RESTful and HTTP APIs in Pyramid Transcripts
Chapter: Conclusion
Lecture: Lightning review: API keys

Login or purchase this course to watch this video and the rest of the course contents.
0:00 And then we said let's provide some level of authentication to our service and we said let's do that with api keys,
0:08 so we created this decorator called require api key and it follows the convention of our service which is to pass an authorization header
0:17 and then authorization header has a certain structure which includes that api key and our little function parse api key from header
0:25 it's not shown here but it goes and it grabs that from the authorization header value.
0:28 It says, look, if you don't have one, nope, 403, missing api key. It then uses that api key to look up a user,
0:35 and if there is no user there it says no, no just invalid api key, or couldn't find user, or something like that.
0:41 And then, if that all works, that means we actually have a user corresponding to that key they pass, so we stash the api user for later use
0:48 and then we actually call the function that we're decorating which in this case is going to be one of our api view methods.
0:54 So here's the implementation, hopefully the decorator stuff didn't freak you out too much and it kind of came across more cool than more complicated
1:01 but they do take a lot to wrap you head around. Now, if we want to use this, it's dead easy we can come over here and say here's a view
1:09 and oh this one requires an api key, and remember all autos will never even get called unless the user is already set and everything works,
1:16 so we can even come down and know that request.api_user is going to be set we didn't have to check whether it exists
1:23 because if it doesn't, we're not going to make it this far.


Talk Python's Mastodon Michael Kennedy's Mastodon