0
0
Flaskframework~20 mins

API key authentication concept in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
API Key Authentication Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output when a valid API key is provided?

Consider this Flask route that checks for an API key in the request headers. What will the response be if the correct API key is sent?

Flask
from flask import Flask, request, jsonify
app = Flask(__name__)

API_KEY = 'secret123'

@app.route('/data')
def data():
    key = request.headers.get('X-API-KEY')
    if key == API_KEY:
        return jsonify({'message': 'Access granted'})
    else:
        return jsonify({'message': 'Access denied'}), 401
A{"message": "Access granted"}
B{"message": "Access denied"}
C500 Internal Server Error
D404 Not Found
Attempts:
2 left
💡 Hint

Check what happens when the header X-API-KEY matches the API_KEY variable.

📝 Syntax
intermediate
1:30remaining
Which option correctly extracts the API key from request headers?

In Flask, which code snippet correctly retrieves the API key from the request headers?

Akey = request.headers.get('X-API-KEY')
Bkey = request.get_header('X-API-KEY')
Ckey = request.headers['x-api-key']
Dkey = request.header('X-API-KEY')
Attempts:
2 left
💡 Hint

Remember the correct attribute name for headers in Flask's request object.

🔧 Debug
advanced
2:30remaining
Why does this API key check always deny access?

Look at this Flask route code. Why does it always return 'Access denied' even when the correct API key is sent?

Flask
from flask import Flask, request, jsonify
app = Flask(__name__)

API_KEY = 'secret123'

@app.route('/secure')
def secure():
    key = request.headers.get('X-API-KEY')
    if key is API_KEY:
        return jsonify({'message': 'Access granted'})
    else:
        return jsonify({'message': 'Access denied'}), 401
AThe header name 'X-API-KEY' is incorrect and should be lowercase.
BUsing 'is' compares object identity, not string equality, causing the check to fail.
CThe API_KEY variable is not defined in the route function scope.
DFlask requires API keys to be passed as query parameters, not headers.
Attempts:
2 left
💡 Hint

Consider how Python compares strings with 'is' vs '=='.

state_output
advanced
1:30remaining
What is the response status code when no API key is provided?

Given this Flask route, what HTTP status code will the client receive if the request does not include the 'X-API-KEY' header?

Flask
from flask import Flask, request, jsonify
app = Flask(__name__)

API_KEY = 'secret123'

@app.route('/info')
def info():
    key = request.headers.get('X-API-KEY')
    if key == API_KEY:
        return jsonify({'data': 'Here is your info'})
    else:
        return jsonify({'error': 'API key missing or invalid'}), 401
A200
B403
C401
D400
Attempts:
2 left
💡 Hint

Check the status code returned when the API key check fails.

🧠 Conceptual
expert
3:00remaining
Why is API key authentication considered less secure than OAuth?

Choose the best explanation why API key authentication is generally less secure than OAuth for protecting APIs.

AAPI keys encrypt the entire request, while OAuth only encrypts the headers.
BAPI keys require complex token exchanges which slow down the API response time.
COAuth does not support token expiration, so API keys are preferred for security.
DAPI keys are static and sent with every request, making them easier to steal and reuse.
Attempts:
2 left
💡 Hint

Think about how API keys and OAuth tokens are handled and their security features.