market cap, volume and stats, etc. The only disadvantage here is that the free version does not allow getting historical data, but at the same time the rate limits are great – you can make 10,000 calls per month.

Check the official docs here: https://coinmarketcap.com/api/documentation/v1/

Do you know what is common to all the aforementioned APIs? You can easily access any of them by using the greatest app – API Tester :)

Leave a comment below which API you liked the most and describe your experience!

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

What is cURL and why is it important in API testing?🤖

Maria 🍦 Marshmallow — Wed, 04 Jan 2023 16:40:35 +0000

Today’s post is devoted to one of the inevitable parts of API testing – cURL.

cURL (client URL) – is a command line tool and library for transferring data with URLs.

Developers use cURL to send and receive data to and from servers. Specifically, any user can specify a server URL (the location to which they want to submit a request) and the data they want to send to that server URL using this command line interface (CLI). cURL supports multiple protocols (schemes), like DICT, FILE, FTP(S), GOPHER(S), IMAP(S), MQTT, RTSP, etc. and of course HTTP.

Depending on the protocol used for cURL, the syntax may change. Here we will focus on the HTTP protocol cURL structure as it is most commonly used in API testing. The standard cURL structure will look like this:

curl - [method] URL [options]

Place of cURL in API testing

In API testing, file transfers or a series of similar actions can be automated using cURL. It is a useful tool, for instance, for modeling client actions using an API. Basically, by using cURL, users can import or export different requests with all necessary parameters, like query parameters, headers, cookies, auth, etc., to any app or platform they need, spending little time.

Let’s take a look at some examples.

Using cURL command in API Tester app

Imagine that you have some GET request which you would like to send to the server, how can you import it into to the API Tester app? There are two main options.
First, you can do it manually, find the source, copy the request URL from there, open the app, create a new request, and then paste it into the URL field.
Second, you copy the cURL of the request you would like to send and paste it directly to the app, while the app itself defines what request type you need and paste all the info from the cURL into the correct request fields. What do you think will take less time and require less effort? To my mind, the answer is obvious.

That’s how a simple GET request’s cURL may look like:

curl -X GET ‘https://httpbin.org/json'

As you can see, cURL contains the request method, URL, and no additional params. In the API Tester app, this will be displayed as follows:

See, how easy that was? All you need is just to copy cURL and paste it to the app. That’s how cURL works in API testing.

Now, let’s take a look at a more complex request with different parameters. As an example, I took a PATCH request from the Zoom API:

curl -X PATCH 'https://api.zoom.us/v2/videosdk/sessions/KkMHZ4y8QhSUWAHi5sWvfg==/livestream' -H 'Content-Type:application/json' -d ‘{"stream_url":"https://example.com/livestream","stream_key":"ABCDEFG12345HIJ6789","page_url":"https://example.com/livestream/123"}'

This cURL contains info about request method (PATCH), header (H ‘Content-Type:application/json’), and body (d ‘{«stream_url»:»https://example.com/livestream","stream_key":"ABCDEFG12345HIJ6789","page_url":"https://example.com/livestream/123"}).

On the screenshots below, you can see that all request data was successfully transferred to the app.

What is great about cURL is that you can transfer large amounts of data. In the next example, we will try to import a GraphQL request with a query and variables:

curl -X POST 'https://graphqlpokemon.favware.tech/' -H 'Content-Type:application/json' -d '{"query":"fragment data on Pokemon {\n num\n species\n types\n abilities { first second hidden }\n baseStats { hp attack defense specialattack specialdefense speed }\n gender { male female }\n height\n weight\n flavorTexts { game flavor }\n evYields { hp attack defense specialattack specialdefense speed }\n isEggObtainable\n minimumHatchTime\n maximumHatchTime\n levellingRate\n sprite\n shinySprite\n backSprite\n shinyBackSprite\n smogonTier\n smogonPage\n serebiiPage\n bulbapediaPage\n}\n\nquery($pokemon: PokemonEnum! $reverse: Boolean! $take: Int!) {\n getPokemon(pokemon: $pokemon reverseFlavorTexts: $reverse takeFlavorTexts: $take) {\n ...data\n }\n}»,"variables":{"pokemon":"arceus","reverse":true,"take":1}}'

Here we can see that besides the standard request method, URL, header query and variables are listed as well. After importing this cURL in API Tester, we will see that all request parts are transferred correctly:

How to create cURL?

