Book Image

Python API Development Fundamentals

By : Jack Chan, Ray Chung, Jack Huang
Book Image

Python API Development Fundamentals

By: Jack Chan, Ray Chung, Jack Huang

Overview of this book

Python is a flexible language that can be used for much more than just script development. By knowing the Python RESTful APIs work, you can build a powerful backend for web applications and mobile applications using Python. You'll take your first steps by building a simple API and learning how the frontend web interface can communicate with the backend. You'll also learn how to serialize and deserialize objects using the marshmallow library. Then, you'll learn how to authenticate and authorize users using Flask-JWT. You'll also learn how to enhance your APIs by adding useful features, such as email, image upload, searching, and pagination. You'll wrap up the whole book by deploying your APIs to the cloud. By the end of this book, you'll have the confidence and skill to leverage the power of RESTful APIs and Python to build efficient web applications.

Related Content you might be interested in

Current Title:

Small book image
Python API Development Fundamentals
Jack Chan | Ray Chung | Jack Huang
Nov, 2019 | 372 pages
Small book image
Hands-On RESTful Python Web Services
Gaston C Hillar
Dec, 2018 | 500 pages
Small book image
Mastering Flask Web Development
Jack Stouffer | Daniel Gaspar
Oct, 2018 | 332 pages
Table of Contents (12 chapters)
Preface
Preface
About the Book
Free Chapter
1
1. Your First Step
1. Your First Step
Introduction
Understanding API
RESTful API
HTTP Protocol
HTTP Methods and CRUD
The JSON Format
HTTP Status Codes
Open API
The Flask Web Framework
Building a Simple Recipe Management Application
Using curl or httpie to Test All the Endpoints
Postman
Summary
2
2. Starting to Build Our Project
2. Starting to Build Our Project
Introduction
What is Flask-RESTful?
Virtual Environment
Creating a Recipe Model
Configuring Endpoints
Making HTTP Requests to the Flask API using curl and httpie
Summary
3
3. Manipulating a Database with SQLAlchemy
3. Manipulating a Database with SQLAlchemy
Introduction
Databases
SQL
ORM
Defining Our Models
Password Hashing
Summary
4
4. Authentication Services and Security with JWT
4. Authentication Services and Security with JWT
Introduction
JWT
Flask-JWT-Extended
Designing the Methods in the Recipe Model
Refresh Tokens
The User Logout Mechanism
Summary
5
5. Object Serialization with marshmallow
5. Object Serialization with marshmallow
Introduction
Serialization versus Deserialization
marshmallow
A Simple Schema
UserSchema Design
RecipeSchema Design
The PATCH Method
Summary
6
6. Email Confirmation
6. Email Confirmation
Introduction
Mailgun
User Account Activation Workflow
HTML Format Email
Summary
7
7. Working with Images
7. Working with Images
Introduction
Building the User Avatar Function
Flask-Uploads
Image Resizing and Compression
Introduction to Pillow
Summary
8
8. Pagination, Searching, and Ordering
8. Pagination, Searching, and Ordering
Introduction
Pagination
Paginated APIs
Recipe Searching
Sorting and Ordering
Summary
9
9. Building More Features
9. Building More Features
Introduction
Caching
Flask-Caching
API Rate Limiting
Flask-Limiter
Summary
10
10. Deployment
10. Deployment
Introduction
Deployment
Comparing SaaS, PaaS, and IaaS
The Heroku Platform
Configuration Handling in Smilecook
Heroku Application
Heroku Add-Ons
Setting Up Environment Variables for the Heroku App
Setting Up Variables in Postman
Setting up the Front-end Interface to Work with the Smilecook API
Summary
Appendix
Appendix
1: Your First Step
2: Starting to Build Our Project
3: Manipulating a Database with SQLAlchemy
4: Authenticated Services and Security with JWTs
5: Validating APIs Using marshmallow
6: Email Confirmations
7: Working with Images
8: Pagination, Searching, and Ordering
9: Building More Features
10: Deployment

The User Logout Mechanism

The Flask-JWT-Extended package supports the logout function. The way it works is to put the token into a blacklist when the user is logged out. A blacklist is basically a blocklist; it is an access control mechanism. Things (for example, emails, tokens, IDs, and so on) on the list will be denied access. With the blacklist in place, the application can use token_in_blacklist_loader to verify whether the user has logged out or not:

Figure 4.16: The user logout mechanism using a blacklist

In the next exercise, we want you to try implementing this logout function. It will test your understanding of the login and logout flow.

Exercise 31: Implementing the Logout Function

In this exercise, we will implement the logout function. We will first declare a black_list to store all the logged-out access tokens. Later, when the user wants to visit the access-controlled API endpoints, we will first check whether the access token is still valid...

Previous Section
End of Section 7
Next Section