0
0
Flaskframework~10 mins

API key authentication concept in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - API key authentication concept
Client sends request with API key
Server receives request
Extract API key from headers
Check if API key is valid?
NoReject request with 401
Yes
Process request and send response
The server checks the API key sent by the client in the request headers. If valid, it processes the request; otherwise, it rejects it.
Execution Sample
Flask
from flask import Flask, request, jsonify
app = Flask(__name__)
API_KEYS = {"abc123"}

@app.route('/data')
def data():
    key = request.headers.get('X-API-KEY')
    if key in API_KEYS:
        return jsonify({"message": "Access granted"})
    return jsonify({"error": "Unauthorized"}), 401
A Flask route that checks for a valid API key in the request headers and returns access or error.
Execution Table
StepActionAPI Key ExtractedAPI Key Valid?Response
1Client sends request with header X-API-KEY='abc123'abc123YesAccess granted (200)
2Client sends request with header X-API-KEY='wrongkey'wrongkeyNoUnauthorized (401)
3Client sends request without X-API-KEY headerNoneNoUnauthorized (401)
💡 Requests without valid API key are rejected with 401 Unauthorized.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3
keyNoneabc123wrongkeyNone
API_KEYS{'abc123'}{'abc123'}{'abc123'}{'abc123'}
Key Moments - 2 Insights
Why does the server reject the request if the API key is missing?
Because the extracted API key is None (see execution_table step 3), which is not in the set of valid API keys, so the server returns 401 Unauthorized.
What happens if the API key is incorrect but present?
The server checks the key against the valid keys (execution_table step 2). Since it is not found, the server rejects the request with 401 Unauthorized.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the response when the API key is 'abc123'?
AUnauthorized (401)
BAccess granted (200)
CServer error (500)
DNo response
💡 Hint
Check the row where API Key Extracted is 'abc123' in the execution_table.
At which step does the API key extracted become None?
AStep 3
BStep 1
CStep 2
DNever
💡 Hint
Look at the 'API Key Extracted' column in the execution_table.
If we add another valid key 'xyz789' to API_KEYS, what would happen at step 2 if the client sends 'xyz789'?
AResponse would be Unauthorized (401)
BServer would crash
CResponse would be Access granted (200)
DNo change in response
💡 Hint
Refer to variable_tracker and execution_table logic for key validation.
Concept Snapshot
API key authentication in Flask:
- Client sends API key in request header (e.g., 'X-API-KEY')
- Server extracts key from headers
- Server checks if key is in allowed keys set
- If valid, process request; else return 401 Unauthorized
- Simple, secure way to control API access
Full Transcript
This example shows how a Flask server uses API key authentication. The client includes an API key in the request header named 'X-API-KEY'. The server extracts this key and checks if it is in a set of valid keys. If the key matches, the server returns a success message. If the key is missing or incorrect, the server returns a 401 Unauthorized error. This method helps protect API endpoints by allowing only clients with valid keys to access them.