►
From YouTube: Practical API usage in PowerShell with Stevie Coaster
Description
Stevie Coaster will follow up his session from March on API's. This is pt 2 and will be a little bit deeper dive than the first meeting.
A
Good
evening,
ladies
and
gentlemen,
welcome
to
another
meeting
of
the
Research
Triangle
Powershell
User
Group.
My
name
is
Mike
kanakis
and
it
is
March,
15,
2023
and
tonight
we're
going
to
be
talking
about
apis
and
how
apis
interact
with
Powershell.
Before
we
get
to
our
guests
tonight,
let
me
introduce
our
my
co-host,
hello,
Mr
Phil.
How
are
you.
A
And
so
tonight
we
have
a
special
guest
in
person:
Mr
Stevie
Costa
of
chocolatey
Fame
and
Powershell
Community.
Member
and
active
participant
in
the
community.
Stevie
came
and
said
guys.
I
want
to
come
and
present
in
person.
Would
you
guys
mind
and
we're
like
sure,
come,
and
so,
if
you're
wondering
why
Steve
became
a
person,
it's
just,
he
was
born.
So
he
just
wanted
to
drive
and
come
and
visit
us.
So
Stevie
drove
1700
miles,
yeah
it's
a
night.
A
He
let
yesterday
evening
and
we're
so
happy
that
he
made
the
Drive
come
and
hang
out
with
us.
Hey
Stevie,
wanted
to
say
hello.
You
can
also
turn
on
your
camera
on
your
or
pewter.
If
you
want
all
right
thanks
Amy,
what
are
we
going
to
be
talking
about
tonight?
This.
B
Don't
freak
out
if
you
missed
part
one,
because
we're
gonna
cover
a
bunch
of
part
one
before
we
dive
into
part
two
just
to
make
sure
everybody
is
on
the
same
page
little
about
me.
I
guess
most
of
you
probably
know
me
from
chatting
in
the
meanings
and
stuff
like
that,
but
I'll
return,
chocolatey.
B
For
for
those
guys
and
I
spend
most
of
my
day,
wrestling
Powershell
helping
customers
or
whatever
off
of
this
tournament,
play
I
wear
a
lot
of
a
lot
of
hacks.
So
for
those
in
the
room
tonight
expect
questions,
because
if
you
ask
questions,
I
will
throw
you
something.
B
D
A
Yeah,
okay,
all
right
so
we're
gonna
hand
it
over
to
Mr,
Stevie
and
so
I'll.
Just
say
that
if
you're
watching
home
and
you're
wondering
about
Stevie
coaster,
he
is
a
very
active
Powershell,
Community
member-
and
he
has
been
a
very
good
friend
of
the
group
for
many
years
and
a
personal
friend
of
mine,
I'm,
very
thankful
for
all
the
contributions
he's
made
to
our
group.
A
I
have
worked
with
him
offline
very
much
to
help
learn
a
bunch
of
things
to
help
myself
be
a
better
individual
with
using
Powershell
he's
just
an
all-around
good
guy
and
I
say
that,
because
if
you're
looking
for
people
to
follow
in
the
community,
whether
it
be
on
Twitter
or
some
other
resource,
Stevie
is
one
of
the
best
to
follow.
He's
always
doing
something.
That's
interesting.
He
always
has
useful
information
to
share
with
people,
and
so
I
would
encourage
you
to
take
a
look
at
his
Twitter
profile
and
follow
him.
A
He
has
a
lot
to
say
and
a
lot
to
share,
but
with
that
we're
going
to
hand
it
over
to
you
Stevie.
Thank
you
again
for
coming
1800
miles.
We
appreciate
the
drive
he
walked
it
by
the
way
my
dogs
are
barking
yeah,
but
seriously
we're
gonna
hand
it
over
to
you
and
I
I
super
appreciate
you
taking
the
time
to
hang
out
with.
B
Us
absolutely
so
I
want
to
start
from
the
very
beginning.
So
for
the
folks
that
missed
part,
one,
the
gist
of
part,
one
is
why
are
apis
important?
So
an
API
is
what
it's
an
application
programming
interface.
It
allows
you
to
no
matter
what
your
programming
language
have
a
universal
thing,
but
every
language
can
talk
to
and
get
data
from.
B
But
you
know
Powershell.
So
if
they've
got
an
API,
you
can
access
that
API
and
work
with
it
and
get
the
objects
back.
That
you're
used
to
right
we're
very
object.
Oriented
when
it
comes
to
Powershell
and
Powershell
is
extremely
helpful
in
that
it
takes
that
Json
response
back
from
that
API
and
automatically
creates
a
custom
object
for
you.
You
don't
have
to
do
anything,
ask
the
API
for
the
data
it
sends
it
back.
Powershells
like
all
this
Json.
This
is
coming
from
an
API
I'm
going
to
make
an
object.
B
Here
you
go
and
then
you
can
do
whatever
else
you
want
to
do
with
that.
If
it's
send
it
down
the
pipeline
to
something
else,
you
can
do
that.
If
you
want
to
ship
it
off
to
some
other
system,
you
can
do
that.
Then
you
can
email,
it
make
a
Excel
document,
whatever
whatever
you
can
do
a
Powershell.
B
You
can
use
that
data
to
do
that
work.
So
that's
really
the
gist
of
apis
they're.
This
amazing
awesome
thing:
they're
super
powerful
and
they're
prevalent
everywhere.
If
you
use
Azure
at
all
and
you're
good
with
Powershell
and
azure,
all
of
those
Commandments
that
you're
using
to
spin
up
and
spin
down
and
change
and
do
all
of
your
stuff
in
Azure-
is
the
graph
API.
It's
all
an
API,
there's
a
programmatic
interface
that
it
doesn't
matter
if
you're
writing
a
c-sharp
application.
There's
an
SDK
for
that
to
interact
with
the
API.
B
If
it's
Powershell
there's
this
graph
API
module
that
you
use,
that
has
all
these
commandlets.
That
are
nothing
more
than
really
fancy
wrappers
that
send
stuff
to
invoke
rest
method
and
there
you
go.
