Today we will view basic authentication in our API.

So far we've been using the API after signing into the website but what if someone wants to access the API via a mobile device or using the curl command.

Let us try to use the curl command on the APIs current todos page (http://127.0.0.1:8000/api/todos/).

The command to use is curl http://127.0.0.1:8000/api/todos/

You should see something like the below:

It basically says that we are not authenticated to be able to view todo objects, which is great security because we don't want other users to be able to view todo objects of other users.

You could use basic authentication passing the username and password as string with the url as follows:

curl http://127.0.0.1:8000/api/todos/ -u 'saurav:abc123'

However, if we try to access the todo objects we would have to pass it as json in our api which is a very tedious process.

In the next article we will talk about allowing the user to sign up via our API.

• You can view the entire code on my github profile.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

Today we will add the ability to be able to complete the todos using the API.

So first we start by creating an url for the completed todos page.

so the final url should look like http://127.0.0.1:8000/api/todos/5/complete

Now lets add its respective view as well:

Notice that we create a new serializer TodoCompleteSerializer for this, which we will create after we are done with the views:

Also notice that we have created a new function called perform_update, what it does is puts the datecompleted as the time now, so you have to import timezone from django utils using the command from django.utils import timezone

Note that we already have datecompleted in our database so we just use its instance.

Now that we are done with our views, lets create that serializer we were talking about earlier; TodoCompleteSerializer

Why do we need a new serializer?

It's because we want all of the fields to be read-only fields except the id which we will still include in the fields.

And since we want clean code its better to create two separate functions for two separate functions.

Don't forget to import this serializer using the command from .serializers import TodoCompleteSerializer in your views.py file.

Once all of this is done, we can go to the link:

http://127.0.0.1:8000/api/todos/5/complete

Notice the ids, although there are 2 todos left, there ids would not necessarily be 1 and 2, so make sure you check the id before entering it in the url.

You should see the following page.

The great thing about Django REST Framework is that it tells you exactly what needs to be done.

In this specific case, it says "detail": "Method \"GET\" not allowed." and only PUT, PATCH, OPTIONS is allowed. This means that GET is not allowed and we would have to use PUT. So just click on the PUT button at bottom right.

You should see the below which means it went through.

You can check that by going to the API main page (http://127.0.0.1:8000/api/todos/) where it lists all current todos.

and the #### completed todos:

This is what you would see if you go through the app:

Current Todos

Completed Todos

Congratulations! You just added a function to complete the todos using the APIs. Great Job!

Next we will see how to add basic authentication in our app.

• You can view the entire code on my github profile.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

Today we will add the basic functionality of CRUD (Create, Read, Update, Delete) in our API view.

First, let's add the option to create new todo using API.

For that we need to add the new url to the urls.py file of api folder.

Follow along with me as below:

Add the following to the views.py file.

Notice we use the same class as class TodoCompletedList. Instead of using the ListAPIView from generics we use the ListCreateAPIView because we want to create a todo using the api.

We make sure we use the TodoSerializer and permission class is to be authenticated because we want to make sure only authorized users have the ability to create todos.

We also define a create function to make sure it saves the todo under the user that is logged in.

The following is what you would see when you run the server and visit the link http://127.0.0.1:8000/api/todos/

You can add a todo using the tabs below in the window.

You'd be able to see all the todos if you use the link http://127.0.0.1:8000/api/todos/

If you would go to the main app, you would be able to see the todo that you added using the api.

In the next article, we will see how we can use the api to complete the todos.

• You can view the entire code on my github profile.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

Today we will list out the completed Todos in our API view.

Add the below to the urls.py file that you created in the api folder.

The final address would be http://127.0.0.1:8000/api/todos/completed

The view (TodoCompletedList) that you see in the urls.py is what we'll create next in the views.py file.

We need to create a serializer.py file to map the serializer class to the serializer.py file.

Notice that we have added permission_class in the TodoCompletedList class as well. That is to make sure that only the authenticated users can view the completed todos.

We have defined the get_queryset to make sure we get only the data that we want returned. Make sure you use the exact function get_queryset because it is Django REST framework specific.

Also notice that we're returning the same todo objects as we did in out todo.views.

Notice in the TodoSerializer class, we have created and datecompleted as read-only field because we don't want users to be able to change those fields.

We have a meta class, where we add the models to retrieve the fields from. We have taken the fields from the todo.models. We do not need to retrieve user field because only authorized users can access the list so no sense displaying that again.

So, now if you go to http://127.0.0.1:8000/api/todos/completed, the following is what you should get. (Make sure the server is running before accessing the API using the command python manage.py runserver)

Congratulations! You've successfully listed the completed todos using API. It must feel awesome to have achieved that. In the next article, we will add the basic CRUD (Create, Read, Update, Delete) functionality in the API.

