When APIs Require Authentication
When an external API requires an API key, the key should live in the server's environment and be attached only in the outbound request header. The client never sends or receives the key. In this exercise you will add optional API key support to the currency server's convert_currency tool.
The Frankfurter API does not require a key for basic use, but many APIs do. You will read an optional key from the environment (e.g., CURRENCY_API_KEY) and, if set, add it to the request as an Authorization: Bearer header.
An MCP server has already been instantiated and stored as the variable mcp. The os module has already been imported for you.
Este ejercicio forma parte del curso
Introduction to Model Context Protocol (MCP)
Instrucciones del ejercicio
- Read the
"CURRENCY_API_KEY"API key from the environment variables and add it to the"Authorization"header with a value"Bearer "plus the key to the request. - Pass the headers in the API GET request.
Ejercicio interactivo práctico
Prueba este ejercicio y completa el código de muestra.
@mcp.tool()
def convert_currency(amount: float, from_currency: str, to_currency: str) -> str:
"""Convert an amount from one currency to another using current exchange rates."""
url = f"https://api.frankfurter.dev/v1/latest?base={from_currency}&symbols={to_currency}"
# Read optional API key from the server's environment
headers = {}
api_key = os.environ.get(____)
if api_key:
headers["Authorization"] = f"Bearer {____}"
try:
# Pass headers (and timeout) to the request; key never goes in the URL
r = requests.get(url, ____=____, timeout=10)
r.raise_for_status()
data = r.json()
rate = data["rates"].get(to_currency)
if rate is None:
return f"Could not find exchange rate for {from_currency} to {to_currency}"
return f"{amount} {from_currency} = {amount * rate:.2f} {to_currency} (Rate: {rate})"
except requests.exceptions.RequestException as e:
return f"Error converting currency: {e}"
print(convert_currency(10, "USD", "EUR"))