So
if
you
get
really
good
and
comfortable
with
invoke
rest
method,
you
can
make
all
kinds
of
modules
that
wrap
all
these
different
apis
for
all
these
different
systems
that
you
have
and
become
really
really
efficient
at
what
you're
doing
you
don't
have
to
no
longer.
B
You
know
log
into
this
website
to
do
this
thing
or
open
this
app
to
do
this
thing.
It
can
all
be
in
your
shell
and
all
bolt
together,
it's
very
very,
very
handy.
So
there's
a
couple
of
different
methods
inside
of
an
API
as
well.
The
most
common
one,
I
would
say,
is
a
get
method,
which
does
exactly
what
it
sounds
like
on
the
tin.
It's
going
to
get
data
from
that
API
endpoint
and
return
it
to
you.
B
Another
API
method
that
you'll
use
quite
frequently
as
a
post
method
if
you've
got
say,
you're
working
with
some
sort
of
a
Powershell
object,
and
you
need
to
send
that
data
to
an
API.
You
would
use
a
post
method
for
that,
there's
also
a
put
method
which
is
kind
of
sort
of
the
same
thing
as
post,
but
it's
different
and
that
it
will
also
do
updates.
So,
if
you've
got
like
an
existing
record
and
you
want
to
like
completely
update
a
whole
bunch
of
stuff
inside
of
it,
you
can
use
a
put
method
for
that.
B
There
are
drawbacks
and
caveats
between
post
and
push
or
post
input.
Rather
one
of
them
is
a
true
update
and
the
other
one
will
overwrite
the
thing.
That's
there.
So
if
you've
got
an
existing
record,
that
you
say
it's
a
car
for
example-
and
you
want
to
change
the
motor
from
a
V6
to
a
V8
via
a
API
call,
you
don't
want
to
do
a
post
with
just
about
ID
in
the
car
and
the
engine,
because
that
car
will
then
be
an
IDE
and
an
engine.
B
Everything
else
is
gone,
so
you
want
to
make
sure
you
use
the
right
method
so
that
all
the
other
stuff
like
how
many
doors
does
it
have,
and
it's
black
in
its
four
wheel,
drive
and
whatever
all
that
stuff
stays,
and
the
only
thing
that
changes
is
the
thing
that
you
said
to
it
being
and
taking
it
from
one
thing
to
the
other
and
there's
delete
endpoints.
So
you
can
delete
data,
those
are
dangerous
to
say
the
least.
B
Obviously
you
want
to
be
careful
if
you're
doing
things
with
a
delete
method,
you
want
to
be
careful
with
any
of
them,
but
especially
with
the
delete
method,
because
sometimes
that
stuff's
hard
to
get
back.
It's
a
really
good
way
to
test
your
backups,
the
only
delete
method,
so
we're
going
to
kind
of
dive
in
to
what
that
looks
like
practically
to
get
really
really
good
at
an
invoke
rust
method
and
we'll
start
really
really
really
simple:
I'm
just
going
to
create
a
new
file
right
here
on
the
roots.
D
B
B
Api
calls
anything
and
Low
cross
method.
Super
great.
You
can
do
things
like
testing
all
the
different
verbs.
So
if
you
say
here's
a
dit
method
and
it
doesn't
have
any
query
parameters
and
it
expects
a
200
response
or
you
should
get
a
200
response
out
of
it.
That's
fine!
So
if
we
try
this
out
and
hit
execute
it's
going
to
work
and
it's
going
to
send
us
back,
arguably
nothing.
B
B
E
B
F
B
B
One
of
the
things
we
need
to
tell
it
is:
what
kind
of
method
am
I
going
to
work
with
right?
So
for
this,
it's
very
very
clear
in
this
document
and
we'll
talk
about
a
little
bit
what
this
is
later,
but
this
is
a
get
method
which
is
technically
the
default
method
for
invoke
rust
method,
whatever
you're
going
to
use
it.
If
you
leave
method
off,
it's
going
to
do
it
yet.
B
So
we've
got
our
method
and
just
make
that
a
variable
and
then
again
we
need
to
know
what
our
content
type
is.
What
kind
of
data
is
that
URL,
or
is
that
endpoint
expecting
and
going
to
return
to
us?
So
again,
we
can
go
to
this
document
here
and
we
can
look
and
see
this
get
method
and
the
response
content
type
is
application
Json.
B
So
let's
go
ahead
and
say
our
content
type
is
a
off
to
application,
slash,
Json
and
for
this
particular
endpoint.
That's
all
we
need
to
make
an
API
call
to
this.
So
now
we
can
use
invoke
rest
method
and
we
can
give
it
our
URI
URI
method
method
and
then
our
content
type
of
content
type
and
if
we
were
to
take
all
of
this
kind
of
just
run,
that
selection,
it
works
and
there's
our
stuff.
B
So
let's
make
this
a
little
bit
clearer.
Shall
we
so,
let's
do
result
is
equal
to
that
invoke.
Rest
method
run
all
that
and
now
in
here,
I
should
have
a
result
variable
and
we
can
get
all
the
different
information
from
it
and
then
we
can
say
result.get
type
where
it
says:
PS
custom
object,
yeah,
it's
it's
pretty
cool,
that's
something
that
you're
very
familiar
with
it's
easy
to
work
with
it
and
do
other
things
with
it.
We
can
even
be
silly
and
say:
okay,
I
want
to
convert
to
Json.
B
Well,
there's
my
Json
bag.
If
you
really
want
it
as
Json
or
you
could
do
convert
to
Json
as.
B
B
Now
it
does
get
harder
depending
on
how
complicated
the
API
is,
but
it's
not
so
bad
that
you
won't
pick
it
up
relatively
quickly,
because
the
pieces
and
parts
that
make
it
up
are
extremely
familiar
to
you.
If
you
write
a
lot
of
Powershell
to
make
a
another
example
out
of
this,
I
think
the
same
endpoint
will,
just
if
I
send
it
a
body,
it
will
spit
out
the
same
body.
There
might
be
another.
There
might
be
a
posting
point
for
that.
So
let
me
ain't
C.
D
B
B
That
way,
we
can
do
the
fun
things
with
splatting
that
we're
probably
quite
used
to
with
longer
commands
where
you
can
say:
hey
here's
a
hash
table
of
all
the
parameters,
we're
in
buildgrass
method
and
it'll
run.