• You can view the entire code on my github profile.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

We'll use a to-do app that is created using the Django web framework. You can find the link to the code here. You can fork the code from there and use it to follow along with me.

As you can see the app already had the folders todo and todowoo folders in it. We add the api folder by using the command

python manage.py startapp api

also make sure you have the Django REST Framework by using the command

pip3 install djangorestframework

Now that we've added certain new things, let's add it to the settings.py of our main project todowoo

Add 'api', 'restframework', as shown below. (todo would already be present)

After we've done this, let's add the api urls in urls.py

We'll have to create new urls.py for that in the api folder.

Once we're done creating the file, we can go back to adding the following path to the urls.py of our todowoo folder.

What it basically means is that every url for api is to be fetched will end in "/api" and we will be including in the urls.py for the api folder.

We'll be adding the urls in the next article. Stay tuned for that.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

Now for whatever reason, if the user wants to delete his post he should be able to. Let's give him that ability.

We need an url for that, so we go to the urls.py file and add the url

path('api/posts/<int:pk>', views.PostRetrieveDestroy.as_view()),

Notice the new view, PostRetrieveDestroyView which we have not defined yet. We will do that in the views.py next.

You can read about PostRetrieveDestroyView here, and if you go through the documentation you'll also notive there's another view RetrieveUpdateDestroyAPIView which might seem more suitable for this. Basically PostRetrieveDestroyView gives you an option to view and delete a post and RetrieveUpdateDestroyAPIView gives you an option to view, update and delete functionality. As you know on Reddit, you cannot edit posts, you have delete your post and create another one. Twitter follows the same, it's because if you create a sensible post that becomes viral, you would have the ability to edit the post to be something unsavory.

Now, we add the PostRetrieveDestroyView, you can use RetrieveUpdateDestroyAPIView as well if you want the users to be able to edit their posts.

Since it is Post, we can use the same options in class PostRetrieveDestroy as we had in class PostList

Now if you save this and refresh the webpage, this works. But there is a caveat, let me show you:

These are the current posts we have, as you can see we have 3 posts and we are logged in as the user Saurav.

What if I want to delete the 2nd post, let's try deleting it.

We'll use the url http://localhost:8000/api/posts/3

Notice the ID for the post is '3', although the post is 2nd. Be careful with the IDs, they should be the one in url and not the post number.

Now click on delete, it will ask if you absolutely want to delete the post. Click on delete.

Now if you go to the main page with all the posts, you should see only two posts.

Let's login as the other user we created(gaurav) and try to delete a post created by him.

If you come to the main page now and refresh, you should be able to see all the posts created by Saurav and Gaurav on the same page.

Let's try to delete the post we just created using Gaurav's ID.

Notice Gaurav's post ID is 8, make sure you put the correct ID in the url. The url should be http://localhost:8000/api/posts/8

Now, click on delete and voilà!

The post is successfully deleted, you can check on the homepage as well.

So it is successful, we can delete the post. and it works for all users as well.

Something that is an issue is if you try to delete another user's post. Let's say Gaurav wants to delete a post Saurav created. What would happen?

Gaurav wants to delete the 3rd post by Saurav. Let's see if he can delete. What do you think should happen?

It got deleted!

There's only one post that remains now.

Why do you think Gaurav was able to delete Saurav's post?

Think, we've already covered this.

Gaurav is able to delete Saurav's post is because although we've set the permission as "Authenticated or Readonly". Which means to delete the post you need to be authenticated, or you have only read access. We do not check if the user that is making the delete request is the same as the one currently logged in.

Let's fix that!

Add a delete function for the PostRetrieveDestroy class.

It is very straightforward, you define a post variable where you assign the primary key to that of the post and the poster to be the user making the request. If post exists, meaning the user logged in is the user that has created the post with the id, then we invoke the destroy function, else we raise a validation error.

To test this works, I've created a new post logged in as user Gaurav, now let's try to delete it logged in as Saurav.

The id for the post is 9, so the url should be http://localhost:8000/api/posts/9

Let's try to delete that post.

Look at that! It is working perfectly now. It crosschecks the user that is logged in with the user that is making the request.

How awesome is that? Congratulations! You have successfully created a basic reddit clone.

Next, we will add an API to an existing project.

You can create a completely different class based view that uses DestroyAPIView But there is a much simpler way to do that. We can use Mixin to add a function that will implement the delete functionality for us.

So we start by importing Mixins.

from rest_framework import generics,permissions, mixins

Add mixins.DestroyModelMixin in class VoteCreate(generics.CreateAPIView, mixins.DestroyModelMixin):

then create a new delete method, follow the code below with its explanation in inline comments.

Note we use Response() object and status so don't forget to import that using the command. You can import status on the same line as mixins as they are both a part of the rest_framework.

from rest_framework.response import Response from rest_framework import generics,permissions, mixins, status

So now if you refresh your web page you should see something like this:

You got a nifty button to delete the vote!