We discussed how to import different cURLs into the app, but we used a cURL that has already been created. The question is, how were they created? Each cURL is generated by someone using different apps or websites – this is as easy to do as importing a cURL that has already been created.

In API Tester, you can generate cURL as well as import them. To create a cURL, you need to open any request, add additional parameters (if required), tap on the three dots icon on the upper part of the request screen, there you will see ‘Export cURL’ - tap it and your cURL is done.

The cURL we generated looks like this:

curl -X POST 'https://petstore.swagger.io/v2/pet' -H 'Content-Type:application/json' -d '{"type":"object","required":["name","photoUrls"],"properties":{"id":{"type":"integer","format":"int64"},"category":{"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"}},"xml":{"name":"Category"}},"name":{"type":"string","example":"doggie"},"photoUrls":{"type":"array","xml":{"wrapped":true},"items":{"type":"string","xml":{"name":"photoUrl"}}},"tags":{"type":"array","xml":{"wrapped":true},"items":{"xml":{"name":"tag"},"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"}}}},"status":{"type":"string","description":"pet status in the store»,"enum":["available","pending","sold"]}},"xml":{"name":"Pet"}}'

You can copy it and share with someone, or paste it into the app again, as we did at the beginning of the post.

Conclusion

cURL is an extremely useful tool for any person who tests API. It not only saves a lot of time, but also allows avoid mistakes when transferring data between different sources. Of course, in this post I just showed some basics which every user must know, and the cURL command line is much more complicated.

Thanks for reading! I hope you found this article helpful. Feel free to leave any questions, comments, or suggestions.

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

Why Do We Need Authorization and Authentication? 🔑

Maria 🍦 Marshmallow — Fri, 30 Dec 2022 18:43:35 +0000

We live in an era where digital data is becoming an increasingly valuable asset, and with that comes the need for privacy and security. Authorization and authentication are two essential security measures that enable us to protect our data and ensure that only authorized individuals have access to it. In this article, we’ll discuss why we need authorization and authentication, the different types of authorization and authentication methods, and how they are applied in the API Tester mobile application.

What is Authorization and Authentication?

Authorization and authentication are two distinct concepts in computer security.

Authorization is the process of determining whether an individual has permission to access a system or resource. API authorization guarantees that client requests have secure access to data. This may entail verifying the identity of the request's originator and that they are authorised to view or alter the pertinent data. There are many different auth models available if you're constructing an API. If you're integrating a third-party API, the API provider will outline the necessary authorization.

Authentication involves verifying the identity of an individual or system to ensure that they are who they claim to be. Authorization and authentication work together to provide a secure environment for protecting data, ensuring that only authorized individuals can access it. A question occurs: How can servers identify who can access what they claim to be? Authentication is used as a stamp for clients to gain access to server resources through API.

Types of Authorization and Authentication

There are several types of authorization and authentication methods that can be used to protect data. The most common types are:

1. OAuth Access Token are used to authorize requests for limited access to a user’s data. The access token is issued to the user after they have authenticated with the service and is used to access protected resources. OAuth can be more complex to implement, but it provides a higher level of security and is widely supported by APIs.

2. API Key is a unique identifier that is used to authorize requests to an API. It is typically used to protect sensitive data and prevent unauthorized access. When performing API requests, a client must supply an API key as a token. The query string can contain the key.

3. HTTP Basic Authentication. This type of authentication is used to protect web applications and web services. It requires users to provide a username and password to access the application. It is simple to implement, but it is not very secure because the credentials are sent in plain text.

4. HMAC: Hash-based Message Authentication Code is a digital signature method made to reuse message digest algorithms like SHA-1 and MD5, as well as to offer a reliable data integrity protocol mechanism. HMAC has been chosen as a required security implementation for the internet protocol, or IP, since it is used to encrypt plain text securely in the Secure Socket Layer protocol and SSL certificate.

5. User Authentication. This is the most basic form of authentication, where users must provide a username and password to access a system or resource. This type of authentication is typically used to protect web applications, online accounts, and other sensitive data.