It
makes
it
easier
to
read
it
going
down
this
way,
as
opposed
to
scrolling
off
to
the
screen
to
the
right
you're,
bringing
follows
that
a
lot
easier
than
trying
to
find
out
where
you're
at,
if
your
lines
are
long,
so
splatting
is
awesome.
You
should
do
that
and
then
for
this
particular
post
method.
B
G
G
B
I'm
going
to
cast
That
Body
that
hash
table
I'm
going
to
inflate,
convert
it
to
Json
wallet
while
it
goes
up,
I,
don't
think
that's
particularly
necessary
anymore
with
the
new
info
Crest
method
commandlets,
but
it's
a
habit
I
got
into
on
Windows
Powershell
because
it
had
to
convert
the
body
to
Json
to
send
it.
And
now
it's
just
muscle
memory
at
this
point.
So
that's
how
I
do
it
to
this
day,
and
so,
if
we
were
to
do
this.
D
B
It's
in
there,
so
if
we
look
at
result,
we've
got
the
data
and
the
object.
That
is
the
body
of
the
request
that
I
sent.
So
if
you
look
at
the
raw
Json-
and
it
comes
back
as
a
hash
table
here,
but
that's
how
you
post
data
to
to
an
API
depending
on
the
Swagger
dock,
it'll
typically
tell
you
of
what
stuff
is
required
or
to
for
it
to
work.
If
we
look
at
there's
another
Swagger
pet
store.
B
So
here's
a
post
method,
so
it
says
there's
no
parameters
on
this
home,
which
is
annoying
because
it's
got
a
schema,
so
it
should
parameters.
This
is
a
very
bad
very
bad
example.
D
B
There
any
questions
about
the
invoke
method,
stuff
that
we've
seen
so
far.
It's
relatively
straightforward,
but
I
want
to
make
sure
everybody's
falling
along,
especially
in
chat
Etc
just
know,
there's
only
a
couple
really
important
pieces
of
information,
Uris
methods,
content
types
and
then,
if
it's
something
that
you're
sending
data
to
whatever
the
body
of
the
request
is
whatever
that
looks
like
authentication
here
in
just
a
second.
B
Yeah
yeah,
sometimes
not
it,
it
depends
on
the
API
like
you
might
want
to
have
a
get
endpoint
that
the
body
tells
the
endpoint
what
to
catch.
B
So,
if
there's
a
lot
of
data
to
that
that
get
requests
will
have
a
body
through
it,
so
that
it
it
so
that
it
knows
what
about
that
question.
B
It's
the
body's
always
going
to
be
required
in
a
poster
put
because
you're
sending
data
and
the
way
to
do
that
is
through
a
body.
There's
one
caveat
to
that
and
that's
if
the
URL
uses
query
strings
to
do
its
data.
The
data
that
is
going
to
be
written
is
going
to
be
in
the
URL
itself,
not
in
the
body,
so
it's
kind
of
API
dependent,
but
the
Lion
Share
of
apis
are
going
to
require
a
body
if
you're
going
okay
sure
put.
E
Sorry
Case
requests,
you'll
press
Transit.
B
Pants
again,
it
depends
on
the
API
what
you're
doing
if
it's
Json
data,
typically
not
very
big
or
not.
If
it's
uploading
a
file.
Yes,
it's
going
to
do
some
magic
to
make
the
bits
go
where
they
need
to
go,
but
technically
not
even
though
it's
just
a
Json
payload,
because
json's
the
small
anymore,
there's
no
compression
build
on
top
of
it.
Thank.
E
B
B
We've
got
some
because
in
Vogue,
rust
method
is
kind
of
doing
it
Horus,
and
this
is
the
headers
that
the
request,
the
response.
This
is
the
headers
for
the
response,
not
the
actual
request,
so
invoke
rust
method,
kind
of
build
its
own
default
ones
to
make
the
request,
and
then
the
response
set
back
the
header
State
it
built
to
to
send
the
response.
B
B
B
One
of
them
is
basic,
which
is
like
username
and
password
type
stuff,
and
then
the
other
is
bear,
which
is
token
based,
like
oauth
bank
oauth.
That's
that's
a
token.
The
nice
thing
about
Powershell,
seven
if
that
stuff
is
baked
in
as
parameters
at
this
point.
So
what
that
means
is
I
could
say,
invoke
rest
method
Authentication
and
give
it
basic.
Bearer,
oauth,
Baron
oauth,
there's
slight
differences
there,
but
basic
implementation.
It
means
the
same
thing.
It's
just
a
token.
B
So
if
we
were
looking
make
this
part
of
our
Splat
here,
we
could
say:
authentication
equals
basic
and
our
credential
as
equals
to
get
credential,
and
then
we
could
drop
all
that
stuff
off
and
then
we
wouldn't
need
our
headers
in
Powershell.
Seven,
it's
enough
to
just
say:
hey
what
kind
of
authentication
is
it
and
here's
a
credential
or
if
it's
a
bear.
B
Instead
of
credential
and
for
this
you'll
want
to
say
your
token
here
convert
to
secure
string
as
playing
text
Force,
the
token
parameter
is
a
secure
string,
so
you'll
want
to
either
beforehand
make
a
secure
string
and
and
just
pass
that
to
this
or
do
whatever
do
something
like
this,
and
it
is
enough
to
say
like
if
you
wanted
to.
You
could
have
a
credential
object,
so
credential
Falls
get
credential.
B
B
So
it
really
depends
on
what
you're
doing
and
how
you're
designing
things
it's
a
little
bit
easier
to
use
a
credential
object
than
it
is
to
use
a
secure
string
object
if
you're
going
to
like
build
a
script
and
it's
going
to
talk
to
an
API
and
it's
got
oauth
and
it
needs
a
token
because
the
onus
is
on
bam.
To
do.
B
You
could
say
default
the
username
to
like
a
dumb
username
or
just
leave
it
blank
or
whatever
you
want
to
do,
and
then,
if
they
don't
give
a
credential
on
their
own,
it's
either
going
to
a
prompt
thing
for
a
username
and
then
a
password
or
if
it
prompt
them
one
of
two
ways.