When you click on it, it asks if you want to delete the vote.

When you click yes, It deletes your vote, and if you try to delete the vote again it says "You did not vote for this post yet". Just as we programmed it to say.

Now just because you voted for a post once, and deleted the vote does not mean you would not be able to vote for the same post again.

If you vote on a post again it will give a HTTP 201 Created status and also display the vote id.

Let's see if the code breaks if you try to vote again for the same post.

No! it doesn't break. It's working as expected.

But if you go to the full api list you can't see the total number of votes each post has got. Let's fix that!

Add the following code:

Add votes = serializers.SerializerMethodField() in PostSerializer class. Make sure you add votes in the fields of Meta class and create function get_votes

def get_votes(self, post):
    return Vote.objects.filter(post=post).count()

After you've done this, if you refresh the page you should see a new field called 'votes' with the total votes.

If you want to make sure it's working you can try to create a new user, logging in as that user and voting on a post.

You can create a new user from the Django admin panel.

But if you see the webpage, we don't have an option to logout and login as another user.

And if you try to login through the admin panel, it won't let you in as the account we created is not an admin account.

So what we can do is we can add a login feature to our API. It's a nifty feature of Django REST framework.

We just need to add the following path in the urls.py file:

path('api-auth', include('rest_framework.urls')),

And if you refresh the webpage you would be able to see a login button.

Now, click on login and login as the new user.

And try to upvote the post as gaurav, you shall she the below:

Now if you try to upvote the same post again you would receive the ValidationError that we created, so the code works perfectly.

Now let's go to the admin panel to check if the data is properly added to the database. We can see our new users upvote.

So, if we're going to have an API to create a vote, first we need to have a serializer for that vote. Just like we created for the Post.

Go to serializers.py and enter the code as following :

Also remember to import Vote from models using the command from .models import Post, Vote

Now, lets move over to our urls.py to see how someone is going to be able to vote for a particular post.

We need the following:

The is what the id of the posts would be. For example: if it is the 1st post then it would be 1, the url would be api/posts/1/vote Since we have multiple posts we can't just define it as 1 in the program.

The view VoteCreate is what we will create next so let's go to the views.py file.

Also don't forget to import Vote from models and VoteSerializer from serializer using the command:

from .models import Post, Vote
from .serializers import PostSerializer, VoteSerializer

So if you now try to upvote the 1st post using the url http://localhost:8000/api/posts/1/vote You should see the following:

But if you click on post to register the post then we get the following error:

We get this error because it has to know what user it has to be able to save this for. So we would need to do the same as we did with Post (the function perform_create)

After we add that and try to reload the page again and try to vote, this is what we get:

Voilà, we can now vote!

However, there is a catch!

If you click post multiple times it takes those as valid votes. But we have to restrict that. We can't have multiple votes from a single user.

So we need to check if the user has already voted for a post and we can do that by using the get_queryset function that we created.

We just need to add the following condition in the perform create function:

if self.get_queryset().exists():
    raise ValidationError('You have already upvoted this')

Also don't forget to import the Validation Error using

from rest_framework.exceptions import ValidationError

If you refresh the webpage and try to vote again, you should see the following:

Congratulations! this was a big step towards creating our API, In the next article we will create a new user and check if he can upvote the post. So far, we've been using the superuser that we created at the beginning to test our API.

All you have to do is change the instance method from ListAPIView to ListCreateAPIView in views.py as we want to not only want to view the posts but also create them.

Now if you refresh the browser window, then you should see the following:

You can now add posts through the form generated on the page.

Now if you refresh the page, you would be able to see both the posts that you've added.

Now, you might think that's all we had to do to create posts via the API but that's not true. There's more.

When you try to create a Post using the json data and do not put the poster name, it shows that it cannot be null. Ideally the user should not get an option to select the poster. It should be the logged in user.

That's what we're going to change next by making the poster field read-only in the serializer file.

Notice that we also added the poster_id to the fields in class Meta.

Now if we refresh our browser window then we'll notice that there is no poster field in both the HTML form and the json field.

But when we try to fill the data and try to create the post we get the following error saying someone has to be the poster.

So what we can do to solve this error is to override a function just before the API is trying to save the data in the database.

We need to make the following changes in views.py

Now if you refresh and enter the details for the new post, notice it now has a poster and a poster_id field that we just created.

We are able to perform these functions because we are logged in as the user. If we copy the url http://localhost:8000/api/posts and post it in another browser and try to create a post it would give the following error:

Which basically means that we don't have permission to call the API because we are not authenticated. We need to set that in the views.py file.

Notice that we had to import permissions from rest framework and the instance of the permissions class is 'IsAuthenticatedOrReadonly` which basically means that if you're logged in you can create new post else you can only view the posts, just like reddit.

So, in a browser where you're not logged in you can still view the posts but not create new ones.

