Book Image

Python API Development Fundamentals

By : Jack Chan, Ray Chung, Jack Huang
Book Image

Python API Development Fundamentals

By: Jack Chan, Ray Chung, Jack Huang

Overview of this book

Python is a flexible language that can be used for much more than just script development. By knowing the Python RESTful APIs work, you can build a powerful backend for web applications and mobile applications using Python. You'll take your first steps by building a simple API and learning how the frontend web interface can communicate with the backend. You'll also learn how to serialize and deserialize objects using the marshmallow library. Then, you'll learn how to authenticate and authorize users using Flask-JWT. You'll also learn how to enhance your APIs by adding useful features, such as email, image upload, searching, and pagination. You'll wrap up the whole book by deploying your APIs to the cloud. By the end of this book, you'll have the confidence and skill to leverage the power of RESTful APIs and Python to build efficient web applications.
Table of Contents (12 chapters)

The User Logout Mechanism

The Flask-JWT-Extended package supports the logout function. The way it works is to put the token into a blacklist when the user is logged out. A blacklist is basically a blocklist; it is an access control mechanism. Things (for example, emails, tokens, IDs, and so on) on the list will be denied access. With the blacklist in place, the application can use token_in_blacklist_loader to verify whether the user has logged out or not:

Figure 4.16: The user logout mechanism using a blacklist

In the next exercise, we want you to try implementing this logout function. It will test your understanding of the login and logout flow.

Exercise 31: Implementing the Logout Function

In this exercise, we will implement the logout function. We will first declare a black_list to store all the logged-out access tokens. Later, when the user wants to visit the access-controlled API endpoints, we will first check whether the access token is still valid...