Let's
clarify
prompt
them
one
of
two
ways:
if
it's
like
Kira,
Michelle
and
I
needed
a
credential
object,
it
would
be
a
prompt
in
here.
It
says:
username
I,
fill
it
in
hit,
enter
and
then
boom.
B
It
would
ask
me
for
my
password
fill
it
in
hit
enter
done.
If
it's
like
Windows
Powershell
and
it's
powershell.exe
and
I
run
a
script.
It's
going
to
pop
up
a
little
GUI
window.
The
the
windows
credential
thingy
that
we're
all
very
familiar
with
in
love,
dearly
the
put
your
credentials
into
and
then
it
stores
that
and
passes
it
passes
it
along.
So
once
they've,
given
a
credential,
all
we
care
about
is
password,
so
you
could
come
in
here,
just
say:
hey
credential,
oh
right,
credential,
dot,
password
and
improved
on.
So.
A
What's
that
token's
not
a
parameter,
it's
not
no.
E
B
B
G
B
All
right
so
just
to
show
you
guys
a
little
bit.
What
authentication
might
look
like
in
the
real
world.
I
went
ahead
and
pulled
a
couple
of
examples
together.
So
here's
one
example:
actually,
no
here's,
not
it's
not
in
there
somewhere
else.
Where
did
these
go?
B
All
right,
so
what
might
it
look
like
in
real
life
to
try
to
authenticate
against
an
API?
This
is
my
connect.
Nexus
server
function
from
my
Nexus
cell,
shell
module,
which
allows
you
to
connect
to
a
sonotype,
Nexus
repository
server
and
then
after
you're
connected
do
other
stuff
to
the
API,
and
it
doesn't
really
do
much.
It's
not
like
a
persistent
connection.
Type
thing.
All
this
does
is
creates
a
a
header
for
you
and
then
Scopes
it
to
the
module
appropriately
so
that
you
don't
have
to
pass
that
header
in
anymore.
B
It's
going
to
throw
an
error
that
says:
hey.
Did
you
run
your
connect
function
first,
before
you
tried
to
do
this,
so
it
kind
of
guards
you
a
little
bit,
but
it's
it's
not
overly
clever.
It
says:
what's
the
URL
or
the
hostname
of
the
server
that
I'm
going
to
connect
to
so
if
it's
like
repository.steincoaster.deb
or
whatever
it
is,
what's
the
hostname
of
my
server,
what
are
my
credentials
for
connecting
to
that
Repository?
B
B
So
is
this
an
SSL
based
connection
or
an
HTTP
connection,
and
what's
the
SSL
board
that
defaults
to
8443,
because
in
Nexus
world,
that's
the
default
port
for
SSL
and
Jetty,
which
we
won't
get
into
the
nonsense
that
is
Jetty,
but
that's
what
it
is
and
then
basically
I'm
just
creating
script,
Scout
variables
for
the
SSL
port
and
the
protocol,
whether
it's
https
or
HTTP
and
I
set
my
hosting
to
a
script
and
my
contacts
bath
and
then
I.
B
Do
this
really
weird
thing
for
basic
authentication,
and
this
is
where
I
said:
basic
authentication
gets
a
little
weird,
because
it's
not
just
a
username
and
a
password
pair
it.
It
expects
a
base64
encoded
string
as
part
of
that
that
heaven,
so
what
does
that
look
like?
Well,
we
asked
for
a
credential
and
then
we
put
it
into
this
format.
So
we
say
username
on
the
left,
colon
password
on
the
right
and
that's
what
we're
doing
here.
B
We're
saying
format
this
string
with
the
credential.username
on
the
left
and
then
the
plain
text
password
is
this
guy
on
the
right
and
that's
our
credit
power,
and
then
we
encode
them
and
we
say
system.convert
to
base64
string.
We
say:
utf-8
get
the
bytes
of
the
cred
pair
and
we
get
our
364
encoded
string.
And
then
we
build
our
Header
by
saying:
hey
the
opposite.
Authorization
is
basic
and
here's
my
encoded
credentials.
B
B
We're
done
that's
it.
I
do
pop
a
little
message
out
that
says:
hey
connected
to
hosting
collard
green,
otherwise,
I
throw
an
error
and
I
do
this
line
here
so
result
equals
invoke
rust
method
at
paranes
air
action.
Stop
this
call
to
the
status
endpoint
will
return,
something
the
API
will
respond
with
the
status
of
the
server
I.
Do
not
care
so
I
stuff
it
in
a
variable,
so
it
doesn't
get
sent
to
the
screen
and
then
I
write.
My
own
message.
B
I
absolutely
could
allow
on
vocrest
method
to
return
whatever
that
data
is
and
say,
yep
I'm,
good,
here's,
here's
the
status
of
the
server
and
my
connected
message
that
seemed
entirely
too
busy.
For
me,
all
I
wanted
to
to
know
was:
am
I
connected?
Yes,
so
that's
why
I
stuff
it
in
something
I
could
have
very
well
just
said
null
equals
here
as
well.
Whatever
I
just
said
result
because
I
use
result
equals
in
Bow
breast
method
for
everything,
anytime,
anything
a
rest
method.
B
It
seems
I
always
thought
that
in
a
result,
variable
that's
one
way
to
do
authorization
and
a
lot
of
the
times
in
Powershell
when
you're
writing
modules
to
wrap
an
API,
and
you
want
to
do
something
like
this
like.
This
is
a
pretty
common
thing
to
want
to
do,
especially
for
something
that's
like
it's
not
got
a
refresh
token
or
anything
like
that.
B
There's
more
advanced
apis
out
there
that
allow
you
to
connect
to
it
request
a
token
from
the
API
with
your
credentials
and
then
use
that
token
for
subsequent
calls
to
the
API,
and
then
that
token
expires
at
some
point
and
then
you've
got
functions
for
refreshing
that
token
and
getting
a
new
one
in
the
same
session,
Etc
et
cetera
we're
all
going
to
dive
into
that,
because
that's
that's
crazy
stuff,
that's
way
way
and
it
leads
for
what
we
want
to
look
at
tonight,
but
stuff
like
that
is
possible,
and
the
graph
API
is
one
of
those
ones
that
works
like
that.