But in a browser where you're logged in you can do both.

In the next article, we will write code on how to upvote a particular post. Stay tuned!

Part 1 : Creating Python APIs - The Django REST framework : Basics[1/n]

Part 2 : Creating Python APIs - The Django REST framework. Building a Reddit clone - Models.[2/n]

Part 3 : Creating Python APIs - The Django REST framework. Building a Reddit clone - Serializers.[3/n]

Now that we've made our 1st ever API call, we need to add some data in the database to display through the API.

The simplest method is creating a superuser and adding posts via the admin panel.

Before creating a superuser make sure we migrate every changes we've made to the model using the command python manage.py migrate

Now we can create a superuser using the command python manage.py createsuperuser

Now that you've created a superuser as well, before accessing the admin panel you need to register our class. We do that in the admin.py file. If we don't register our classes and start the server to access the admin panel we'd see the below:

You need to add the following to register the classes we've created:

After you've successfully registered the classes run the server using the command python manage.py runserver then type the url http://localhost:8000/admin/ as we need to add posts using the admin panel.

You should see the panel as below:

Notice you have both the posts and votes in the panel.

Since our API displays the posts, let's create a new post:

Now refresh the page with url http://localhost:8000/api/posts and you should see the following:

The first post that you created!

When you display the data on the browser it displays it very neatly in a nice webpage. You can also view the json data on your terminal using the curl command.

You can do this by running the server on one terminal window and running the command curl http://localhost:8000/api/posts in another terminal window.

You should see the following:

This is the same data as we viewed on the webpage when we run the url http://localhost:8000/api/posts in the browser, but in json format.

Bonus:

If you want to change the name in the admin panel from "Post Object 1" to displaying the title name, add the following code in the Post class in models.py.

def __str__(self):
    return self.title

Then refresh the page and you should see the following:

Part 1 : Creating Python APIs - The Django REST framework : Basics[1/n]

Part 2 : Creating Python APIs - The Django REST framework. Building a Reddit clone - Models.[2/n]

So in the last part, we created a model. Now it's time to start building the API. There are two ways of going about that:

A) You can create the API from scratch.

OR

B) You can use the Django REST framework which does all the heavy lifting for us.

You could not go wrong with either of the two but using the first option, although as enticing as it sounds can get very complicated very fast.

I want to make understanding APIs easier so I'll be using the second method and I promise it'll leave you hooked. Once you get an idea how API works and what you can do with it you can get your hands dirty with the 1st option.

You can read about the Django REST framework here: It is very well documented and very beginner friendly.

There are wonderful tutorials to get you acquainted with the framework. Do give it a read.

So now we'll install the framework using the pip command in our terminal/command prompt:

pip install djangorestframework

Remember the word djangorestframework is all one word with no spaces

After we've successfully installed Django REST framework, now it's time to add it into our project.

We need to add rest_framework under the Installed apps in settings.py as below:

Now you might be curious about why is it called Django REST framework.

So REST API is an API that follows a certain standard. It has it's own architectural style which you can read about here.

Now that we're done with this, lets talk about serializers.

What are serializers?

Serializers are a way to be the middleman between the models and the APIs. So it basically converts the Django models into json objects and vice versa.

We'll create a new file in our posts app called the serializers.py (You can name this anything you want but this name is what the REST framework suggests)

The explanation of what each line does is inline in the comments:

After this is done, save this and now we will create API urls. So we will begin by adding new path in the urls.py file as below:

Now, you might be confused as to what the views.PostList.as_view() mean as we don't have that view yet. Don't worry, we will create that view next.

You can read more about Generic views that we imported in views here

This is all we need for our very first API call.

Now run the server and if you go to http://127.0.0.1:8000/ you'd see the following screen.

But don't worry that's completely normal, since we created a url for api/posts, so if you edit the url to display http://127.0.0.1:8000/api/posts You should see the following screen.

Congratulations! You just made your first API call, although this might not look like much but this is a massive step. The reason it doesn't show any data because we don't have anything saved in the database yet.

In the next posts we'll diver deeper into adding and displaying more information.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

This is the 2nd part of the Creating Python API series, If you haven't read the 1st article go read about it here.

Let's begin!

I believe the best way to learn is by doing so we're going to be making our own reddit clone in this article.

We'll not be making a full fledged Reddit clone with all its features, rather we will be making a simpler version of it. We will create a service where people post links and upvote them using Django and making an API for it.

Creating the Django app

A) Open your terminal and go to your desktop (or any preferred location where you want to save the project).

Use the command: cd Desktop

B) Create the project using the command: django-admin startproject reddit

I used reddit, you can name the app anything you like.

I later change the project name manually from reddit to reddit-project because it makes it easier to distinguish the top level folder.

C) You can check if it has all been created properly by using the command: python manage.py runserver (It can be Python/Python3 depending on the version of Python you have installed on your computer. I have only Python3 installed so even if I use Python it knows I mean Python3. If you have both the versions installed you would need to explicitly specify the python version).

