Reputation: 2197
How to secure a REST Api on flask
I need to develop a Rest API on my app (Based on Flask)
But I don't really know how I should secure it.
Currently, I have a normal authentication for users who are coming from a browser. (Using the session etc.)
But for the API users, should I ask the username/password at every API request ? Is it really secured ? I know than a lot of web API use tokens for API calls, is it a best way ?
And in this case, how to implement it ? (This is not really my field of expertise..) Thanks a lot
Upvotes: 29
Views: 35830
Answers (1)
Reputation: 23756
You should use token based authentication technique to secure your API, the concept is simple once your user signs in, your site should save it somewhere and you send back that token to your user.
For each call to your API, user should send token with every API request and you should validate the encoded toke and either deny or send back the response.
Have a look here: https://realpython.com/blog/python/token-based-authentication-with-flask/
Check this too http://flask-jwt-extended.readthedocs.io/en/latest/
For better performance, you can store your session tokens in a NOSQL database like Redis.
To support logins with social media sites, you should use OAuth which is working in the same way except it send back a couple of more tokens to the client.
Upvotes: 44
Related Questions
- Securing Flask API with out user authentication
- Securing Flask-Restful API with OAuth2
- Integrating Flask Security and Flask Rest-JSONAPI
- How to create security rules for a REST API
- Using flask-security as a part of an REST API
- Secure Python REST APIs
- Using Flask-Security as part of a REST API
- Using Flask-Security to authenticate REST API
- What is the best way to protect a flask endpoint?
- Securing RESTapi in flask