From the course: Programming Foundations: APIs and Web Services
Unlock this course with a free trial
Join today to access over 24,700 courses taught by industry experts.
Solution: Secure an API - Python Tutorial
From the course: Programming Foundations: APIs and Web Services
Solution: Secure an API
(upbeat music) - Let me show you how I solved this challenge. The previous todo API was unprotected. Right now, it simply returns todo data without authentication. Anyone can access todos without restrictions. I fixed that by requiring an API key. Here, on line six, the first step is to define the API key. In a real app, you would not hard-code your API key, but it's fine to do it here for testing. So now we have our API key. It is mysecureapikey123. You can generate any random alphanumeric string. Scroll down to line 17. I've added this new function, check_api_key. The first line here on line 18, it's specifically looking for the X-API-Key in the request header. If that key is not found or it does not equal the API_KEY, remember that API_KEY is shown up here, mysecureapikey123. If it does not match that API key, line 20 shows we're going to return an error. It's unauthorized and the status code will be 403 and that's it. That's all we needed to do to protect the API. Now, users must…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.