Bird
Raised Fist0
Prompt Engineering / GenAIml~20 mins

API key management in Prompt Engineering / GenAI - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepModelTryChallengeExperimentRecallMetrics

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
API Key Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Why is it important to rotate API keys regularly?

Imagine you have an API key that allows access to a machine learning service. Why should you change (rotate) this key regularly?

ATo increase the speed of API responses.
BTo prevent unauthorized access if the key is leaked or stolen.
CTo reduce the cost of using the API service.
DTo make the API key longer and more complex.
Attempts:
2 left
💡 Hint

Think about what happens if someone else gets your key.

Predict Output
intermediate
2:00remaining
What is the output of this API key validation code?

Consider this Python code that checks if an API key is valid by length and prefix:

def is_valid_key(key):
    return key.startswith('sk-') and len(key) == 32

print(is_valid_key('sk-12345678901234567890123456789'))
print(is_valid_key('pk-12345678901234567890123456789'))
print(is_valid_key('sk-12345'))

What will be printed?

A
True
False
False
B
False
False
False
C
True
True
False
D
True
False
True
Attempts:
2 left
💡 Hint

Check the prefix and length conditions carefully.

Model Choice
advanced
2:00remaining
Which API key storage method is safest for a deployed ML model?

You deployed a machine learning model that calls an external API. Which method is safest to store the API key?

AHardcoding the API key directly in the model's source code.
BEmbedding the API key in client-side JavaScript code.
CStoring the API key in environment variables on the server.
DSaving the API key in a public GitHub repository.
Attempts:
2 left
💡 Hint

Think about who can access the stored key in each method.

Hyperparameter
advanced
1:30remaining
What is the effect of setting a very short API key expiration time?

Some API keys can be set to expire quickly (e.g., every 5 minutes). What is a likely effect of this setting?

AHas no effect on security or service availability.
BReduces security because keys are reused more often.
CIncreases API call speed by caching keys longer.
DImproves security by limiting key lifetime but may cause frequent service interruptions.
Attempts:
2 left
💡 Hint

Think about trade-offs between security and usability.

🔧 Debug
expert
2:30remaining
Why does this API key check always fail?

Look at this Python code snippet that should check if an API key is valid:

def check_key(key):
    if key == 'sk-1234567890abcdef1234567890abcdef':
        return True
    else:
        return False

print(check_key('sk-1234567890abcdef1234567890abcdef '))

Why does the function return False even though the printed key looks the same?

AThe input key has a trailing space, so it does not exactly match the stored key.
BThe function uses '==' which cannot compare strings correctly.
CThe print statement modifies the key before checking.
DThe stored key is missing a character at the end.
Attempts:
2 left
💡 Hint

Check for invisible characters like spaces.

Practice

(1/5)
1. What is the main purpose of an API key in AI services?
easy
A. To improve AI model accuracy
B. To speed up the AI model training
C. To store user data securely
D. To control who can access the AI service

Solution

  1. Step 1: Understand API key role

    An API key acts like a password to allow access to AI services.

  2. Step 2: Identify main purpose

    It controls who can use the service by authenticating requests.

  3. Final Answer:

    To control who can access the AI service -> Option D

  4. Quick Check:

    API key = Access control [OK]
Hint: API keys are like secret passwords for access [OK]
Common Mistakes:
  • Thinking API keys improve model accuracy
  • Confusing API keys with data storage
  • Believing API keys speed up training
2. Which of the following is the correct way to include an API key in a request header?
easy
A. Authorization: Bearer YOUR_API_KEY
B. API-Key: YOUR_API_KEY
C. Key: YOUR_API_KEY
D. Token: YOUR_API_KEY

Solution

  1. Step 1: Recall standard header format

    The common standard is to use 'Authorization' with 'Bearer' followed by the API key.

  2. Step 2: Match correct header syntax

    Authorization: Bearer YOUR_API_KEY matches this standard format exactly.

  3. Final Answer:

    Authorization: Bearer YOUR_API_KEY -> Option A

  4. Quick Check:

    Authorization header uses Bearer token [OK]
Hint: Use 'Authorization: Bearer' for API keys in headers [OK]
Common Mistakes:
  • Using incorrect header names like 'Key' or 'Token'
  • Omitting 'Bearer' keyword
  • Placing API key in URL instead of header
3. Consider this Python code snippet using an API key: 
import requests
headers = {"Authorization": "Bearer abc123"}
response = requests.get("https://api.example.com/data", headers=headers)
print(response.status_code)
What will this code print if the API key is valid and the request succeeds?
medium
A. 401
B. 200
C. 404
D. 500

Solution

  1. Step 1: Understand HTTP status codes

    200 means success, 401 means unauthorized, 404 means not found, 500 means server error.

  2. Step 2: Analyze code behavior with valid key

    With a valid API key, the request should succeed and return status code 200.

  3. Final Answer:

    200 -> Option B

  4. Quick Check:

    Valid key + successful request = 200 [OK]
Hint: 200 means success, 401 means unauthorized [OK]
Common Mistakes:
  • Confusing 401 unauthorized with success
  • Assuming 404 means invalid key
  • Thinking 500 is related to API key
4. You have this code snippet to send a request with an API key: 
headers = {"Authorization": "Bearer " + api_key}
response = requests.get(url, headers=headers)
But you get a 401 Unauthorized error. What is the most likely cause?
medium
A. The requests library is not imported
B. The URL is misspelled
C. The API key variable is empty or incorrect
D. The server is down

Solution

  1. Step 1: Understand 401 error meaning

    401 Unauthorized means the server rejected the request due to bad or missing credentials.

  2. Step 2: Identify cause related to API key

    If the API key variable is empty or wrong, the Authorization header is invalid, causing 401.

  3. Final Answer:

    The API key variable is empty or incorrect -> Option C

  4. Quick Check:

    401 error = invalid credentials [OK]
Hint: 401 means check your API key value first [OK]
Common Mistakes:
  • Blaming URL spelling for 401 error
  • Ignoring missing import errors
  • Assuming server down causes 401
5. You want to improve security by rotating your API keys regularly. Which approach is best to avoid service interruption?
hard
A. Create a new key, update your app to use it, then delete the old key
B. Delete the old key first, then create a new key
C. Use the same key forever without changes
D. Share your API key publicly to get feedback

Solution

  1. Step 1: Understand key rotation process

    To avoid downtime, keep old key active until new key is working.

  2. Step 2: Choose safe rotation order

    Create new key, update app, confirm it works, then delete old key.

  3. Final Answer:

    Create a new key, update your app to use it, then delete the old key -> Option A

  4. Quick Check:

    Rotate keys safely by overlapping usage [OK]
Hint: Add new key before deleting old one [OK]
Common Mistakes:
  • Deleting old key before new key is ready
  • Never rotating keys at all
  • Sharing keys publicly