You should see the following in your terminal.

And the following in your browser.

This means we've followed the steps correctly, now we can move on to create the Posts app.

D) Since we will be having posts in our service we need to create a Posts app by running the command: python manage.py startapp posts

Open the folder using your favorite code editor - I use vscode. You'd see the following folder structure.

E) After creating the posts app, add it in the settings.py under installed apps as below:

F) Then go to the models.py and type the following code:

Explanation of each line is under the line in the comments.

G) After creating the model we need to migrate the model by using the command (Remember to always migrate the model after you make any changes to it )

python manage.py makemigrations

You should see the following:

which means there was no error in making migrations. We can successfully migrate now using the command python manage.py migrate

You should see the following:

This updates the database for us. This was a very big first step to get the project started but we have a strong foundation now and we can start building this thing.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

What is an API?

I'm not going to be talking about the technical definition here, you can find that on Wikipedia.

What I'm going to talk about however is what APIs are in real life, where they are used and why they are important? For example, when you're developing MAC or iOS apps, there is an API that connects with the OS, we're not discussing that.

We are going to talk about Web APIs.

So why are APIs important?

Let's say you want to scrape Twitter and display the trending topics on your website. This will work but will be inefficient because it depends on the website and its items not changing. So if twitter decides to move the trending tab's position then your scraper will break.

The correct way to deal with this is to use the Twitter API. For example, if you're trying to get tweet timelines then the request would be something like -

GET https://api.twitter.com/1.1/statuses/home_timeline.json

and the response would be something like this -

  "created_at": "Wed Oct 10 20:19:24 +0000 2018",  "id": 1050118621198921728,`
  "id_str": "1050118621198921728",
  "text": "To make room for more expression, we will now count all emojis as equal—including those with gender‍‍‍ and skin t… https://t.co/MkGjXf9aXm",
  "truncated": true,
  "entities": {
    "hashtags": [],
    "symbols": [],
    "user_mentions": [], ...

The response will be in .json(JavaScript object notation) format and will be much bigger than this but you get the gist.

There are other ways to display the data as well, like CSVs and XML format files but Json is so widely used it is the standard now.

The Json file basically says that this is how the data will be received. The 'h' in 'hashtags' won't change from 'h' to 'H'. It would remain constant. The Json file is the machine code and will be in the background. You will see the Twitter timeline and not the code behind it.

Where are APIs used?

1. Lets say you have a website and you want to make an app, API is the way to do it.
2. If you want to display the weather data on your website then you can use the API of a broadcasting site and use it in your website to display the weather. So that adds additional functionality to your website.
3. You can use the Google Maps API to embed a map in your website.

and many more.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

This is the 1st article of creating Python APIs series, stay tuned for the remaining blog posts. We will at make an API and implement it in one of the apps we made using Django!

Why should you hide your API keys?

If you are working on a project and want to make the code public (on GitHub) then it's very important that you hide the secret API key before pushing it to GitHub.

Your API keys are like your passwords that you shouldn't tell anyone because using your API keys they would be able to control your website and make changes to it or worse, delete it.

I'll show you a simple way of hiding it using Django.

You need the following 3 files:

A) config.py - This is where we will store our Key.

B) settings.py - Where the key originally is. (it might differ for you based on the stack you're using)

We need to import the config from the folder which is reddit using the command from reddit import config and then for the secret we can access it using the command config.SECRET_KEY

Remember, this is case sensitive and will not work if the cases don't match exactly. And remember to import from the correct folder.

C) .gitignore - This is a very crucial file, this is where we add the files, folders that we want to exclude from being uploaded to GitHub.

There are a lot of other files, folders that you can include depending on the language you're using as the editor and stack you use may create residual files. Check out gitignore.io where you can specify the language you're using and it generates the .gitignore file for you which you can paste in your project files. How awesome is that?

This is a raw file so you can easily copy paste the details in your own .gitignore file.

Did I mention it is opensource? So you can tinker with the website and make it your own. You can also add/edit the templates. Go try it out!

After you're done with the above steps, now it's time to add all the modifications using git add -A

You'll notice the files, folders that you added in .gitignore file is not in the list of files that is added. .gitignore file however will be added and that's completely safe.

Commit the changes and push the code on GitHub!

Give yourself a pat on the back because you just secured your project. Great job!

p.s. I am aware of the another method of environment variables but I believe the above method is the most efficient, so I explained only about this one. Let me know if you're interested in learning more about using the environment variables to hide your API keys and I shall deliver.

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

Image from CultureGeek

Why create a Python Virtual Environment (venv) ?

Using the Python venv module, you can create an isolated environment to test different combination of packages without it affecting the main installation.

You can have different combinations of packages for different projects in your virtual environment without having to install it on the main system

Additionally, you won't need administrator permissions to install those packages.