B
A
But
it's
probably
worth
mentioning
here
that
the
reason
you
do
all
this
is
because
you
do
this
over
and
over
and
over
again
right,
and
so
you
could
easily
do
all
this
at
the
command
line
interactively
every
time
you
connect
yep,
certainly
certainly
possible
nothing
wrong
with
your
neck.
Yep.
Absolutely
you've
just
decided
that
it's
not
worth
the
time,
and
so
it's
worth
the
30
minutes
to
write
a
function.
Yeah
you
test
it
out,
so
that
you
get
30
seconds
back
every
day
that
you
run
this
multiple
times
a.
B
Day
and
it's
a
consistent
experience
for
the
end
user
right
at
the
end
of
the
day,
what's
step
one,
every
single
public
function
that's
available
in
this
module.
If
you
don't
run
your
connect,
first
is
going
to
throw
an
error
that
says:
hey
you
forgot
to
connect
to
the
server
before
you
did
this
thing,
so
please
go
do
that?
B
Could
I
have
written
it
a
different
way
so
that
you
had
to
pass
credentials
to
every
single
public
function
every
single
time
you
wanted
to
do
something
with
this
particular
API.
Yeah
absolutely
could
have,
could
have
done
this
header
stuff
in
every
single
function
and
duplicated
that
effort.
B
B
But
this
whole
nonsense
here
is
pretty
convoluted
to
remember.
It's
like
okay,
I
need
a
base64
ring
encode
a
pair
of
credentials.
What
the
hell
was
that
code
again?
Well,
if
you're
looking
heater,
here's
new
encoded
credentials,
so
if
I
were
to
run
this,
let
me
get
this
out
of
my
way.
B
F
B
And
so
let's
say
get
that
shawl
and
just
run
that
so,
if
I
put
in
an
username
here
and
some
password,
here's
my
encoded
credential,
it
just
gives
it
to
me
or,
if
I
wanted
to
say,
as
a
header
and
I
could
put
in
my
credential
again
there's
my
header
that
I
can
get
back.
So
if
we
come
back
to
my
stuff
function,
for
this,
I
could
take
out
this
stuff
and
I
could
say:
hey
header
equals
new.
E
A
B
Yeah,
that's
basically
it
it's
just
base64
encoding
it
to
send
it
over
the
wire
so
that
the
API
can
unencode
it
and
use
the
use
the
credential.
Obviously
that's
why
they
say.
Basic
authentication
is
almost
as
insecure
as
no
authentication
as
all
at
all,
especially
if
you're
like
over
an
HTTP
API,
because
that's
in
plain
text
anyways,
so
a
man
in
the
middle
to
grab
the
headers
decrypt,
the
the
header,
the
base
xa4
string
out
of
that
authorization,
header,
there's,
there's
your
credentials.
A
B
D
B
D
Obviously,
another
thing
to
remember
is
that
a
token
is
a
reduced
level
set
of
the
credentials,
so
it
may
only
have
delegated
access
to
a
certain
part
of
what
the
entire
user
credential
can
access.
Simply
now,
as
we're
just
going
to
say,
Grant
access
to
only
my
email
or
Grant
access
to
only
this
scope
of
the
API
yeah.
B
A
user
can
authenticate
to
an
API,
but
if
they're
not
authorized
to
use
any
part
of
the
API
functionally
worthless,
so
a
token
will
grant
authorization
to
certain
parts
of
the
API
and
you
can,
as
he
said,
scope
it
to
hey.
This
guy's
got
keys
to
the
kingdom.
This
guy
can
only
read
user
data,
or
this
guy
can
only
read
group
data,
or
this
guy
can
only
update
this
thing.
Whatever
this
widget
is.
B
B
How
do
I
even
access
the
thing
is
going
to
be
step.
One
I
don't
think
I
have.
B
Do
not
understand
why
this
one
is
not
loading.
This
is
another
one.
Do
you
want
to
go
back
to
your
BM.
G
B
Yeah
I
think
I
got
it.
Yeah
I
got
to
see
it
from
here,
but
it's
fine.
Where
was
I
going
with
this
one.
G
B
This
is
that
pet
store,
Swagger
thing.
This
is
their
login
example.
If
you
wanna
call
it,
that
is
a
get
request
to
do
it
for
one
which
is
silly,
but
this
is
an
example
of
a
UR
of
the
API
that
uses
query
string
parameters.
So
there's
there's
no
body
to
this
request.
B
A
But
the
truth
is,
there
is
well
defined
standard
that
people
must
follow,
and
so
I
don't
know
if
Steve
you
mentioned,
because
I
stepped
away,
but
the
docs
are
so
important
because
what
you
expect
for
halfway
with
an
API
isn't
exactly
always
what
actually
happens,
and
so
sometimes
you
get
some
things
like
this.
That
are
just
a
head,
scratcher
yeah
and
you
don't
know
why
they
did
that.
But
if
you
want
to
interact
with
it,
you
got
to
play
by
their
rules.
Yeah.
B
And
that's
actually
a
really
good
segue
into
Swagger,
so
Swagger,
open,
API
3.0
is
a
standard
on
how
you
write
an
API
and
it
helps
you
define
all
the
different
endpoints
and
all
the
different
methods
for
those
endpoints.
And
then
you
can
have
schema
behind
that
which
the
schema
is.
What
helps
you
to
define
the
parameters
and
stuff
that
the
end?
The
point
can
can
leverage.
If
we
look
at
this
one,
for
example,
it's
got
a
few
I
see
I
just
want
to
come
up.
D
B
B
B
So
if
we
were
to
try
it
try
it
out,
it's
expecting
a
soft
quota
with
a
type
of
space
remaining
quota
and
then
the
limit
which
is
an
integer
and
then
the
path
and
a
name
so
path
could
be
something
on
disk,
so
a
c-temp,
for
example,
and
that
the
name
is
RTP
s-u-g
like
that,
and
then
we
can
execute
that
I.
Don't
think,
that's
actually
going
to
work.
It
might.
B
D
G
B
So
for
this
particular
commandlet,
if
we
look
at
the
file,
if
we're
going
to
create
a
file
type
blob
store,
we
need
a
name.
