Authentication - Python Tutorial

- [Instructor] We looked at how easy it was to get set up using REST APIs in Python. However, when we did that, we did it on a site where we didn't need to log in. Often though, we're dealing with data that's protected by authentication. In this case, we need to do a little bit more work, but the Python request module still makes this pretty easy for us. In the next example, I'm going to use a GitHub account I created for testing purposes. Let's first try to get some information about the user doing the same thing that we did the last time. So let's define a URL. In this case, it will be https api.github.com/user. And now, let's create a response variable and use the request module to get information about that URL. Let's see what this response gave us back. And we see a message here that says it requires authentication. So this is telling us that we need to give it some credentials. So let's do that. All I need to do here is to add, just go back to this request, and we just need to add authentication to it. So we'll do auth and we'll give it our username, which in this case is djw-test. We'll give it a password. I've created this highly secure password called password1. And now, let's see what we got back from our response this time. And so we can see that now, we have access to that info. So it's pretty straightforward, and if you're just testing something on your machine across a trusted network, this is fine. But as you can see, I had to enter my password in plain text, which is not a good idea if this is something anyone else might see. So many sites will use authorization tokens. These can be set up to limit the access and reduce the risk of damage to your site. So if we return to the GitHub example we just looked at, we can go to the settings in GitHub, and then we can go to developer settings, and we can get a personal access token. So let's go ahead and generate a new token. We'll limit the scope of this token to users, since we're interested in user information, and then we can go ahead and generate this token, after giving it a description. Generate the token. And let's copy that token and return to Python. And now, we can modify our previous command, and rather than using auth, we will use headers, and headers will take in an dictionary, which will have the authorization key, and then for the key, we'll prepend this with Bearer, so that we know what kind of key it is, and we'll paste in the key that we copied from GitHub. So now, let's go ahead and see what came back from that request. And we can see that we got the same information as we had when we used our username and password. So this shows you that there's other ways to limit the access that people have to information. There are even more complicated ways to do authentication, but these two methods should be enough to get you started in most cases. As with all things security-related, please be careful that you're not exposing your password to an insecure connection. But you should now be able to access data in your application, even if it is password-protected.