0
0
FastAPIframework~20 mins

Why API security is critical in FastAPI - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
API Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why protect API endpoints?
Why is it important to secure API endpoints in a FastAPI application?
ATo prevent unauthorized users from accessing sensitive data or actions
BTo make the API run faster by limiting the number of requests
CTo allow anyone to freely use the API without restrictions
DTo reduce the size of the API codebase
Attempts:
2 left
💡 Hint
Think about what could happen if anyone could call your API without checks.
component_behavior
intermediate
2:00remaining
Effect of missing authentication in FastAPI
What happens if you create a FastAPI endpoint without any authentication or authorization checks?
FastAPI
from fastapi import FastAPI

app = FastAPI()

@app.get('/data')
async def get_data():
    return {'secret': 'value'}
AThe endpoint will be hidden from all users
BOnly logged-in users can access the '/data' endpoint
CAnyone can access the '/data' endpoint and get the secret value
DThe endpoint will raise an error when called
Attempts:
2 left
💡 Hint
Check if there is any code that restricts access.
state_output
advanced
2:00remaining
Result of missing rate limiting in FastAPI
What is a likely consequence of not implementing rate limiting on a FastAPI API?
AUsers will be forced to authenticate before making requests
BThe API may become overwhelmed by too many requests, causing slowdowns or crashes
CThe API will automatically block all requests after a certain number
DThe API will reject all requests from unknown IP addresses
Attempts:
2 left
💡 Hint
Think about what happens if too many people use the API at once.
📝 Syntax
advanced
2:00remaining
Correct way to add API key security in FastAPI
Which code snippet correctly adds an API key header check to a FastAPI endpoint?
A
from fastapi import FastAPI

app = FastAPI()

@app.get('/secure')
async def secure_endpoint():
    return {'message': 'Access granted'}
B
from fastapi import FastAPI

app = FastAPI()

@app.get('/secure')
async def secure_endpoint(api_key):
    if api_key != 'secret123':
        return {'error': 'Invalid API Key'}
    return {'message': 'Access granted'}
C
from fastapi import FastAPI, Depends

app = FastAPI()

@app.get('/secure')
async def secure_endpoint(api_key: str):
    if api_key == 'secret123':
        return {'message': 'Access granted'}
    else:
        raise Exception('Invalid API Key')
D
from fastapi import FastAPI, Header, HTTPException

app = FastAPI()

@app.get('/secure')
async def secure_endpoint(x_api_key: str = Header(...)):
    if x_api_key != 'secret123':
        raise HTTPException(status_code=401, detail='Invalid API Key')
    return {'message': 'Access granted'}
Attempts:
2 left
💡 Hint
Look for proper use of Header and raising HTTPException for unauthorized access.
🔧 Debug
expert
3:00remaining
Identify the security flaw in this FastAPI code
What is the main security flaw in this FastAPI code snippet?
FastAPI
from fastapi import FastAPI, Depends, HTTPException, Header

app = FastAPI()

async def verify_token(token: str = Header(None)):
    if token != 'validtoken':
        raise HTTPException(status_code=401, detail='Invalid token')

@app.get('/items/')
async def read_items(token: str = Depends(verify_token)):
    return {'items': ['apple', 'banana']}
AThe verify_token function does not extract the token from headers, so token is always missing
BThe token is properly checked, so there is no security flaw
CThe endpoint does not return any data
DThe HTTPException status code should be 403 instead of 401
Attempts:
2 left
💡 Hint
Check how the token parameter is passed to verify_token.