- Reading: HTTP: The Protocol Every Web Developer Must Know - Part 1
- Reading: HTTP: The Protocol Every Web Developer Must Know - Part 2
- Tutorial: "How HTTPS Works"
- Reading: "Public-key Cryptography for Non-geeks"
- Reading: "How HTTPS Actually Works"
This task is based to this tutorial by Brandon Toone.
It's time to apply your knowledge about http by writing actual requests. For this we will use popular commad-line tool cURL
. Please find out how to install this tool on your OS.
We will explore GitHub API. GitHub provides JSON-based API where you can get various informations about users, repositories, commits etc.
For better learning experience we suggest that you type the requests yourself instead of copy-pasting them.
Let's start by getting information about you:
curl https://api.github.com/users/<YOUR GitHub NAME>
Add -i
flag, which stands for "include", to see the headers received from server. Find information about unknown headers.
curl -i https://api.github.com/users/<YOUR GitHub NAME>
Let's access a resource which requires authentication. We will request the list of gists user has starred. First, try to access it without credentials and see the result.
curl https://api.github.com/gists/starred
--user
parameter in curl is used for server authentication. You can add user name and password to the request after this parameter. Let's try to use invalid credentials and see the result first. Replace "USERNAME" with your actual GitHub user name.
curl --user "USERNAME:BLABLABLA" https://api.github.com/gists/starred
Now, try the request with correct credentials. By the way, the authentication scheme is called "Basic" (credentials are provided in (every) request directly). Replace "USERNAME" and "PASSWORD" with your actual GitHub user name and password.
curl --user "USERNAME:PASSWORD" https://api.github.com/gists/starred
You can also try to add your user name only.
curl --user "USERNAME" https://api.github.com/gists/starred
In this case you will be prompted to enter your password. This way you will avoid getting your password into command line history.
Additional tasks:
- list repositories of "Kottans" organization. For this task you need to explore GitHub API documentation: https://developer.github.com/v3/guides/getting-started/#repositories
- Create new issue in your repository
Write down all your requests (replace sensitive information like password with "*" symbols)in the repository.
Add answers to the following questions to your repository:
- Name at least three possible negative consequences of not using https.
- Explain the main idea behind public key cryptography in few sentences
- You are creating an application for pet clinic. You need to implement the following functionality:
- add new pet (including name, age, breed, owner's name, medical history)
- search pet by name
- change name of an existing pet
- add new info about pet's health
- assign a pet to a particular doctor in the clinic
- register an appointment for a pet. This request should include info about pet, doctor and appointment date and time.
Choose http verbs for every piece of functionality. If applicable, describe also the way you would provide data to the request (vie query params, in request body etc.). If applicable, describe the response of the server. Explain your choice.
You did lot already! If you honestly finished all the previous steps then go ahead and share it with others – post a message in course channel: Http & Https — #done (or TCP. UDP. Network — #done if you are p2p course student) and add the link to your repo. This step is important, as it helps mentors to track your progress!
When you finish this task you can proceed to the next one.
- Reading: "HTTPS In the Real World"
- Reading: "How SSL/TLS Works"
➡️ Go forward to Design Patterns: Intro