Lesson 36 โข Advanced
REST API Clients & External Service Integrations
Master building robust API clients, handling authentication, retries, pagination, webhooks, and async operations for production-grade integrations
What You'll Learn
- Understanding REST APIs and HTTP methods
- Building reusable API client classes
- Error handling, timeouts, and retry logic
- Authentication strategies (Bearer tokens, OAuth2, API keys)
- Async API clients with aiohttp for high concurrency
- Response validation with Pydantic
- Pagination patterns (offset, cursor, token-based)
- File uploads and downloads
- Webhook handling and signature verification
- Rate limiting and circuit breaker patterns
What Is a REST API Client?
A REST API client is code that sends HTTP requests to external services and receives structured responses. Every modern application integrates with external APIs for payments, data, AI, authentication, and more.
| Concept | Real-World Analogy | What It Does |
|---|---|---|
| GET Request | Reading a menu | Fetches data without changing anything |
| POST Request | Placing an order | Creates new data on the server |
| PUT/PATCH Request | Modifying your order | Updates existing data |
| DELETE Request | Canceling your order | Removes data from the server |
| Headers | Your membership card | Passes authentication and metadata |
Core Capabilities
- HTTP methods: GET, POST, PUT, PATCH, DELETE
- Query parameters and JSON request bodies
- Headers and authentication
- Timeouts and error handling
- Automatic retries with exponential backoff
- Rate limiting and caching
Common Use Cases
- Payment processing (Stripe, PayPal)
- Social media integrations (Twitter, LinkedIn)
- AI APIs (OpenAI, Anthropic)
- Cloud services (AWS, GCP, Azure)
- Microservice communication
- Analytics and monitoring
HTTP Methods Overview
GET - Retrieve Data
Fetch resources without side effects. Safe and idempotent.
GET /users/12POST - Create Resources
Submit data to create new resources.
POST /ordersPUT/PATCH - Update
Modify existing resources. PUT replaces, PATCH updates partially.
PUT /users/12DELETE - Remove
Delete resources.
DELETE /posts/88The Requests Library
requests is Python's most popular HTTP library. Simple, elegant, and widely used.
Installation
pip install requestsKey Features
- Clean API for all HTTP methods
- Automatic JSON encoding/decoding
- Session objects for connection pooling
- Cookie persistence
- SSL verification
- File uploads and downloads
Building Reusable API Clients
Instead of scattering API calls throughout your codebase, create a dedicated client class that centralizes:
- Base URL configuration
- Authentication headers
- Common request patterns
- Error handling
- Connection pooling via sessions
This pattern is used by every major Python SDK (Stripe, OpenAI, AWS, etc.).
Error Handling & Retries
Types of Failures
- Network errors - Connection failures, DNS issues
- Timeouts - Server doesn't respond in time
- 4xx errors - Client errors (bad request, unauthorized)
- 5xx errors - Server errors (should retry)
- 429 - Rate limiting (wait and retry)
Retry Strategy
Best practices for retries:
- Use exponential backoff: 1s, 2s, 4s, 8s...
- Add jitter (randomness) to prevent thundering herd
- Limit max retry attempts (typically 3-5)
- Only retry safe operations (GET, not POST)
- Respect Retry-After headers
Authentication Strategies
Bearer Tokens
Most common for modern APIs:
Authorization: Bearer YOUR_TOKENAPI Keys
Simple key-based authentication:
X-API-Key: 123abc456defOAuth 2.0
Standard for user-authorized access:
- Access tokens (short-lived)
- Refresh tokens (long-lived)
- Automatic token refresh on expiry
Async API Clients with aiohttp
For high-performance applications that need to make many concurrent API calls, async clients are essential.
Benefits of Async
- Handle thousands of concurrent requests
- Non-blocking I/O operations
- Better resource utilization
- Essential for web servers and background workers
Installation
pip install aiohttpUse Cases
- Web scraping at scale
- Batch API processing
- Microservice communication
- Real-time data aggregation
Pagination Patterns
Offset-Based Pagination
Traditional SQL-style pagination:
GET /users?offset=0&limit=100Simple but can be inefficient for large datasets.
Cursor-Based Pagination
More efficient for large data:
GET /items?cursor=abc123Used by Facebook, Twitter, and modern APIs.
