Course Content
Professional Web API with Flask
Professional Web API with Flask
JWT Required
To apply new login request functionality to endpoints, it means that before making a request for an action (e.g., returning a list of players or creating a new one), a user must send a valid JWT.
JWT Validation
Our application can easily check if the JWT is valid because it is signed by our application.
Example: Applying Security to Team Endpoints
For example, only authorized users can delete, modify, or add teams, while unauthorized users can only access information. To achieve this, we apply a new decorator @jwt_required
imported from the flask_jwt_extended
library to the respective methods. This decorator is similarly applied to views of other models.
Error Handling
To effectively handle errors, we need to add some code to our app.py. Here are a few scenarios that can occur with JWT usage:
- The JWT can expire - it is not infinite;
- The JWT can be invalid if the client has tampered with it;
- No JWT is provided when it is required, among others.
In the app.py file, under the initialization of our JWT, we will write several functions to handle the most common errors.
In these functions, we use the jsonify
function imported from the Flask library.
jsonify
is a Flask function used to convert data into a JSON format response, making it easy to send structured, HTTP-friendly responses from a server to a client.
Thanks for your feedback!