...
The Data Theorem API Protect Python SDK is a Python library that provides protection for APIs written in Python.
The SDK integrates with your Python API using the API Protect middleware which supports most popular Python frameworks, including:
Every other WSGI framework
To Protect an API, all the API developer needs to do is add the API Protect middleware to their web application code set the client Id we provide.
Getting the Software
Use the link provided to you to download the API Protect software bundle which contains:
1. apiprotect
Python package
2. a file named env
that contains your client_id
Note: To get a download link contact sales or support.
Example downloading and extracting the software bundle
Code Block | ||
---|---|---|
| ||
$ > curl https://<pre-signed-gcs-url>/apiprotect-bundle.tar.gz | tar -x
$ > ls
apiprotect-1.0.3.tar.gz env
$ > cat env
DT_API_PROTECT_CLIENT_ID=ca1c3cf9a87b9018e2c5a8f2f1096c3d41eda70ea918bc76b0f3d7a22c224710 |
Installation
Step 1: Add the package to dependencies
...
Code Block |
---|
# requirements.txt after adding the apiprotect package file:./vendored/apiprotect-1.0.13.tar.gz Jinja2<2.12 SQLAlchemy<1.4.0 advocate>=1.0.0,<2.0 boto3<2.0.0 falcon-cors<1.2.0 falcon<4.0.0 |
Example installing dependency via pip
Code Block | ||
---|---|---|
| ||
$ > pip install ./apiprotect-1.0.3.tar.gz |
Step 2: Add the middleware to the application
...
Code Block | ||
---|---|---|
| ||
This middleware shouldmay be added before or after any logging middleware and, but it should be before other middleware or application code. Request Flow │ ┌───────────────────────────────────┐ │ │ Logging Middleware │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Api Protect Middleware │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Other Middleware │ │ └───────────────────────────────────┘ │ │ ▼ * OR * |
Example using Falcon middleware
Code Block |
---|
# example using Falcon middleware Request Flow │ ┌───────────────────────────────────┐ │ │ Api Protect Middleware │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Logging Middleware │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Other Middleware │ │ └───────────────────────────────────┘ │ │ ▼ |
Example using Falcon middleware
Code Block | ||
---|---|---|
| ||
""" wsgi.py For more information see https://falcon.readthedocs.io/en/stable/user/faq.html?highlight=wsgi#how-do-i-use-wsgi-middleware-with-falcon """ import falcon from apiprotect.middleware import ApiProtectFalconMiddleware app = falcon.App( middleware=[ CloudTraceMiddleware(), ApiProtectFalconMiddleware(), SqlAlchemySessionMiddleware(), CORSMiddleware(), ] ) |
Example using WSGI middleware with Flask
Code Block | ||
---|---|---|
| ||
# example using WSGI middleware """ wsgi.py For more information see https://flask.palletsprojects.com/en/2.1.x/quickstart/#hooking-in-wsgi-middleware """ from flask import Flask from apiprotect.middleware import ApiProtectWSGIMiddleware wsgi_app = getFlask(__name_wsgi_application() protected_ # Override the app wsgi_app property app.wsgi_app = ApiProtectWSGIMiddleware(app.wsgi_app) @app.route('/') def hello_world(): return 'Hello, World!' |
Example using the WSGI middleware with Django
Code Block | ||
---|---|---|
| ||
""" wsgi.py It exposes the WSGI callable as a module-level variable named ``application``. For more information see https://docs.djangoproject.com/en/4.0/howto/deployment/wsgi/ """ from django.core.wsgi import get_wsgi_application from apiprotect.middleware import ApiProtectWSGIMiddleware application = get_wsgi_application() application = ApiProtectWSGIMiddleware(application) |
Step 3: Set the Client ID
For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services.
The client id we provide can be set in two way, either:
via an environment variable
DT_API_PROTECT_CLIENT_ID
or by passing it directly to the middleware.
...
Setting the environment variable is the preferred
...
method.
Note: If the client id is present either as the DT_API_PROTECT_CLIENT_ID
environment variable, or passed to the middleware, API Protect will activate. If the client_id cannot be easily unset but you do not wish to activate API Protect, you can set DT_API_PROTECT_DEACTIVATE=True
to prevent the service from activating.
If you need to pass it the client_id to the middleware without setting an environment variable, here is how to do that:
Example passing client_id to Falcon middleware
Code Block | ||
---|---|---|
| ||
#import examplefalcon passing client_id to Falcon middleware from apiprotect.middleware import ApiProtectFalconMiddleware import settings # file-based secure settings management app = falcon.App( middleware=[ CloudTraceMiddleware(), ApiProtectFalconMiddleware(client_id=settings.client_id), SqlAlchemySessionMiddleware(), CORSMiddleware(), ] ) |
Example passing client_id to WSGI middleware
Code Block | ||
---|---|---|
| ||
#from exampleapiprotect.middleware passing client_id to WSGI middleware import ApiProtectWSGIMiddleware import settings # file-based secure settings management from apiprotect.middleware import ApiProtectWSGIMiddleware wsgi_app = get_wsgi_application() protected_wsgi_app = ApiProtectWSGIMiddleware(wsgi_app, client_id=settings.client_id) |
...