Appendix B: API Suggestions

This book includes several sections dedicated to using third-party APIs in order to have access to dynamic data that is useful to a user. There are many APIs in the world, but not all of them are easy to use or friendly towards JavaScript applications. Some APIs require complex authentication in order to use them which is beyond the scope of this book. Other APIs are designed only to be used by certain types of systems and might cause issues when used with a JavaScript application in the browser.

The following APIs have been reviewed for use with the kinds of code we cover in this book. They should provide decent fodder for experimentation and minimal barriers to entry.

No API Key Required

• JSON Placeholder API
• Datamuse Word API
• Star Wars API
• Pokémon API
• Yes/No API
• iTunes Search API
• Sunrise/Sunset API
• Random (fake) User Data API
• Game of Thrones API
• Location of International Space Station API
• Number of People in Space API

API Key Required

• Soundcloud API
• Open Weather Map API
• Flickr API
• Open Movie Database API
• Google Books API
• Spotify API
• The Movie Database API

Cross-Origin Proxies

Some of the APIs listed here do not allow direct requests from JavaScript due to Cross-Origin Resource Sharing (CORS) restrictions. CORS is a concept that keeps browsers more secure by limiting the ways that JavaScript can communicate with third-party servers, possibly without the user's knowledge. Some APIs allow developers to configure the domain their apps are hosted on, which then allows the API service to provide the correct CORS headers to allow communication directly through the API. Other API services, such as the Datamuse service, allow all domains to access their server, so there is no need to fuss with domain configurations.

When attempting to use an API that does not allow domain configurations necessary for CORS to allow the API requests, it is necessary to use a "cross-origin proxy." These proxies use a server-based application to pass requests through to the API service and then relay responses back to the user's browser. There are two cross-origin proxies we suggest for new developers attempting to experiment with APIs using JavaScript:

• Crossorigin.me
• Rashrewind.com

Either of these proxies will work in most cases, although they do function slightly differently, so some situations may warrant choosing one over the other. These proxies will only allow GET requests, so it is impossible to use some features of some APIs that require POST or PUT requests. In order to protect the security of our user's data, we should never send sensitive or confidential information through these public proxies.

The list of APIs above was largely drawn from Terence Eden's list here.