When APIs Require Authentication
When an external API requires an API key, the key should live in the server's environment and be attached only in the outbound request header. The client never sends or receives the key. In this exercise you will add optional API key support to the currency server's convert_currency tool.
The Frankfurter API does not require a key for basic use, but many APIs do. You will read an optional key from the environment (e.g., CURRENCY_API_KEY) and, if set, add it to the request as an Authorization: Bearer header.
An MCP server has already been instantiated and stored as the variable mcp. The os module has already been imported for you.
This exercise is part of the course
Introduction to Model Context Protocol (MCP)
Exercise instructions
- Read the
"CURRENCY_API_KEY"API key from the environment variables and add it to the"Authorization"header with a value"Bearer "plus the key to the request. - Pass the headers in the API GET request.
Hands-on interactive exercise
Have a go at this exercise by completing this sample code.
@mcp.tool()
def convert_currency(amount: float, from_currency: str, to_currency: str) -> str:
"""Convert an amount from one currency to another using current exchange rates."""
url = f"https://api.frankfurter.dev/v1/latest?base={from_currency}&symbols={to_currency}"
# Read optional API key from the server's environment
headers = {}
api_key = os.environ.get(____)
if api_key:
headers["Authorization"] = f"Bearer {____}"
try:
# Pass headers (and timeout) to the request; key never goes in the URL
r = requests.get(url, ____=____, timeout=10)
r.raise_for_status()
data = r.json()
rate = data["rates"].get(to_currency)
if rate is None:
return f"Could not find exchange rate for {from_currency} to {to_currency}"
return f"{amount} {from_currency} = {amount * rate:.2f} {to_currency} (Rate: {rate})"
except requests.exceptions.RequestException as e:
return f"Error converting currency: {e}"
print(convert_currency(10, "USD", "EUR"))