Rest APIprogramming~30 mins

Why API security is non-negotiable in Rest API - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why API security is non-negotiable

📖 Scenario: You are building a simple REST API for a small online store. The API handles product information and customer orders. Since this API will be used by many clients, it is very important to keep it secure to protect sensitive data and prevent misuse.

🎯 Goal: Learn why API security is essential by creating a simple API with a security check that only allows authorized users to access product data.

📋 What You'll Learn

Create a dictionary called products with exact product names and prices

Create a variable called authorized_users with a list of allowed usernames

Write a function called get_product_price that takes username and product_name and returns the price only if the user is authorized

Print the price of a product for a given authorized user and an unauthorized user to show the security check

💡 Why This Matters

🌍 Real World

APIs are everywhere, and securing them protects user data and business resources from hackers and misuse.

💼 Career

Understanding API security is essential for backend developers, security engineers, and anyone building or maintaining web services.

Progress0 / 4 steps

DATA SETUP: Create the product data

Create a dictionary called products with these exact entries: 'Laptop': 1200, 'Smartphone': 800, 'Tablet': 400

Rest API

# Create the products dictionary with exact product names and prices
# Your code here

Need a hint?

Use curly braces {} to create a dictionary with keys as product names and values as prices.

CONFIGURATION: Define authorized users

Create a list called authorized_users with these exact usernames: 'alice', 'bob'

Rest API

products = {'Laptop': 1200, 'Smartphone': 800, 'Tablet': 400}
# Create the authorized_users list with exact usernames
# Your code here

Need a hint?

Use square brackets [] to create a list of usernames.

CORE LOGIC: Write a function to check authorization and get price

Write a function called get_product_price that takes username and product_name. It should return the product price from products only if username is in authorized_users. Otherwise, return the string 'Access denied'.

Rest API

def get_product_price(username, product_name):
    if username in authorized_users:
        return products.get(product_name, 'Product not found')
    else:
        return 'Access denied'
# Print the price for an authorized user and an unauthorized user

Need a hint?

Use an if statement to check if the username is authorized. Use products.get() to safely get the price.

OUTPUT: Test the function with authorized and unauthorized users

Print the result of get_product_price('alice', 'Laptop') and get_product_price('eve', 'Laptop') to show the security check in action.

Rest API

Need a hint?

Use two print() statements to show the price for 'alice' and the denial for 'eve'.