We
need
to
use
quota
switch
parameter,
the
quota
type,
which
is
a
string,
and
we
need
the
soft
quota
in
megabytes
and
the
path
so
I
figured
all
of
that
information
out
by
reading
the
schema
of
this
particular
endpoint.
B
So
that's
how
I
figured
out
that
I
need
those
two
parameters
or
the
the
quote
a
bit
and
then
for
the
path?
Is
the
path
to
the
blob
store
contents
to
anywhere
on
the
system?
Nexus
is:
has
access
to
or
path
relative
to,
the
center
type
work
directory,
which
basically
means
given
a
folder
path
and
it'll
be
happy,
and
then
what
do
I
want
called
this
blog
blob
store
so
that
I
can
identify
it
inside
Nexus
Webby.
B
B
This
is
basically
your
cheat
sheet
for
how
to
write
the
Powershell
to
interact
with
that
particular
API
employee,
for
example.
You
might
say
you
might
look
at
these
and
say:
okay,
this
one
creates
a
file.
Blob
store
sounds
like
a
do
command
to
me.
The
new
hyphen
and
something
put
seems
to
be
update.
A
blob
store
configuration
that
seems
like
a
set
to
me
or
an
update
or
an
upgrade
or
whatever
set,
is
typically
what
I
use
gets
a
pretty
self-explanatory
that
should
be
a
get.
Something
delete
should
be
a
remove.
B
B
Here's
my
content
type,
all
I
need
to
worry
about
now
is:
what's
the
URL
of
the
thing
going
to
be?
What
parameters
does
it
need
and
how
do
I
authenticate
to
the
damn
thing
to
make
it
go,
there's
just
all
these
little
building
blocks
that
are
right
here
inside
of
this
document
that
will
help
you
on
your
journey
to
alrighty
rappers
around
apis,
I,
freaking,
love
apis.
This
is
the
most
fun
in
Powershell,
for
me
is
to
find
an
API
and
figure
out
how
to
power
channelize
it
especially
this
one.
B
This
sonotype
Nexus
one
has
been
so
useful
because
I
got
tired
of
monkey
patching
cylinder
type
Nexus
installations
for
work
like
it
was
a
whole
bunch
of
really
ugly
code
to
do
it.
The
hard
way
by
writing
files
to
the
file
system
and
changing
directories
around
and
poking
services
and
poking
firewalls,
and
all
this
stuff
they've
got
an
API
that
does
all
of
that
stuff.
B
For
you,
via
the
API,
so
why
not
have
some
Powershell
functions
that
allow
me
to
connect
to
this
server
when
it's
brand
new
after
it's
first
installed,
connect
to
it
and
then
configure
the
thing.
So
now,
all
of
our
setup,
stuff,
derange,
all
of
the
default
repositories
ship
on
the
box
as
part
of
a
fresh
installation
gets
rid
of
them
all
sets
up
the
repositories
we
need
with
the
correct
repository
types,
does
all
the
stuff
to
retrieve
API
keys
and
give
it
to
the
user
and
all
the
stuff.
B
It's
all
automated
as
part
of
our
onboarding
process,
at
least
on
the
quick
start
guide
side.
If
you
do
it
yourself,
it's
a
little
bit
different
in
our
Azure
environment,
but
still
uses
the
code.
It
just.
Does
it
a
little
bit
differently,
yeah.
A
A
B
D
G
D
B
Thank
you,
so
our
Central
management
product,
the
way
to
authenticate
to
that
product
in
a
power
Shelley
way,
is
to
send
an
invoke
web
request
to
the
log
on
form
page
itself
with
a
post,
and
this
really
weird
application
form.
Url,
encoded
content
type
and
the
body
is
going
to
be
the
username
or
email
address
and
the
password
which
is
super
awesome.
B
That
will
send
that
cookie
along
for
the
ride
and
authenticate
to
the
API
and
everything's
happy.
So
you
don't
necessarily
need
a
header
every
single
single
time,
if
it
in
a
cookie.
Basically,
so
you
can
use
a
session
for
that.
F
B
Not
easily
I'm
going
to
tell
you
to
just
use
a
session
variable
because
to
do
it.
Otherwise
is
black
magic,
ridiculous.net
class
stuff
that
no
Powershell
guide
should
ever
have
to
go
through.
So
just
use
the
session
variable
it's
the
fastest
easiest
way
to
do
it.
You
can
use.
There
is
a
oh.
What
is
it
system.net.web.
B
There's
other
pieces
of
that
puzzle
that
goes
along
with
it
too.
Not
only
do
you
have
containers,
you
have
clutch
and
then
you
have
to
like
magic
it
all
into
there
to
make
it
work,
and
then
you
have
to
do
stuff
with
it
after
the
fact,
whereas
you
could
just
say
give
me
a
session
variable
and
it'll
have
it
in
it,
and
then
you
can
take
that
and
do
whatever
you
want
with
it.
So
just
do
that.
B
And
just
kind
of
to
bring
everything
home
before
we
ask
if
there's
any
other
questions
or
anything
I
wanted
to
show
this
off.
B
They
didn't
want
to
do.
Google,
Chrome,
updates
with
SCCM
anymore.
They
wanted
to
use
chocolate
for
it,
which,
naturally,
that
makes
a
ton
of
sense,
and
they
wanted
to
use
Central
management
to
push
out
those
updates
to
their
endpoints,
because
Central
management
is
quite
a
bit
faster
than
secm
in
a
lot
of
cases,
not
every
case,
but
a
lot
of
cases.
Our
stuff
is
just
faster,
the
nature
of
how
it
works.
B
Such
that
they
could
keep
the
group
memberships
inside
of
our
Central
management
products
up
to
date,
Autumn
automatically
without
any
input
from
from
them,
because
our
product
also
reports
that
Google
Chrome
is
out
date
on
those
machines,
but
there's
no
magic
button
that
you
can
click
to
say.
Hey
only
deploy
this
thing
to
all
of
these
outdated
Google
Chrome
machines.
E
B
Still
on
the
roadmap,
eventually
it'll
land,
there
I,
don't
know
what,
but
they
have
that
data
in
SCCM.
