Flaskframework~30 mins

API key authentication concept in Flask - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

API Key Authentication Concept with Flask

📖 Scenario: You are building a simple Flask web API that only allows access to users who provide a valid API key. This is like having a secret password that clients must send with their requests to use your service.

🎯 Goal: Create a Flask app that checks for an API key in the request headers and only allows access if the key matches a predefined secret key.

📋 What You'll Learn

Create a Flask app instance named app

Define a secret API key variable called API_KEY with the value '12345'

Create a route /data that returns JSON data only if the request has the correct API key in the Authorization header

Return a 401 Unauthorized response if the API key is missing or incorrect

💡 Why This Matters

🌍 Real World

API key authentication is a simple way to protect web APIs so only authorized clients can use them. Many services use this method to control access.

💼 Career

Understanding API key authentication is important for backend developers and anyone building or consuming web APIs. It is a common security practice in software development jobs.

Progress0 / 4 steps

Set up Flask app and secret API key

Import Flask and jsonify from flask. Create a Flask app instance called app. Define a variable API_KEY and set it to the string '12345'.

Flask

from flask import Flask, jsonify

# Create Flask app instance
# Define API_KEY variable
# Your code here

Need a hint?

Use app = Flask(__name__) to create the app. Set API_KEY exactly to '12345'.

Create a route to serve data

Add a route decorator @app.route('/data') to define a function called get_data that returns a JSON response with {'message': 'Here is your data'}.

Flask

from flask import Flask, jsonify

app = Flask(__name__)

API_KEY = '12345'

# Define /data route
# Your code here

Need a hint?

Use @app.route('/data') above the function get_data. Return the JSON using jsonify.

Check API key in request headers

Import request from flask. Inside get_data, get the Authorization header from request.headers and store it in a variable called api_key. If api_key is not equal to API_KEY, return a JSON response with {'error': 'Unauthorized'} and status code 401.

Flask

from flask import Flask, jsonify, request

app = Flask(__name__)

API_KEY = '12345'

@app.route('/data')
def get_data():
    # Get API key from Authorization header
    # Check if API key matches
    # Return 401 JSON response if not authorized
    # Your code here

Need a hint?

Use request.headers.get('Authorization') to get the API key. Compare it to API_KEY. Return 401 with JSON error if it does not match.

Run the Flask app

Add the standard Flask app runner code: if __name__ == '__main__': and inside it call app.run(debug=True).

Flask

from flask import Flask, jsonify, request

app = Flask(__name__)

API_KEY = '12345'

@app.route('/data')
def get_data():
    api_key = request.headers.get('Authorization')
    if api_key != API_KEY:
        return jsonify({'error': 'Unauthorized'}), 401
    return jsonify({'message': 'Here is your data'})

# Add app runner code below
# Your code here

Need a hint?

Use the standard Python check if __name__ == '__main__': and call app.run(debug=True) inside it.