Reputation: 4641
Identity management and authentication for REST APIs
We have built a Python based REST API. We are planning to give to other developers as well. Is there a Python library which could manage authentication keep track of API calls made be each client etc?
Upvotes: 2
Views: 651
Answers (1)
Reputation: 33640
Well, ideally you'll be using public-key cryptography, supplying the developers with an API key and secret both. If the service is accessible via HTTPS to a limited number of consumers, you might be tempted to defer to issuing a simple API key alone, but your committing yourself to remain a small, closed and insecure service forever.
As for managing API calls themselves, since you have the RESTful interfaces developed already, I would suggest that you begin decorating the functions or methods to extract the service consumer and keep track of API calls in MonogoDB--it's simple and perfectly tuned for such a requirement. It would also allow you to start throttling consumer connections at the application level where, in time, you can develop the system to encompass some low-level solutions for managing service connections, such as iptables.
Upvotes: 1
Related Questions
- Authentication with REST Framework Django
- Call REST API with authentication using Python
- Securely passing credentials for API authentication - Python 3
- Restful API with authentication
- Secure Python REST APIs
- How to use authentication with Django REST Framework
- Rest call authentication in Python
- django rest Framework authentications
- How to achieve Python REST authentication
- How to implement authentication for REST API?