RESTful and HTTP APIs in Pyramid Transcripts
Chapter: Conclusion
Lecture: Lightning review: API keys
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
And then we said let's provide some level of authentication to our service and we said let's do that with api keys,
0:08
so we created this decorator called require api key and it follows the convention of our service which is to pass an authorization header
0:17
and then authorization header has a certain structure which includes that api key and our little function parse api key from header
0:25
it's not shown here but it goes and it grabs that from the authorization header value.
0:28
It says, look, if you don't have one, nope, 403, missing api key. It then uses that api key to look up a user,
0:35
and if there is no user there it says no, no just invalid api key, or couldn't find user, or something like that.
0:41
And then, if that all works, that means we actually have a user corresponding to that key they pass, so we stash the api user for later use
0:48
and then we actually call the function that we're decorating which in this case is going to be one of our api view methods.
0:54
So here's the implementation, hopefully the decorator stuff didn't freak you out too much and it kind of came across more cool than more complicated
1:01
but they do take a lot to wrap you head around. Now, if we want to use this, it's dead easy we can come over here and say here's a view
1:09
and oh this one requires an api key, and remember all autos will never even get called unless the user is already set and everything works,
1:16
so we can even come down and know that request.api_user is going to be set we didn't have to check whether it exists
1:23
because if it doesn't, we're not going to make it this far.