Since version 3.3, Python comes with venv installed. So you won't need to install it manually. If however for some reason you do not have venv installed, you can install it using the following command :

pip install virtualenv

Creating the virtual environment.

You must specify a path where you want to create a virtual environment. For example, you can create one in your local directory using the command:

virtualenv my_env

You can use any name you want for your virtual environment instead of the name 'my_env'

Activating the virtual environment.

Just creating the environment is not enough, you need to activate it to use it. You can activate it by running the command:

For Windows

my_env\Scripts\activate

For MacOS/Linux

source my_env/bin/activate

Upon successful activation you would see the name of your environment in brackets before the path in terminal like this:

(my_env) C:\Users\Saurav\projects\blog>

Deactivating the virtual environment.

It is recommended to always deactivate the virtual environment when you done. You can do that using the command:

deactivate

Provided you are in the activated virtual environment, the above command will deactivate it.

Congratulations! You just created a Virtual Environment for your python packages. Explore and experiment away!

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

I'm learning ethical hacking and practicing in Kali, Maybe you're doing the same or maybe you're just trying Linux. While installing a package (netfilterqueue in my case) you encountered this error, How do you go around solving it?

Let me tell you how I solved it.

You followed the steps you use when installing a package:

• Open Terminal and type
  pip install netfilterqueue for Python 2
  pip3 install netfilterqueue for Python 3
  and you receive the following error:

Collecting netfilterqueue
  Using cached NetfilterQueue-0.8.1.tar.gz (58 kB)
Using legacy 'setup.py install' for netfilterqueue, since package 'wheel' is not installed.
Installing collected packages: netfilterqueue
    Running setup.py install for netfilterqueue: started
    Running setup.py install for netfilterqueue: finished with status 'error'