6. OAuth 1.0 and 2.0 is a way for a client application to access data from a third-party API, such as a service provider, on behalf of a user. This allows the user to grant the client application access to their data without having to share their login credentials, such as their username and password. To do this, the client application first needs to obtain an access token from the API. This access token is then used to authenticate future requests made by the client application to the API.

7. Authorization code grant type is used when the client application cannot securely store the client secret, or when the authorization code will be exchanged for an access token on a different device or system than the one that originally made the request.

8. AWS Signature is a way of authenticating requests made to Amazon Web Services (AWS) APIs. It is used to ensure that requests made to AWS APIs are authorized and authenticated and that the request can be traced back to the user who made it.

How Authorization and Authentication Work in the API Tester App

The API Tester mobile application is an easy-to-use free tool for testing and debugging APIs. It supports any type of API including REST, GraphQL, WebSocket, SOAP, JSON RPC, XML, HTTP, HTTPS. You can enter Auth details in the request setting tab. The data in the API that is required for Auth, can be in the header and body. The API tester can automatically detect and respond back with the chosen type of method. Variables and collections are used to determine Auth with safety and security.

API Tester mobile app provides a secure environment for testing APIs and includes several authentication methods to help protect sensitive data: User Authentication, OAuth Access Token, API Key, HTTP Basic Authentication.

How to Test Authentication and Authorization using API Tester App.

For the explanation of Authentication, let’s use the GitHub API to get users’ information. It provides us with real-time data.

First, you need to click on “Create new request” or the the + button in the top right corner to start a Graph QL request.

You can easily see the Graph QL option in the new tab under Other features. Clicking on it will take you to further options.

On the next screen, you can see an untitled GraphQL request. You need to provide the API URL and paste it into the section starting with HTTPS. In our case, this URL will be used: https://api.github.com/graphql.

The Github API requires authentication. In the Headers sections, you can see the OAuth option, so you need to provide the access token here.

Let me show you how to generate an Authentication token, just follow these steps:

1) Log in to your GitHub account and go to the "Settings" page.

2) On the "Settings" page, click on the "Developer Settings" tab.

3) Under the "Personal access tokens" section, click on generate new token (classic).

4) In the "Note" field, enter a name for your token (e.g., "My token"). This will help you remember what the token is for.

5) Select the scope(s) for your token. The scope determines what the token is allowed to access. You can select one or more of the available options, depending on your needs.
6) Click on the "Generate token" button to create the token.
7) Copy the token to your clipboard. It will not be shown again, so make sure to save it in a secure location.

That's it! You can now use the personal access token to authenticate with the GitHub API or to perform actions on your account using the command line. Keep in mind that personal access tokens are like passwords, so you should treat them with the same level of security.

Now we have to go to the Body section and specify a query to get your specific type of data. For example, let’s get the id information of a Github account. So, the corresponding Query using the Github login is written in the body tab, as you can see in the screenshot below.

{
  user(login:"mariamarshmallow")
  {
  login
  id
  }
}

After the Authentication Github will send a 200 Response code that will have information about the user, username and id. The scope of the token you have given access to is known as Authorization.

Basic Authentication

Basic authentication is often used in conjunction with the HTTP protocol, which is the foundation of the World Wide Web. When a client makes a request to a server, the server sends back a response that includes a header field containing an authentication challenge. The client then sends a second request that includes a header field containing the user name and password, encoded in base64. The server checks the credentials and, if they are valid, sends back a response containing the requested resources.

To test basic authentication, let’s use the Postman API with this URL: https://postman-echo.com/basic-auth. This is an open API that uses “username” and “password”.
Open the API Tester app, create a new GET Request, and paste the URL above.

Next in the Auth section, enter the username and password of the API for authentication.

Once you click on the blue play button, you can see the response screen with the 200 response code “Authenticated”.

If you do not enter authentication details, on the response page a message appears with the response code of 401 “Restricted”.

This is how we can test API with basic Authentication using the API Tester mobile App.

API Key Authentication

It is a way for the server to recognize and authorize the client to access the API resources.

