0
0
Rest APIprogramming~20 mins

API key authentication in Rest API - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
API Key Authentication Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this API key check code?

Consider this Python Flask code snippet that checks an API key sent in the request headers. What will be the HTTP status code returned if the client sends the header API-Key: 12345?

Rest API
from flask import Flask, request, jsonify
app = Flask(__name__)

VALID_API_KEY = 'abcde'

@app.route('/data')
def data():
    api_key = request.headers.get('API-Key')
    if api_key != VALID_API_KEY:
        return jsonify({'error': 'Unauthorized'}), 401
    return jsonify({'data': 'Secret data'})

# Assume client sends header API-Key: 12345
A401 with JSON {'error': 'Unauthorized'}
B200 with JSON {'data': 'Secret data'}
C500 Internal Server Error
D404 Not Found
Attempts:
2 left
💡 Hint

Check if the API key sent matches the valid key.

🧠 Conceptual
intermediate
1:00remaining
Which header is commonly used to send API keys?

When authenticating API requests using API keys, which HTTP header is most commonly used to send the API key?

AAccept
BAuthorization
CUser-Agent
DContent-Type
Attempts:
2 left
💡 Hint

Think about the header used for credentials.

🔧 Debug
advanced
2:00remaining
What error does this API key validation code raise?

Look at this JavaScript Express middleware that checks for an API key. What error will occur when a request without the api_key query parameter is sent?

Rest API
function checkApiKey(req, res, next) {
  if (req.query.api_key.length !== 10) {
    return res.status(401).send('Invalid API key');
  }
  next();
}

// Middleware used in Express app
ANo error, passes middleware
B401 response with 'Invalid API key'
CTypeError: Cannot read property 'length' of undefined
DSyntaxError: Unexpected token
Attempts:
2 left
💡 Hint

What happens if req.query.api_key is missing?

📝 Syntax
advanced
1:30remaining
Which option correctly extracts API key from a Bearer token header?

Given the HTTP header Authorization: Bearer abc123xyz, which JavaScript code correctly extracts the API key abc123xyz?

Rest API
const authHeader = req.headers['authorization'];
Aconst apiKey = authHeader.slice(7);
Bconst apiKey = authHeader.replace('Bearer', '');
Cconst apiKey = authHeader.substring(7);
Dconst apiKey = authHeader.split(' ')[1];
Attempts:
2 left
💡 Hint

Remember the space after 'Bearer' in the header value.

🚀 Application
expert
2:30remaining
How many items are in the API key store after these operations?

Consider this Python code that manages API keys in a dictionary. How many keys remain after running all lines?

Rest API
api_keys = {'user1': 'key123', 'user2': 'key456', 'user3': 'key789'}

# Remove user2's key
api_keys.pop('user2')

# Add a new key for user4
api_keys['user4'] = 'key000'

# Update user1's key
api_keys['user1'] = 'key321'

# Remove a non-existing user5 key safely
api_keys.pop('user5', None)
A3
B4
C2
D5
Attempts:
2 left
💡 Hint

Count keys after each operation carefully.