They
have
a
collection
that
has
all
those
machines
in
it
and
all
those
machines
exist
in
central
management
and
we
have
an
API
that
says:
hey.
If
you
know
what
machines
you
want
to
go
into
a
group,
we
can
magically
make
that
happen,
for
you
not
a
problem.
So
what
do
we
do?
We
get
all
the
compute
and
that
there's
a
couple
of
different
functions
inside
of
here.
B
So
the
first
function
here
gets
literally
all
the
computers
out
of
Central
management
so
that
we
can
kind
of
break
it
down
after
the
fact.
There's
a
function
in
here
to
test
if
a
group
exists,
so
if
they
are
creating
a
Google,
Chrome,
outdated,
SCCM
collection
and
then
creating
a
group
in
central
management
called
Google
Chrome
outdated.
B
B
B
It's
an
application,
content
or
application,
Json
content
type-
and
these
are
the
things
that
the
body
of
that
the
parameters
of
that
API
expects,
in
our
case
we're
just
creating
the
group,
so
we
don't
need
to
have
any
groups
inside
of
it
or
computers
inside
of
it.
All
we
need
to
know
is
its
name
and
is
its
description,
which
can
also
be
null
that's
fine
to
have
a
group
with
just
a
name,
no
description.
So
that's
why
this
is
in
here
like
this.
B
If
you
don't
pass,
the
description
parameter,
get
signal
and
that's
totally
fine
for
this
particular
hash
table
here
and
it'll,
convert
it
to
Json.
We
send
it
up
and
we're
done
the
next
thing
that
we
do
is
we
get
that
group
right
back.
B
And
we
select
the
name
and
the
ID,
and
we
return
that
group
just
so
there's
less
data.
All
we
care
about
is
the
ID
of
the
group
and
the
name
of
the
group,
and
we
let
in
the
console.
We
let
you
know
that
hey
here's
there's
a
group,
it
just
got
created
after
that
we
start
adding
the
group
members,
and
this
is
where
we
start
to
get
all
of
the
members
of
the
group
out
of
SCCM
and
only
grab
their
names.
B
And
then
we
grab
the
grab
all
the
groups
and
get
the
ID
out
of
it
right
here.
B
And
then
we
Loop
all
of
those
computers
coming
in
from
SCCM,
and
then
we
check
that
it
is
in
Central
management.
So
basically
we
say:
hey
this
machine
from
SCCM
is
in
central
management.
Here
is
the
computer
IDE
of
that
machine?
We
add
it
to
a
collection.
Otherwise
we
say
this
machine
doesn't
report
into
Central
management,
I'm
not
going
to
worry
about
it,
and
then
this
is
the
the
required
body
for
updating
the
group
membership.
B
We
just
build
that
in
and
then
we
we
post
that
to
the
correct
API
and
this
solved
a
real
world
problem
for
them.
They've
got
this
running
in
some
sort
of
an
engine,
I
I,
don't
know
if
it's
just
running
like
using
nssm
the
non-sucking
service
manager,
if
they
like
just
made
a
Powershell
service
that
runs
this
script
or
if
they're,
using
task
scheduler
or
if
they've
got
some
other
system
that
runs
this
Powershell
code.
B
All
as
I
know
is
they've
got
this
coming
set
up
to
run
like
every
couple
hours
or
something
like
that,
and
their
sacm
collections
update
as
Central
management
updates.
The
software
on
the
machines
and
the
group
memberships
across
both
are
cap
and
check,
and
it's
been
running
for
quite
a
while
now
everything's
happy
as
new
versions
of
Google
Chrome
come
out.
The
deployment
runs
like
every
day
at
a
certain
time.
So
every
day,
Google
Chrome
is
getting
patched
across
a
couple
thousand
machines
and
nobody
lifts
a
finger
to
make
sure
it's
fine.
B
They
don't
have
to
do
anything
in
SCCM
anymore.
They
don't
have
to
do
anything
in
central
management
or
our
stuff
anymore.
It's
just
done
it's
automated
and
using
a
little
bit
of
invoke
rust
method
and
some
Powershell
help
solve
that
rather
painful
problem.
For
them
there
are
countless
other
ways
to
use
apis.
There
are
countless
other
products
out
there
that
have
apis
behind
them.
A
The
chat's
been
pretty
vigorous
and
a
lot
of
questions
have
been
answered
there
already
I,
don't
know
how
much
you're
able
to
keep
up
I
have
seen.
Zero
has
been
a
pretty
good
discussion
in
the
chat
good.
So
we'll
make
a
last
call
here.
Anybody
have
any
questions
or
scenarios
they
want
to
run
by
Stevie
that
maybe
need
a
little
more
explanation.
E
B
Yes,
a
lot
of
work
related
stuff,
but
hobby
related
stuff.
Most
definitely
one
of
the
biggest
ones
hobby
related
I've
done
was
the
Cloud
Smith
API,
which
is
another
repository
manager.
It's
just
100
cloud-based,
one
of
the
guys
that
well,
he
doesn't
work
there
anymore,
but
he
worked
there
during
the
time
he
wanted
some
help
with
the
API.
He
had
some
questions
so
I
asked
he
asked
me
I
answered
his
questions.
I
got
curious.
B
Two
days
later,
the
entire
API
had
been
turned
into
Powershell
and
it's
up
on
GitHub
and
Powerstroke
Gallery,
all
that
fun
stuff.
So
catch
me
on
a
Friday
night
and
ask
me
API
questions
because
by
Monday
morning,
I'll,
probably
just
do
it
for
you,
that's
it's
literally
a
drug
it
to
me.
It
really
is
rapping.
Apis
is
so
freaking
fun.
It's
like
a
giant
jigsaw
puzzle.
B
G
H
And
I
do
have
an
interesting
question
and
we
can
take
a
self
line
or
wait
till
after
the
meeting.
It
has
to
do
with
an
application
dot
net
application
where
there
isn't
an
official
API
but
I've,
looked
at
Google,
Chrome
and
I
can
see
what's
being
set
across.
I
can
invoke
rest
method
be
used
to
to
simulate
the
the
the
front.
The
front
end,
the
the
web,
the
web
page
talking
to
the
back
end
program.