DEPRECATION: The -b/--build/--build-dir/--build-directory option is deprecated. pip 20.3 will remove support for this functionality. A possible replacement is use the TMPDIR/TEMP/TMP environment variable, possibly combined with --no-clean. You can find discussion regarding this at https://github.com/pypa/pip/issues/8333.
    ERROR: Command errored out with exit status 1:
     command: /root/PycharmProjects/net_cut/venv/bin/python -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pycharm-packaging/netfilterqueue/setup.py'"'"'; __file__='"'"'/tmp/pycharm-packaging/netfilterqueue/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-nzfnyzkz/install-record.txt --single-version-externally-managed --compile --install-headers /root/PycharmProjects/net_cut/venv/include/site/python3.8/netfilterqueue
         cwd: /tmp/pycharm-packaging/netfilterqueue/
    Complete output (114 lines):
    running install
    running build
    running build_ext
    building 'netfilterqueue' extension
    creating build
    creating build/temp.linux-x86_64-3.8
    x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/root/PycharmProjects/net_cut/venv/include -I/usr/include/python3.8 -c netfilterqueue.c -o build/temp.linux-x86_64-3.8/netfilterqueue.o
    netfilterqueue.c: In function ‘__pyx_f_14netfilterqueue_6Packet_set_nfq_data’:
    netfilterqueue.c:2150:68: warning: passing argument 2 of ‘nfq_get_payload’ from incompatible pointer type [-Wincompatible-pointer-types]
     2150 |   __pyx_v_self->payload_len = nfq_get_payload(__pyx_v_self->_nfa, (&__pyx_v_self->payload));
          |                                                                   ~^~~~~~~~~~~~~~~~~~~~~~~
          |                                                                    |
          |                                                                    char **
    In file included from netfilterqueue.c:440:
    /usr/include/libnetfilter_queue/libnetfilter_queue.h:122:67: note: expected ‘unsigned char **’ but argument is of type ‘char **’
      122 | extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
          |                                                   ~~~~~~~~~~~~~~~~^~~~
    netfilterqueue.c: In function ‘__pyx_pf_14netfilterqueue_6Packet_4get_hw’:
    netfilterqueue.c:2533:17: warning: implicit declaration of function ‘PyString_FromStringAndSize’; did you mean ‘PyBytes_FromStringAndSize’? [-Wimplicit-function-declaration]
     2533 |     __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
          |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~
          |                 PyBytes_FromStringAndSize
    netfilterqueue.c:2533:15: warning: assignment to ‘PyObject *’ {aka ‘struct _object *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
     2533 |     __pyx_t_3 = PyString_FromStringAndSize(((char *)__pyx_v_self->hw_addr), 8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
          |               ^
    netfilterqueue.c: In function ‘PyInit_netfilterqueue’:
    netfilterqueue.c:6111:3: warning: ‘tp_print’ is deprecated [-Wdeprecated-declarations]
     6111 |   __pyx_type_14netfilterqueue_Packet.tp_print = 0;
          |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from /usr/include/python3.8/object.h:746,
                     from /usr/include/python3.8/pytime.h:6,
                     from /usr/include/python3.8/Python.h:85,
                     from netfilterqueue.c:4:
    /usr/include/python3.8/cpython/object.h:260:30: note: declared here
      260 |     Py_DEPRECATED(3.8) int (*tp_print)(PyObject *, FILE *, int);
          |                              ^~~~~~~~
    netfilterqueue.c:6116:3: warning: ‘tp_print’ is deprecated [-Wdeprecated-declarations]
     6116 |   __pyx_type_14netfilterqueue_NetfilterQueue.tp_print = 0;
          |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from /usr/include/python3.8/object.h:746,
                     from /usr/include/python3.8/pytime.h:6,
                     from /usr/include/python3.8/Python.h:85,
                     from netfilterqueue.c:4:
    /usr/include/python3.8/cpython/object.h:260:30: note: declared here
      260 |     Py_DEPRECATED(3.8) int (*tp_print)(PyObject *, FILE *, int);
          |                              ^~~~~~~~
    netfilterqueue.c: In function ‘__Pyx_PyCFunction_FastCall’:
    netfilterqueue.c:6436:13: error: too many arguments to function ‘(PyObject * (*)(PyObject *, PyObject * const*, Py_ssize_t))meth’
     6436 |     return (*((__Pyx_PyCFunctionFast)meth)) (self, args, nargs, NULL);
          |            ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    netfilterqueue.c: In function ‘__Pyx__ExceptionSave’:
    netfilterqueue.c:7132:21: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
     7132 |     *type = tstate->exc_type;
          |                     ^~~~~~~~
          |                     curexc_type
    netfilterqueue.c:7133:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
     7133 |     *value = tstate->exc_value;
          |                      ^~~~~~~~~
          |                      curexc_value
    netfilterqueue.c:7134:19: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
     7134 |     *tb = tstate->exc_traceback;
          |                   ^~~~~~~~~~~~~
          |                   curexc_traceback
    netfilterqueue.c: In function ‘__Pyx__ExceptionReset’:
    netfilterqueue.c:7141:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
     7141 |     tmp_type = tstate->exc_type;
          |                        ^~~~~~~~
          |                        curexc_type
    netfilterqueue.c:7142:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
     7142 |     tmp_value = tstate->exc_value;
          |                         ^~~~~~~~~
          |                         curexc_value
    netfilterqueue.c:7143:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
     7143 |     tmp_tb = tstate->exc_traceback;
          |                      ^~~~~~~~~~~~~
          |                      curexc_traceback
    netfilterqueue.c:7144:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
     7144 |     tstate->exc_type = type;
          |             ^~~~~~~~
          |             curexc_type
    netfilterqueue.c:7145:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
     7145 |     tstate->exc_value = value;
          |             ^~~~~~~~~
          |             curexc_value
    netfilterqueue.c:7146:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
     7146 |     tstate->exc_traceback = tb;
          |             ^~~~~~~~~~~~~
          |             curexc_traceback
    netfilterqueue.c: In function ‘__Pyx__GetException’:
    netfilterqueue.c:7201:24: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
     7201 |     tmp_type = tstate->exc_type;
          |                        ^~~~~~~~
          |                        curexc_type
    netfilterqueue.c:7202:25: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
     7202 |     tmp_value = tstate->exc_value;
          |                         ^~~~~~~~~
          |                         curexc_value
    netfilterqueue.c:7203:22: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
     7203 |     tmp_tb = tstate->exc_traceback;
          |                      ^~~~~~~~~~~~~
          |                      curexc_traceback
    netfilterqueue.c:7204:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_type’; did you mean ‘curexc_type’?
     7204 |     tstate->exc_type = local_type;
          |             ^~~~~~~~
          |             curexc_type
    netfilterqueue.c:7205:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_value’; did you mean ‘curexc_value’?
     7205 |     tstate->exc_value = local_value;
          |             ^~~~~~~~~
          |             curexc_value
    netfilterqueue.c:7206:13: error: ‘PyThreadState’ {aka ‘struct _ts’} has no member named ‘exc_traceback’; did you mean ‘curexc_traceback’?
     7206 |     tstate->exc_traceback = local_tb;
          |             ^~~~~~~~~~~~~
          |             curexc_traceback
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /root/PycharmProjects/net_cut/venv/bin/python -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pycharm-packaging/netfilterqueue/setup.py'"'"'; __file__='"'"'/tmp/pycharm-packaging/netfilterqueue/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-nzfnyzkz/install-record.txt --single-version-externally-managed --compile --install-headers /root/PycharmProjects/net_cut/venv/include/site/python3.8/netfilterqueue Check the logs for full command output.

The error is quite long and I've included the entire error message so you could understand what went wrong.

A very important skill to have as a programmer is the ability to read errors. Solving errors is equally important but I think being able to identify errors takes precedence here. The solution lies within the error. If you're able to read the error you'll be able to find what caused it and debug it quicker and more efficiently.

