Anvil: Web apps with nothing but Python Transcripts
Chapter: Adding APIs and HTTP Endpoints
Lecture: Getting the API key
0:00 Time to implement our authorize method.
0:02 This one won't be too tricky.
0:04 What we're going to do is we're first going to get the body.
0:06 We expect them to pass the username and password
0:09 in as a JSON post over here.
0:13 So we're going to get the data back
0:15 from the anvil.server.request.body_json.
0:21 APIs need tons of validation and checks.
0:25 Maybe they didn't paste some sort of body in, right
0:27 and maybe they didn't post that to us.
0:29 Maybe it's just empty or it was some other kind.
0:31 It can be parsed or whatever.
0:33 We have to say that if not data
0:35 we need to give them some kind of error.
0:38 In APIs, you typically return some kind of status code.
0:42 HTTP Statuses, this place is great.
0:45 So it shows you all the different status codes
0:47 you're meant to return.
0:48 And the one we want if they send in bad data
0:51 is to tell them
0:52 Hey, you should have sent in some more data.
0:55 So like malformed or invalid stuff.
0:59 But we can send over, we'll send this back.
1:01 Now how do we do that in Anvil?
1:03 Well we're going to return in anvil.server.HttpResponse
1:08 and what we can put in here
1:09 is the status code 400 and a message.
1:13 All right, so we're going to do that first
1:15 and we can actually go ahead and test this
1:17 because we're not going to be able to submit
1:19 that over where we had before.
1:21 So if we pull this back up and we try to go to authorize
1:28 we hit it, we should see the status message is this
1:31 and if we inspect element and look at the request.
1:34 So there you see, we're getting 400 bad request.
1:37 Okay, so this is exactly what we want.
1:39 We'll see that we can no longer use our browser
1:42 to test this, which is fine.
1:44 We'll find another way to do that in just a minute.
1:46 But let's finish writing it so we can test it.
1:48 The next thing we expect is that they submitted email
1:51 and remember this is a Python dictionary.
1:54 So we're going to be able to just call it get email
1:56 and None as an option is probably fine.
2:00 We also want password = data.get('password').
2:05 And then we're going to do some validation here.
2:08 Right, so now we're checking is this data
2:11 that we expected properly supplied.
2:14 Finally, we have our data.
2:15 We can try to log in.
2:16 So we can do what I was attempting at before.
2:18 We can say anvil.users.login_with_email.
2:23 Okay, so we're going to say email, password
2:28 and finally maybe they had passed this information in
2:31 but it was wrong. So if we don't get a user
2:34 we want to return another status code.
2:36 But this time, we want to return
2:38 some kind of authorization one
2:40 like, "We're not going to let you process this,"
2:43 or 403 or something like that.
2:49 Something like 403 invalid login.
2:52 Okay and let's at the end, we'll just return
2:55 "You made it," something like that.
2:56 Just to see that things are working.
2:58 Then we're going to figure out
2:59 actually how to deal with this API key.
3:01 If we were to try to request this again
3:03 remember we're just not going to make it past this section
3:06 because we must do a POST with a JSON body.
3:09 And while you can technically make the browser
3:12 do this with some plugins or something
3:13 I'm sure there's better tools for it.
3:15 So let's actually drop out of super full screen mode here
3:19 and look at another tool called Postman.
3:22 Postman is a free tool.
3:23 It has a paid tier but you can use it for free.
3:26 This allows you to build much richer requests.
3:29 So let's go over here, go back to our URL that we need.
3:34 We're going to add over here a post request to that.
3:39 Let's just hit send and see what happens.
3:42 What is the response we got?
3:43 You must submit a JSON body 400 bad request.
3:47 Okay, that's fine because we can come over to the body
3:50 and say it's raw and we can start typing in here.
3:57 Notice that, we can even switch it to JSON
3:59 it auto completes the brackets, things like that.
4:01 So we can say the email is email@example.com
4:05 and I'm ready to reveal my password to you.
4:09 It's the same thing.
4:12 It doesn't really matter, right.
4:13 We can do whatever.
4:14 It's just a simple little site, it's not really my log in.
4:17 This actually, let's check that the log in doesn't work.
4:20 How about even better, we'll check that if we don't have this data
4:23 that we're validating that, hey, you must have the password.
4:26 So let's send it again.
4:27 The response should be slightly different.
4:31 Oh an exception was raised.
4:33 That doesn't seem so good, does it?
4:37 Let's go back to our app logs and see what happened.
4:41 Oh, it's because I can't write JSON.
4:44 Of course, that should probably be coming back
4:46 as a 400 bad request
4:47 but this is deep down inside of Anvil, so it is what it is.
4:52 I always do this when I work with JSON.
4:53 These have to be double quotes.
4:55 I think I maybe made a joke about that earlier
4:56 but there we go. Let's try again.
5:00 Email and password are required.
5:01 So again, 400 bad request but a new message.
5:04 And now if we put password, but this time an invalid one
5:09 it should not log me in. I keep breaking this thing.
5:14 What's going on with it? Oh incorrect email or password.
5:25 I guess we got to catch that differently.
5:27 So where was I doing this? Here, we can say.
5:39 Here we go, either one of those should be appropriate.
5:42 Now finally, let's try.
5:44 Here we go, invalid login, again.
5:46 Okay, so that was the 403 we expected.
5:48 Finally, let's get us all the way through this
5:50 and see where we are.
5:51 This should say some kind of message like
5:53 Hey you made it. Ta-da!
5:56 Alright, a little bit of dialing in
5:58 a little bit of tweaking on the way we were processing this.
6:01 Now we're good.
6:02 We've done all the validation that I think we need to do
6:04 and we've passed over the information.
6:06 And finally, we've logged in.
6:07 The last thing we need to send back is our API key.
6:10 We'll deal with that in a minute.
6:11 But once we get that done
6:12 this authorize bit will be finished.