B
So
see
if
I
can
actually
get
into
this
been
a
minute
since
I
logged
into
this
box,
so
I
hope
I
remember
what
the
credentials
are.
B
B
So
if
you
look
inside
of
our
web
UI
and
if
you
click
on
the
webview
on
the
API,
here's
our
Swagger
doc,
so
we've
got
a
lot
of
different
endpoints
in
here.
A
lot
about
software.
A
lot
about
web
logs
like
there's
some
cool
stuff
in
here.
But
if
you
look
at
the
actual
web
UI
and
we
go
to
reports
for
example-
and
you
say
a
deployment-
and
you
look
at
all
of
these-
we
have
these
buttons
here
for
export
to
PDF
and
Export
to
excel.
B
B
E
D
B
F
B
B
B
Yeah,
so
this
one
doesn't
really
have
anything
interesting
in
it,
but
what
this
one
does
is.
It's
then
calls
this
API
as
a
file,
and
then
you
can
download
it
so,
depending
on
what
Dev
tools
tells
you,
if
you
can
click
around
on
buttons
and
then
inspect
the
headers
of
whatever
happened,
you
should
be
able
to
get
the
request
URL
and
any
request.
Headers
that
came
along
with
it,
which
may
or
radar
include
a
body.
G
B
H
G
E
B
C
Yeah
I
think
I
think.
Typically
it's
it's
a
it's
a.
This
is
what
we
want
to
make
publicly
accessible,
but
also
that
that
may
be,
or
you
know,
maybe
we'll
get
it,
but
we
don't
need
it
right
now,
yeah,
and
so
you
know
it's
just
easier
to
put
it
all
together
into
epis
and
then
we
can
work
with
it
yeah,
but
then
long
term.
It's
this
thing
that
hey
whatever
we
want
to
do,
and
so,
when
you're,
just
hey
inspecting
some
of
that
and
then
hey
you're,
just
gonna
kind
of
test
with
it.
C
Well,
it
looks
like
he
he
put
in
like
hey.
I
can
get
success.
Value
I
can
get
all
these
values.
Maybe
it
won't
work.
If
you
only
put
success,
man
goes,
oh
nope,
you
need
these
three
options.
It
may
throw
errors
at
you,
so
you
just
need,
especially
if
it's
undocumented.
So
some
of
those
things
you
may
not
it's
a
lot
of
things
on
error,
yeah,
yeah,
you'll,.
A
Fuzz
it,
but
on
the
design
side
it
sounds
like
it
sounds
like
maybe
you
guys
said
something
like
this
is
not
a
typical
function,
that
someone
would
do
programmatically,
there's
a
there's,
a
UI
element
to
do
this
interactively.
So
we
don't
need
to
document
it
in
the
code
exactly
it's
there
for
us,
because
we
might
need
to
use
it,
but
the
general
purpose,
and
once
you
go
through
the
interactive
GUI,
not
right
right
and.
H
And
I
I
asked
that
I
asked
the
people
who
administer
if
there
is
an
API
and
they
said
no
I'm
thinking.
A
Now,
let's
dive
into
what
Mark
is
doing
with
the
prison
system
in
California
and
that.
C
Sounds
more
interesting
advice
to
be
on
some
site,
but
I
think
that
the
point
being
is
like
you
know,
I.
We
I
played
with
this
with
Jermaine
for
a
while
ago
and
interfacing
with
some
Citrix
stuff,
and
they
give
you
an
like
a
GUI
to
do
it.
But
there's
no,
you
know
you
look
in
their
API
documentation
and
it's
just
generic
like
hey,
give
me
a
report,
but
then
how
to
generate
all
that
stuff.
C
It's
all
built
into
I,
had
to
use
the
GUI
to
give
me
what
all
that
happened,
use,
developer
tools
and
then,
at
that
point,
hey
I
can
get
this
one.
Well,
then
we
basically
parse
the
rest
of
it
to
going
well.
I
can
use
this
other
API
you'll
get
me
the
users.
I
can
use
this
to
give
me
time.
I
get
this
to
give
you
the
time
and
then
generate
reports
as
as
we
need
them,
and
so
dynamically
keep
asking
for.
They'll
only
give
you
report
for
every
90
days.
C
Well,
then,
do
some
magic,
I'll,
just
count
I'll
just
give
me
15
reports
over
the
next
90
days
for
the
past
three
years
and
then
did
just
magically.
You
know
like
magically,
but
let
Powershell
do
the
work
for
you
and
just
let
it
Loop
through
every
90
days
over
the
past.
You
know
three
years
and
there's
your
you
know.
15
sets
of
reports
yeah.
F
B
A
Just
want
to
give
a
quick
little
shout
out
here:
Ryan
Richter
wrote
something
very
prophetic
in
the
chat
which
basically
says
some
things
don't
get
documented
because
you
can
do
it,
but
it
doesn't
necessarily
have
any
guy
guard
rails,
and
so
they
don't
really
want
to
make
it
easy
for
people
to
do,
because
you
can
get
yourself
into
a
lot
of
trouble,
and
so
that
makes
sense
to.
C
It's
like
yeah
they're,
happy
to
give
you
the
report
whenever
you
ask
for
it,
but
we'll
give
it
to
you
in
90
the
increments,
but
then
I
gotta
go
back
to
to
this
API
again
or
this
this
UI
again
and
go
through
that,
and
do
this
gooey
kind
of
thing
like
I,
don't
want
to
do
that!
I
want
to
get
15
set
of
reports
over
the
past
three
months,
like
I
want
Anna
to
do
it
at
scale
for
3
000
users.
It's.
E
F
A
If
you're
watching
this
at
home,
don't
forget
to
check
out
our
YouTube
channel,
we
have
plenty
of
other
videos
and
if
you
want
to
come
and
join
us
in
person,
you
can
hit
us
up
at
rtp7.com.
I'll
find
this
on
Meetup
and
you
get
to
ask
the
questions
of
our
presenters
want
to
say
thank
you
to
Stevie
coaster,
2400
miles
in
the
snow
to
get
here.
Thank
you
very
much,
leaving
I'll
fill
both
ways
and
so
we're
going
to
say
goodnight
to
everybody
at
home.
Here
we
gotta
hang
out
and
chat
a
little
bit
longer.