Module 06 - APIs and Web Basics

Reading time: ~10 minutes | Level: Intermediate → Engineering

Before reading further, run this in your head:

import requests

response = requests.get("https://api.github.com/users/python")
print(response.status_code)   # 200
print(response.json()["public_repos"])  # some number

# But what actually happened between those two lines?
# How many network round trips? What headers were sent?
# What is the wire format? What does 200 actually mean?
# What happens if the server is slow? What if the cert is invalid?
# Why did this take 300ms on your machine and 1200ms in CI?

Most developers use HTTP every day without understanding what is happening at the wire level. They reach for requests.get() the way they reach for a calculator - it works, until it does not. When it fails in production (timeouts, SSL errors, retry storms, connection pool exhaustion, rate limiting, malformed JSON), engineers without wire-level understanding are flying blind.

This module changes that.

Why Web APIs Are a Core Engineering Skill

Every production Python system communicates over HTTP - whether it is a Django app calling a payment provider, a data pipeline hitting a REST API, a FastAPI microservice serving mobile clients, or a CLI tool that authenticates with OAuth. HTTP is the lingua franca of modern software.

Understanding HTTP at engineering depth means:

• Diagnosing production failures from first principles, not trial and error
• Designing APIs that are consistent, cacheable, and maintainable
• Writing clients that handle timeouts, retries, and errors correctly
• Building servers that return meaningful status codes and error bodies
• Reading framework documentation with full context, not just copying examples

The engineering standard for this module connects directly to production frameworks: FastAPI (type-safe, async, OpenAPI-native), Django REST Framework (battle-tested, ORM-integrated), and the microservices patterns that run at scale in real production systems.

What You Will Learn

This module covers eight lessons plus two projects:

Lesson 01 - HTTP Deep Dive

The wire format of HTTP/1.1: exactly what bytes travel over the socket when you call requests.get(). Request line, headers, blank line, body. Status code families and what each code signals. Critical request and response headers. Connection management, keep-alive, and connection pooling. The requests library internals: Session, HTTPAdapter, retry logic, timeouts. Introduction to httpx for async-capable HTTP clients. HTTP/2 multiplexing and header compression.

Lesson 02 - REST Principles

Roy Fielding's six architectural constraints and what they mean in practice. The uniform interface: URLs are nouns, HTTP methods are verbs. Choosing the right method for each operation. Status code semantics for REST APIs. Pagination, versioning, and error response formats (RFC 7807). The Richardson Maturity Model - where most production APIs actually sit. OpenAPI / Swagger and why machine-readable API specs matter.

Lesson 03 - Flask

Flask's micro-framework design philosophy and WSGI foundation. The application factory pattern. Request context proxies. Routing, URL converters, and url_for. Request and response objects. Error handlers, Blueprints, and configuration. Testing Flask apps with test_client(). When to choose Flask over heavier frameworks.

Lesson 04 - FastAPI

Type annotations as API contracts. Pydantic model integration for automatic validation. Path, query, and body parameters. Dependency injection. Background tasks. Automatic OpenAPI documentation. Async request handling. When FastAPI outperforms Flask.

Lesson 05 - Request/Response Lifecycle

What happens inside a Python web framework from the moment a TCP packet arrives to the moment a response is sent. WSGI vs ASGI. Middleware stack execution order. How Django, Flask, and FastAPI each implement the same underlying model differently.

Lesson 06 - Middleware

What middleware is, how it is implemented, and when to use it. Request ID injection, authentication checks, rate limiting, response compression, CORS, and request logging - all as middleware. Writing your own ASGI and WSGI middleware.

Lesson 07 - JSON Serialization

Python's json module: dumps, loads, JSONEncoder, JSONDecoder. Custom serialization for datetime, UUID, Decimal, and Enum. Performance: orjson and ujson at benchmark scale. Validation vs serialization - they are different problems.

Lesson 08 - Validation with Pydantic

Pydantic v2 models as the type-safe foundation of FastAPI. Field validators, model validators, computed fields. Serialization modes. Strict vs lax parsing. How Pydantic replaces jsonschema, marshmallow, and cerberus for most use cases.

Projects

Project A - REST API Service

Build a fully functional REST API with FastAPI that demonstrates all module concepts: resource-oriented URL design, HTTP method semantics, Pydantic request/response models, authentication middleware, pagination, RFC 7807 error responses, and OpenAPI documentation.

Project B - Local Deployment Setup

Package and deploy the Project A API: Docker container, environment-based configuration, health check endpoint, graceful shutdown, and docker-compose setup with a database. The production deployment pattern every backend team uses.

Prerequisites

• Python fundamentals: functions, classes, decorators, context managers
• Module 04 - Testing and Quality (especially fixtures and mocking - you will write tests for your Flask and FastAPI endpoints)
• Module 05 - Packaging and Environments (virtual environments, pip, pyproject.toml - you will install framework dependencies)
• Basic terminal comfort: you will run servers locally and send requests with curl or Postman

You do not need prior web development experience. The module builds from first principles.

The Engineering Standard

Every concept in this module is grounded in how production systems actually work:

• FastAPI is the dominant Python API framework in new greenfield projects as of 2025 - it uses Python type annotations as a first-class API contract and auto-generates OpenAPI specifications
• Django REST Framework is the standard for Django-based APIs - battle-tested at companies running millions of requests per day
• Microservices run over HTTP; understanding the wire format, connection pooling, and error semantics is the difference between a resilient service and one that takes down its dependencies during a partial outage
• Rate limiting, retries, and circuit breakers are not advanced topics - they are the baseline for any client that calls an external API in production

:::tip Start With the Wire The most productive way to go through this module is to start with Lesson 01 and understand HTTP at the wire level before touching any framework. Frameworks hide the wire - but when they misbehave, you debug at the wire. Every hour spent understanding raw HTTP saves ten hours debugging framework magic. :::

:::note This Module Uses Both Sync and Async Python Flask is synchronous. FastAPI is primarily async. You will write both def and async def view functions. If you are not yet comfortable with async/await, Lesson 04 introduces it in context - or revisit Module 08 (Concurrency) for the full foundation. :::

How to Follow Along

Every lesson includes runnable code. Set up your environment once:

python -m venv .venv
source .venv/bin/activate          # Windows: .venv\Scripts\activate

pip install requests httpx flask fastapi uvicorn pydantic
pip install pytest pytest-mock httpretty responses

Start a local test server for HTTP experiments:

# httpbin - a free HTTP testing service; also available locally
pip install httpbin gunicorn
gunicorn httpbin:app --bind 0.0.0.0:8080

Or use the public instance at https://httpbin.org for the HTTP Deep Dive examples.

Key Takeaways

• HTTP is the wire format that every Python web system runs on - understanding it from first principles makes framework knowledge durable
• This module covers the full stack: HTTP mechanics, REST design, Flask, FastAPI, middleware, JSON, and Pydantic
• Two projects apply the material end-to-end: a REST API service and a local deployment setup
• Prerequisites are Python fundamentals, basic testing knowledge, and environment management - no prior web experience required
• The engineering standard connects directly to FastAPI, Django REST Framework, and microservices production patterns

What's Next

Lesson 01 opens at the socket level - a raw HTTP request sent with Python's socket module, no library. You will see every byte that requests.get() sends and receives, understand exactly what 200 OK means at the protocol level, and build the wire-level intuition that makes every HTTP library and framework transparent.