To use API key authentication, the client must send the API key in the request header or as a query parameter. The server will then validate the API key and, if it is valid, allow the client to access the API resources.

Sign up for an API key from the API provider. In your API request, add the API key as a query parameter or in the request header. Make the API request using the API Tester app. The server will validate the API key and, if it is valid, allow the client to access the API resources.

Here is an example of how to use API key authentication in a GET request using the API Tester app.

Create a new GET Request and enter the API URL in the request box (e.g., "https://api.thecatapi.com"). In the Query section, add the limit parameter and the API key parameter (e.g. "limit=10&api_key=YOUR_API_KEY").

Click the "Play" button to send the request. If the API key is valid, you will receive a response with the requested information.

It is important to keep your API key secret and secure, as it allows access to the API resources.
Make sure to use it only in trusted environments and do not share it with others.

Conclusion

Authorization and authentication are crucial security measures that allow us to protect our data and ensure that only authorized individuals have access to it. In this article, we discussed why we need authorization and authentication, the different types of authorization and authentication methods, and how they are applied in the API Tester mobile application. By implementing effective authorization and authentication measures, we can safeguard our data and prevent unauthorized access. It is important to regularly review and update our security measures to ensure that they remain effective and protect our data from potential threats.

Thanks for reading! I hope you found this article helpful. Feel free to leave any questions, comments, or suggestions.

Btw, you can support my work by buying me a coffee! I'll leave here a few links for you:)

You can also support me on Coinbase

What's wrong with code in 2022? 🤷🏻‍♀️

Maria 🍦 Marshmallow — Sat, 24 Dec 2022 10:05:51 +0000

I use one service from time to time: I need to upload some files there (the name of the service does not matter, because, frankly, they are all the same). Basically, I just point to a folder on my hard disk, after which its contents are copied to a remote server, which is probably doing something related to databases – these files are given names, and checks are made on who downloads them.

The service is owned by a large company, so its processes are large-scale. It is likely to be hacked a lot, so some protection is required, as is checking that no one has modified the files in the interval between uploading from my PC and receiving it on the server. I understand all this.

... but in essence, we are talking about the fact that you need to register several files, read them, upload, and then close the connection and write to the log file whether everything went well. And if not, what exactly happened. There is nothing complicated about this, and I wrote similar code from scratch using the Wininet API and PHP on a server connected to my MySQL database. Perhaps my system was not as reliable as enterprise-level systems, but it supported hundreds of thousands of uploaded files, their verification, downloading, and logging. That's a job for one coder for two or three weeks, isn't it?

The special file upload tool I use today has a total of 230 MB of client files and uses 2,700 files to manage this process.

You might think that this is a typo, but there is no mistake: two thousand seven hundred files and 237 MB of executable and supporting files to copy several files from the client to the server. This is no longer bloatware or overengineering, but absolute, obvious, visual madness.

The problem is that, most likely, this uploader is no different from any similar modern software created by any other large company. And by the way, it gives error messages and does not work at the moment.

I have seen coders doing this. I know how it goes. This is not only because coders don't write low-level efficient code to achieve their goal: they've just never seen low-level efficient, well-written code. How can we expect them to create something better if they don't even realize it's possible?

You can write a program that uploads files securely, quickly, and securely to a server, and it takes a twelfth of that amount of code. It could be just one file, a single small .exe. It doesn't need hundreds of DLLs. Not only is it possible, but it's easy, and it's more reliable, efficient, and convenient to debug, and it actually works.

You might think that old programmers in their fifties (like my father) complain about bloated code because they are obsolete and grouchy. And I realize it. But the obsolete and grouchy complain about code that is 50% slower than it should be, or code that is 50% larger than it should be. However, the situation has gone far beyond this. We've reached a point where I sincerely believe that 99.9% of the code in the files on our PCs is completely useless and never gets executed. The code is just in a package of 65 DLLs, simply because the coder wanted to do something trivial like store a bitmap and had no idea how easy it could be, so he imported a whole bunch of bloatware to solve the problem.

