Anvil: Web Apps with Nothing but Python Transcripts
Chapter: Adding APIs and HTTP Endpoints
Lecture: Getting the API key

Learn more about this course
Login or purchase this course to watch this video and the rest of the course contents.
0:00 Time to implement our authorize method. This one won't be too tricky. What we're going to do is we're first going to get the body.
0:07 We expect them to pass the username and password in as a JSON post over here. So we're going to get the data back
0:16 from the anvil.server.request.body_json. APIs need tons of validation and checks. Maybe they didn't paste some sort of body in, right
0:28 and maybe they didn't post that to us. Maybe it's just empty or it was some other kind. It can be parsed or whatever. We have to say that if not data
0:36 we need to give them some kind of error. In APIs, you typically return some kind of status code. HTTP Statuses, this place is great.
0:46 So it shows you all the different status codes you're meant to return. And the one we want if they send in bad data is to tell them
0:53 Hey, you should have sent in some more data. So like malformed or invalid stuff. But we can send over, we'll send this back.
1:02 Now how do we do that in Anvil? Well we're going to return in anvil.server.HttpResponse and what we can put in here
1:10 is the status code 400 and a message. All right, so we're going to do that first and we can actually go ahead and test this
1:18 because we're not going to be able to submit that over where we had before. So if we pull this back up and we try to go to authorize
1:29 we hit it, we should see the status message is this and if we inspect element and look at the request. So there you see, we're getting 400 bad request.
1:38 Okay, so this is exactly what we want. We'll see that we can no longer use our browser to test this, which is fine.
1:45 We'll find another way to do that in just a minute. But let's finish writing it so we can test it.
1:49 The next thing we expect is that they submitted email and remember this is a Python dictionary. So we're going to be able to just call it get email
1:57 and None as an option is probably fine. We also want password = data.get('password'). And then we're going to do some validation here.
2:09 Right, so now we're checking is this data that we expected properly supplied. Finally, we have our data. We can try to log in.
2:17 So we can do what I was attempting at before. We can say anvil.users.login_with_email. Okay, so we're going to say email, password
2:29 and finally maybe they had passed this information in but it was wrong. So if we don't get a user we want to return another status code.
2:37 But this time, we want to return some kind of authorization one like, "We're not going to let you process this," or 403 or something like that.
2:50 Something like 403 invalid login. Okay and let's at the end, we'll just return "You made it," something like that. Just to see that things are working.
2:59 Then we're going to figure out actually how to deal with this API key. If we were to try to request this again
3:04 remember we're just not going to make it past this section because we must do a POST with a JSON body. And while you can technically make the browser
3:13 do this with some plugins or something I'm sure there's better tools for it. So let's actually drop out of super full screen mode here
3:20 and look at another tool called Postman. Postman is a free tool. It has a paid tier but you can use it for free.
3:27 This allows you to build much richer requests. So let's go over here, go back to our URL that we need.
3:35 We're going to add over here a post request to that. Let's just hit send and see what happens. What is the response we got?
3:44 You must submit a JSON body 400 bad request. Okay, that's fine because we can come over to the body and say it's raw and we can start typing in here.
3:58 Notice that, we can even switch it to JSON it auto completes the brackets, things like that. So we can say the email is michael@talkpython.fm
4:06 and I'm ready to reveal my password to you. It's the same thing. It doesn't really matter, right. We can do whatever.
4:15 It's just a simple little site, it's not really my log in. This actually, let's check that the log in doesn't work.
4:21 How about even better, we'll check that if we don't have this data that we're validating that, hey, you must have the password. So let's send it again.
4:28 The response should be slightly different. Oh an exception was raised. That doesn't seem so good, does it?
4:38 Let's go back to our app logs and see what happened. Oh, it's because I can't write JSON. Of course, that should probably be coming back
4:47 as a 400 bad request but this is deep down inside of Anvil, so it is what it is. I always do this when I work with JSON.
4:54 These have to be double quotes. I think I maybe made a joke about that earlier but there we go. Let's try again. Email and password are required.
5:02 So again, 400 bad request but a new message. And now if we put password, but this time an invalid one
5:10 it should not log me in. I keep breaking this thing. What's going on with it? Oh incorrect email or password. I guess we got to catch that differently.
5:28 So where was I doing this? Here, we can say. Here we go, either one of those should be appropriate. Now finally, let's try.
5:45 Here we go, invalid login, again. Okay, so that was the 403 we expected. Finally, let's get us all the way through this and see where we are.
5:52 This should say some kind of message like Hey you made it. Ta-da! Alright, a little bit of dialing in
5:59 a little bit of tweaking on the way we were processing this. Now we're good. We've done all the validation that I think we need to do
6:05 and we've passed over the information. And finally, we've logged in. The last thing we need to send back is our API key.
6:11 We'll deal with that in a minute. But once we get that done this authorize bit will be finished.


Talk Python's Mastodon Michael Kennedy's Mastodon