Our current version of the API processes all the incoming requests without requiring any kind of authentication. We will use a Flask extension and other packages to use an HTTP authentication scheme to identify the user that originated the request or the token that signed the request. Then, we will use these credentials to apply the permissions that will determine whether the request must be permitted or not. Unluckily, neither Flask nor Flask-RESTful provide an authentication framework that we can easily plug and configure. Thus, we will have to write code to perform many tasks related to authentication and permissions.

First, we will install the Flask-HTTPAuth Flask extension to make it easier for us to work with HTTP authentication and the passlib package to allow us to hash a password and check whether a provided password is valid or not.

We will create a new User model that will represent a user. The model will provide methods to allow us to hash a password and verify whether a password provided for a user is valid or not. We will create a UserSchema class to specify how we want to serialize and deserialize a user.

Then, we will configure the Flask extension to work with our User model to verify passwords and set the authenticated user associated with a request. We will make changes to the existing resources to require authentication and we will add new resources to allow us to retrieve existing users and create a new one. Finally, we will configure the routes for the resources related to users.

Once we have completed the previously mentioned tasks, we will run the migrations process to generate the new table that persists the users in the database. Then, we will compose and send HTTP requests to understand how the authentication and permissions work with our new version of the API.

Make sure you quit Flask's development server. You just need to press Ctrl + C in the Terminal or Command Prompt window in which it is running.

Now, we will install many additional packages. Make sure you have activated the virtual environment we have created in Chapter 1, Developing RESTful APIs and Microservices with Flask 1.0.2, and we named Flask01. After you activate the virtual environment, it is time to run many commands that will be the same for either macOS, Linux, or Windows.

Now we will edit the existing requirements.txt file to specify the additional set of packages that our application requires to be installed in any supported platform. This way, it will be extremely easy to repeat the installation of the specified packages with their versions in any new virtual environment.

Use your favorite editor to edit the existing text file named requirements.txt within the root folder for the virtual environment. Add the following lines after the last line to declare the additional packages and the versions that our new version of the API requires. The code file for the sample is included in the restful_python_2_03_02 folder, in the Flask01/requirements.txt file:

flask-HTTPAuth==3.2.4 
passlib==1.7.1

Each additional line added to the requirements.txt file indicates the package and the version that needs to be installed. The following table summarizes the packages and the version numbers that we specified as additional requirements to the previously included packages:

Now we must run the following command on macOS, Linux, or Windows to install the additional packages and the versions explained in the previous table with pip by using the recently edited requirements.txt file. Make sure you are in the folder that has the requirements.txt file before running the command:

    pip install -r requirements.txt 

The last lines for the output will indicate that all the new packages and their dependencies have been successfully installed. If you downloaded the source code for the example and you didn't work with the previous version of the API, pip will also install the other packages included in the requirements.txt file:

    Installing collected packages: Flask-HTTPAuth, passlib
    Successfully installed Flask-HTTPAuth-3.2.4 passlib-1.7.1