Hello, I have a question about the function verify_api_key()...
Underneath the comment "#verifying extract ..... the prefix", we then verify the corresponding hashed_api_key with the function verify_hashed_key().
Can you explain why this step is necessary / preferred? As I understand, we only reach this step if the secret_key the user sent in the Header() was found in the database, and therefore it seems it should be enough to simply return the corresponding user_id, before we ever run the verify_hashed_key() function.
I would greatly appreciate any insight here, thank you!