FastAPIframework~30 mins

Why API security is critical in FastAPI - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Why API security is critical

📖 Scenario: You are building a simple FastAPI application that exposes an API endpoint for users to get their profile information. Since this API will be accessed over the internet, it is important to secure it so only authorized users can get their data.

🎯 Goal: Build a FastAPI app with a protected API endpoint that requires a simple API key for access. This will show why API security is critical to prevent unauthorized access.

📋 What You'll Learn

Create a FastAPI app instance

Add a variable to store a secret API key

Create an endpoint /profile that checks the API key in request headers

Return user profile data only if the API key matches

Return an error response if the API key is missing or wrong

💡 Why This Matters

🌍 Real World

APIs are often exposed to the internet and can be attacked or misused. Securing APIs with keys or tokens ensures only authorized users can access sensitive data or actions.

💼 Career

Understanding API security basics is essential for backend developers, API designers, and anyone working with web services to protect user data and maintain trust.

Progress0 / 4 steps

Create FastAPI app instance

Create a FastAPI app instance called app by importing FastAPI from fastapi and calling FastAPI().

FastAPI

from fastapi import FastAPI

# Create FastAPI app instance
# Your code here

Need a hint?

Use from fastapi import FastAPI and then app = FastAPI().

Add secret API key variable

Add a variable called API_KEY and set it to the string "secret123".

FastAPI

from fastapi import FastAPI

app = FastAPI()

# Add secret API key variable
# Your code here

Need a hint?

Just create a variable API_KEY and assign it the string "secret123".

Create protected /profile endpoint

Create a GET endpoint /profile using @app.get("/profile"). Inside the function get_profile, accept a parameter api_key from the request header using Header from fastapi. Check if api_key equals API_KEY. If yes, return a dictionary with {"user": "Alice", "email": "alice@example.com"}. If not, raise HTTPException with status code 401 and detail "Unauthorized". Remember to import Header and HTTPException from fastapi.

FastAPI

from fastapi import FastAPI

app = FastAPI()

API_KEY = "secret123"

# Create GET /profile endpoint with API key header check
# Your code here

Need a hint?

Use @app.get("/profile") and a function with api_key from headers. Compare it to API_KEY and raise HTTPException if it does not match.

Complete app with security check

Ensure the full code includes imports for FastAPI, Header, and HTTPException, the app instance, the API_KEY variable, and the /profile endpoint with the API key check as described.

FastAPI

from fastapi import FastAPI, Header, HTTPException

app = FastAPI()

API_KEY = "secret123"

@app.get("/profile")
async def get_profile(api_key: str | None = Header(default=None)):
    if api_key == API_KEY:
        return {"user": "Alice", "email": "alice@example.com"}
    else:
        raise HTTPException(status_code=401, detail="Unauthorized")

# Finalize the app code
# Your code here

Need a hint?

Make sure all parts are included and the code matches the previous step's solution.