In our case, you notice it says Using legacy 'setup.py install' for netfilterqueue, since package 'wheel' is not installed. and it continues installing the package.

1st thing to note down is that your system is missing the wheel package.
Wheels are the newer standard of Python distribution. It replaces eggs. You can read more about it here and how it compares with eggs here.

So you need to install wheels if pip is still not able to install using legacy 'setup.py' You can install wheels using the command
pip install wheel for Python 2 and
pip3 install wheel for Python 3

After wheel is installed you can try to install the package again.
pip install netfilterqueuefor Python 2 and
pip3 install netfilterqueuefor Python 3

If it is able to install the package then Congratulations! You did a great job!

If however, it is not then keep reading:

Wheels did not work for you, you should read what the next error is.

It says

DEPRECATION: The -b/--build/--build-dir/--build-directory option is deprecated. pip 20.3 will remove support for this functionality. A possible replacement is use the TMPDIR/TEMP/TMP environment variable, possibly combined with --no-clean. You can find discussion regarding this at https://github.com/pypa/pip/issues/8333.

which basically means --build is deprecated and if you read through the discussion it says the deprecation was eventually reversed so that ideally shouldn't cause an issue. But if the command still fails then you can go to netfilterqueue Github page, to check it's installation steps.

You can just clone the directory to your local system and run setup to install the package.

You especially need to make sure you have ibnetfilter_queue development files and its associated dependencies.

You can easily install/upgrade these using the command
apt-get install build-essential python-dev libnetfilter-queue-dev

Once done, You can now begin to clone the directory using the command
pip3 install -U git+https://github.com/kti/python-netfilterqueue

This command will clone and run the setup file as well.

If you however would like to do all the steps manually then you can use the following commands:

• git clone https://github.com/kti/python-netfilterqueue.git
  This command will clone the remote directory from Github to your local system.

• cd python-netfilterqueue
  To go to the folder where it is cloned.

• python setup.py install
  To run the setup that installs netfilterqueue in your system.

If you get an error like the below after 1st step like I did:

Then that means you do not have (lib)curl-devel installed. This means that git could not find the git-remote-http executable in the executables directory.

You can run the following command to resolve that:

apt-get install libcurl4-openssl-dev

If still however git is not recognizing the remote helper for https, you can use the following command:

pip install -U git+git://github.com/kti/python-netfilterqueue for Python 2 pip3 install -U git+git://github.com/kti/python-netfilterqueue for Python 3

Just replace https with git and it should work.

After this long arduous process you should have successfully installed the package on your local system.

Take some time out and appreciate your hard work, you did a great job!

Let me know in the comments below which of these solutions worked for you

Hope you enjoyed this post! If you happen to like it, feel free to share. You can also follow me on Twitter on my coding journey.

So you’ve installed Kali because you’re interested in Ethical Hacking. Maybe you’re just trying a new flavor of Linux. If you’ve used Kali before you’ll notice that when you enter root as username and toor as password, it no longer accepts those credentials.

Kali will be running as user Kali with password as Kali.

From 2020.1 version, Kali Linux moved to default non-root user. This doesn’t mean that there is no root user or the password toor is incorrect. It's just that there is no default password set for root user.

What does this mean and what are some ways around it?

In the earlier days, many applications on Kali needed root user permission to run. Think of this like having to "Run as Administrator" while using Windows. As time passed and Kali grew, a lot of users started using Kali as their primary OS. And when they do so they don't run as root user by default. So Kali concluded there is no need for a default root user and dropped it.

This article talks more in detail about their reasoning behind this decision and next steps.

According to Kali, you can do the following if you would like to go back to the default root user mode:

• Login to Kali as user Kali [username Kali and password Kali].

• Try running the command apt-get update in terminal without the sudo command. It'll throw the following error since you do not have root permissions:

• Run the command sudo dpkg-reconfigure kali-grant-root in terminal to reconfigure password-less root rights.

• After clicking enter you'll see the following menu:

Notice user Kali is not part of the trusted group, We need to add Kali to the trusted group.

• Click on Enable password-less privilege escalation

You should see the following commands:

• Which means user Kali has now been added to trusted user group and thus shall not require password to access root rights.

• If you run the command sudo dpkg-reconfigure kali-grant-root again, it should show user Kaliin trusted user group.

This however did not work for me for some reason.

I decided to change the password of root instead, and that worked!

Steps to change the root password.

• Open Terminal and type the command sudo su

• Then type in the command passwd root. This is the command to reset root password. Type in the new password and the password will be changed successfully!

• Now that you've changed the root password, logout as user Kali and login as user root with the password you set in the previous step.

Congratulations! You're now logged in as root user.

You can verify by trying the apt-get updatecommand.

Let me know in the comments below which method worked for you.