Reputation: 77
Securing Flask API with out user authentication
I want to know is it possible to secure flask api with out login credentials like basic authentication. I want to share only Key and secret to my client.
Upvotes: 1
Views: 4345
Answers (1)
Reputation: 2428
You can easily write static (per user of course) API-key for your appilcation. Usually this is done by adding pre-shared secret in HTTP headers. Or as a URI parameter. I'd prefer HTTP. There is at least one library available in Github: https://github.com/ericsopa/flask-api-key. And api-key authentication is rather easy to implement yourself.
For better security you can use token authentication. It is explained in https://realpython.com/token-based-authentication-with-flask/
And remenber. Always HTTPS never HTTP!
When talking about API many of us think about REST. When talking about REST and authentication, it good to remember that REST is stateless. So authentication (such as sendin toke or API key or credentials) is done in every request. There is no session for authenticated users. Of course there is many other APIs than REST out there.
Upvotes: 2
Related Questions
- How to secure a REST Api on flask
- Securing Flask-Restful API with OAuth2
- Integrating Flask Security and Flask Rest-JSONAPI
- How to protect Flask-RESTful with Flask-USER management?
- Using flask-security as a part of an REST API
- Secure Python REST APIs
- Using Flask-Security as part of a REST API
- Using Flask-Security to authenticate REST API
- Structuring RESTful API in Flask when some methods require authentication and some don't
- Securing RESTapi in flask