Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Data Theorem API Protect Python SDK is a Python library that provides protection for APIs written in Python.

The SDK integrates with your Python API using the API Protect middleware which supports most popular Python frameworks, including:

To Protect an API, all the API developer needs to do is add the API Protect middleware to their web application code set the client Id we provide.

Getting the Software

Use the link provided to you to download the API Protect software bundle which contains:

1. apiprotect Python package

2. a file named env that contains your client_id

Note: To get a download link contact sales or support.

Example downloading and extracting the software bundle

Code Block
languagebash
$ > curl https://<pre-signed-gcs-url>/apiprotect-bundle.tar.gz | tar -x

$ > ls
apiprotect-1.0.3.tar.gz  env

$ > cat env
DT_API_PROTECT_CLIENT_ID=ca1c3cf9a87b9018e2c5a8f2f1096c3d41eda70ea918bc76b0f3d7a22c224710

Installation

Step 1: Add the package to dependencies

...

Code Block
# requirements.txt after adding the apiprotect package
file:./vendored/apiprotect-1.0.13.tar.gz
Jinja2<2.12
SQLAlchemy<1.4.0
advocate>=1.0.0,<2.0
boto3<2.0.0
falcon-cors<1.2.0
falcon<4.0.0

Example installing dependency via pip

Code Block
languagebash
$ > pip install ./apiprotect-1.0.13.tar.gz

Step 2: Add the middleware to the application

...

Example using Falcon middleware

# example using Falcon middleware
Code Block
languagepy
"""
wsgi.py

For more information see
https://falcon.readthedocs.io/en/stable/user/faq.html?highlight=wsgi#how-do-i-use-wsgi-middleware-with-falcon

"""

import falcon
from apiprotect.middleware import ApiProtectFalconMiddleware

app = falcon.App(
    middleware=[
        CloudTraceMiddleware(),
        ApiProtectFalconMiddleware(),
        SqlAlchemySessionMiddleware(),
        CORSMiddleware(),
    ]
)

Example using WSGI middleware with Flask

Code Block
languagepy
# example using WSGI middleware
"""
wsgi.py

For more information see
https://flask.palletsprojects.com/en/2.1.x/quickstart/#hooking-in-wsgi-middleware

"""

from flask import Flask
from apiprotect.middleware import ApiProtectWSGIMiddleware

wsgi_app = getFlask(__name_wsgi_application()
protected_
# Override the app wsgi_app property
app.wsgi_app = ApiProtectWSGIMiddleware(app.wsgi_app)

@app.route('/')
def hello_world():
    return 'Hello, World!'

Example using the WSGI middleware with Django

Code Block
languagepy
"""
wsgi.py

It exposes the WSGI callable as a module-level variable named ``application``.

For more information see
https://docs.djangoproject.com/en/4.0/howto/deployment/wsgi/

"""

from django.core.wsgi import get_wsgi_application
from apiprotect.middleware import ApiProtectWSGIMiddleware

application = get_wsgi_application()
application = ApiProtectWSGIMiddleware(application)

Step 3: Set the Client ID

For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services.

The client id we provide can be set in two way, either:

  • via an environment variable DT_API_PROTECT_CLIENT_ID

  • or by passing it directly to the middleware. Setting the environment variable is the preferred method.

Note: If the client id is present either as the DT_API_PROTECT_CLIENT_ID environment variable, or passed to the middleware, API Protect will activate. If the client_id cannot be easily unset but you do not wish to activate API Protect, you can set DT_API_PROTECT_DEACTIVATE=True to prevent the service from activating.

...

Example passing client_id to Falcon middleware

Code Block
languagepy
#import examplefalcon
passing client_id to Falcon middleware

from apiprotect.middleware import ApiProtectFalconMiddleware
import settings  # file-based secure settings management

app = falcon.App(
    middleware=[
        CloudTraceMiddleware(),
        ApiProtectFalconMiddleware(client_id=settings.client_id),
        SqlAlchemySessionMiddleware(),
        CORSMiddleware(),
    ]
)

Example passing client_id to WSGI middleware

Code Block
languagepy
#from exampleapiprotect.middleware passing client_id to WSGI middleware

import ApiProtectWSGIMiddleware
import settings  # file-based secure settings management

from apiprotect.middleware import ApiProtectWSGIMiddleware

wsgi_app = get_wsgi_application()

protected_wsgi_app = ApiProtectWSGIMiddleware(wsgi_app, client_id=settings.client_id)

...