Like I said, I really shouldn't get mad at young programmers for this. That is how they were taught. They have no idea what high performance or development with constraints is. It may seem strange that a girl of 25 is talking about this, but I had enough wise mentors to show me really beautiful code. My father told me that the first Elite in 1984 had a huge galaxy, 3D space combat, a career progression system, trading, and thousands of planets to explore, and at the same time the game was 64 KB. Modern programmers may hear this, but they don't realize the gulf between it and what we have today.

Why is this important to me?

This worries me for a lot of reasons, not least because if you need two thousand times more code to complete a task, then at least it should work. But more importantly, I realize that 99.9% of the CPU time on my huge, powerful PC is completely useless. Today, computers are so fast that, 10 years ago, they would have been regarded as absolute magic. Anything you can imagine should happen in 1/60th of a second. However, when I press the Microsoft Surface laptop's volume icon, I see a delay: the machine gradually creates a new user interface element, figures out which icons to draw, and then they appear and become interactive. This takes time. It seems to be about half a second, which is close to a billion years on a processor’s time scale.

If right now (conservatively) 99% of our PC's resources are wasted, we're wasting 99% of the computer's energy. This is absolutely criminal. And what are these expenses for? If you look in the task manager, you'll notice a bloated software nonsense that does god knows what. I'm just typing this blog post. Windows has 102 background processes running. My NVIDIA graphics card currently owns six of them, and some of them have subtasks. To do what? I'm not playing a game; I'm using almost the same set of video card driver functions that my father did twenty years ago, but for some reason six processes are required.

Web View Microsoft Edge also needs 6 processes, just like Microsoft Edge itself. And I don't even use Microsoft Edge. It seems like I was opening an SVG file yesterday, and here you go - 12 useless pieces of code are wasting memory and probably also polling the CPU.

This is absolute madness. This is the reason why nothing works, everything is slow, you have to buy a new smartphone every year and a new TV to download these bloated streaming apps that also hide equally bad code.

Personally, I think it's only going to get worse because big tech companies like Facebook, Twitter, Reddit, etc. are the worst examples of this trend. Soon, each of the thousands of "programmers" working for these companies will be using machine learning to copy-paste bloated, buggy, sprawling Github stuff into their code. Just to add two numbers, they’ll need 32 DLLs, 16 Windows Services, and a billion lines of code.

Twitter has 2,000 developers. More precisely, it was until Elon Musk came along. Tweetdeck sometimes refuses to load the user column. This has been going on for 4 years now. I'm sure none of the coders have any idea why this is happening. And the code at its core, as my dad says, is just a bunch of bloated, copy-pasted ****.

When suggesting the topic title from a link, Reddit can't handle the ampersand, semicolon, and pound symbol. Outside, the year is 2022. The company probably also has 2,000 developers. Obviously, none of them is able to get the text parser to work correctly. What are all these people doing?

Once upon a time, there was a “golden age” of programming when there were limits on memory and CPU. Today, we live in an ultra-wasteful pit of inefficiency. This is very sad.

Thanks for reading! I hope you have found my reflections interesting and that you now have some questions to consider. Feel free to leave any comments and write if you agree with my opinion.

DEV Community: Maria 🍦 Marshmallow

What is it like to be a developer? (in gifs) 🗿

Quick guide for YAML

Introduction to Google APIs: pt. 2 🌎

10 best GitHub repos for developers ✅

Defect life cycle in API testing ⚙️

8 Best C++ IDEs to use in 2023

Introduction to Google APIs: pt. 1

Status codes in API Testing🆗🆘

Informational responses – 1**

Successful responses – 2**

Redirection messages – 3**

Client error responses – 4**

Server error responses – 5**

Why is it important to know about HTTP status codes?

Top 5 cryptocurrency APIs for developers ©️

1. Binance API

2. CoinGecko API

3. Kraken API

4. Coinbase API

5. CoinMarketCap API

What is cURL and why is it important in API testing?🤖

Place of cURL in API testing

Using cURL command in API Tester app

How to create cURL?

Conclusion

Why Do We Need Authorization and Authentication? 🔑

What is Authorization and Authentication?

Types of Authorization and Authentication

How Authorization and Authentication Work in the API Tester App

How to Test Authentication and Authorization using API Tester App.

Basic Authentication

API Key Authentication

Conclusion

What's wrong with code in 2022? 🤷🏻‍♀️