Token-Based Pagination
Returns next page token:
{"next_page_token": "XYZ"}Used by Google APIs, YouTube, Shopify.
Webhooks & Security
What Are Webhooks?
Webhooks are reverse APIs - the external service calls your endpoint when events occur.
- Stripe โ payment succeeded
- GitHub โ new commit pushed
- Twilio โ message received
HMAC Signature Verification
Always verify webhook signatures to prevent fake requests:
- Compute HMAC of request body
- Compare with received signature
- Use constant-time comparison
- Reject invalid signatures immediately
Rate Limiting & Circuit Breakers
Rate Limiting
Prevent exceeding API quotas by implementing client-side rate limiting:
- Token bucket algorithm
- Sliding window counters
- Respect server rate limit headers
- Queue requests when limit reached
Circuit Breaker Pattern
Prevent cascading failures when external services are down:
- Closed - Normal operation
- Open - Service considered down, fail fast
- Half-Open - Test if service recovered
Response Validation with Pydantic
External APIs can return inconsistent data. Use Pydantic to validate and transform responses:
- Catch missing or renamed fields immediately
- Automatic type conversion
- Custom validators for business rules
- Generate JSON schemas automatically
- Prevent downstream errors from bad data
This is critical for production systems that depend on external data.
File Operations
Uploading Files
Use multipart/form-data for file uploads. Key considerations:
- Open files in binary mode
- Set appropriate timeouts
- Handle upload progress for large files
- Implement chunked uploads for reliability
Downloading Files
NEVER load entire files into memory. Use streaming:
- Use
stream=Trueparameter - Process chunks incrementally
- Prevents memory exhaustion
- Essential for videos, datasets, archives
Professional SDK Structure
Well-designed API clients follow this structure:
client/
__init__.py
core/
http_client.py # Base HTTP operations
auth.py # Authentication handlers
errors.py # Custom exceptions
pagination.py # Pagination helpers
rate_limit.py # Rate limiting
resources/
users.py # User endpoints
orders.py # Order endpoints
payments.py # Payment endpoints
hooks/
middleware.py # Request/response middleware
utils/
logging.py # Logging utilities
models.py # Pydantic models
validators.py # Custom validatorsThis separation makes the codebase maintainable, testable, and extensible.
Best Practices Summary
โ Always Do
- Set timeouts on every request
- Implement retry logic with exponential backoff
- Validate responses with Pydantic
- Use session objects for connection pooling
- Log all API interactions
- Handle rate limits gracefully
- Verify webhook signatures
- Store secrets in environment variables
โ Never Do
- Make requests without timeouts
- Retry without backoff
- Trust external data without validation
- Load large files entirely into memory
- Hardcode API keys in source code
- Ignore pagination
- Skip error handling
Complete REST API Client Examples
Try the full API client implementation with error handling, retries, pagination, async operations, and more
# REST API Client Examples
# ============================================
# 1. BASIC REQUESTS LIBRARY USAGE
# ============================================
import requests
import time
from typing import Optional, Dict, Any
# Simple GET request
def get_user(user_id: int):
response = requests.get(f"https://api.example.com/users/{user_id}")
return response.json()
# POST with JSON body
def create_user(username: str, email: str):
payload = {"username": username, "email": email}
res
...Key Takeaways
- REST API clients bridge your application with external services
- Always implement timeouts, retries, and proper error handling
- Use reusable client classes to centralize API logic
- Async clients enable high-performance concurrent operations
- Validate responses to prevent downstream failures
- Implement rate limiting and circuit breakers for resilience
- Verify webhook signatures to ensure security
- Follow professional SDK patterns for maintainable code
๐ Quick Reference โ REST API Clients
| Syntax | What it does |
|---|---|
| requests.get(url, timeout=5) | Make a GET request with timeout |
| requests.post(url, json=data) | POST JSON body |
| response.raise_for_status() | Raise exception on 4xx/5xx |
| requests.Session() | Reuse connection pool and headers |
| httpx.AsyncClient() | Async HTTP client |
๐ Great work! You've completed this lesson.
You can now build robust API clients with auth, retry logic, rate limiting, and async support for high-performance integrations.
Up next: DevOps Automation โ use Python to automate infrastructure, deployments, and CI/CD tasks.
Sign up for free to track which lessons you've completed and get learning reminders.