A production-ready Flask REST API for secure user registration, login, and API key management, with SQLite storage and per-user rate limiting.
- 🔑 User registration & login with token authentication (itsdangerous)
- 🗝 Generate, list, and revoke API keys per user
- 🛡 Rate-limited endpoints (5 keys per day)
- 🗄 SQLite backend (simple & portable)
- 🌍 CORS-ready (for integration with any frontend)
- 🧪 Postman-tested, production structure (not a monolith)
- 🚦 Input validation & detailed error handling
POST /register
{
"username": "testuser",
"password": "pass123"
}POST /login
{
"username": "testuser",
"password": "pass123"
}Response:
{
"token": "<your_token>"
}POST /generate-key
Header:
Authorization: Bearer <your_token>
Response:
{
"key": "..."
}GET /list-keys
Header:
Authorization: Bearer <your_token>
Response:
{
"keys": ["...", "..."]
}POST /revoke-key
Header:
Authorization: Bearer <your_token>
{
"key": "<key_to_revoke>"
}Response:
{
"message": "Key revoked"
}- API key generation is limited to 5 keys per user per day
- All requests are globally limited to 10 per minute per IP
- Exceeding the limit returns:
{
"error": "Rate limit exceeded. Try again later."
}pip install -r requirements.txt- Flask
- Flask-CORS
- Flask-Limiter
- Flask-HTTPAuth
- ItsDangerous
- Python-Dotenv
python app.pyServer will run at:
http://127.0.0.1:5000/
- 🟢 Registration & login (Postman)
- 🟢 API key generation/listing/revoke
- 🟠 Error handling & rate limit
- 🖥️ Console logs
See
/screens/for live usage examples.
💡 You can see real examples on the Gumroad gallery.
You can get a ZIP version with all files, setup instructions, .env.example, and more:
- Email: [email protected]
- Telegram: @talabovali
Need this in another language/stack (Node.js, Go, etc)? Email or Telegram — custom dev available.