Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to secure a REST Api on flask

Tags:

rest

security

flask

api

I need to develop a Rest API on my app (Based on Flask)

But I don't really know how I should secure it.

Currently, I have a normal authentication for users who are coming from a browser. (Using the session etc.)

But for the API users, should I ask the username/password at every API request ? Is it really secured ? I know than a lot of web API use tokens for API calls, is it a best way ?

And in this case, how to implement it ? (This is not really my field of expertise..) Thanks a lot

like image 822
Pusheen_the_dev Avatar asked Dec 19 '17 17:12

Pusheen_the_dev

People also ask

How do you secure a REST API Flask?

Integrate the Security Library The code for a working OAuth secured Python Flask API is provided below: The OAuth filter is configured to run before API requests. The filter verifies the token signature and the expected issuer / audience claims. API routes can then access JWT claims in the request object.

How do you secure a Flask REST API with JSON web token?

Install packages using pip Now it's time to install packages such as the flask framework and PyJWT which we will use to build the rest API and other necessary packages for our API project. Create a requirements. txt file with the following packages. Install them with pip.

Is Flask GOOD FOR REST API?

Lastly, Flask also has extensive documentation that address everything that developers need to start. Being lightweight, easy to adopt, well-documented, and popular, Flask is a very good option for developing RESTful APIs.

1 Answers

You should use token based authentication technique to secure your API, the concept is simple once your user signs in, your site should save it somewhere and you send back that token to your user.

For each call to your API, user should send token with every API request and you should validate the encoded toke and either deny or send back the response.

Have a look here: https://realpython.com/blog/python/token-based-authentication-with-flask/

Check this too http://flask-jwt-extended.readthedocs.io/en/latest/

For better performance, you can store your session tokens in a NOSQL database like Redis.

To support logins with social media sites, you should use OAuth which is working in the same way except it send back a couple of more tokens to the client.

like image 51
Muhammad Soliman Avatar answered Oct 04 '22 20:10

Muhammad Soliman
Sign in to Comment

Related questions

Restangular POST form data in json format in Angular JS
POST contents of a form to rest api
Angular relative paths in HTTP requests
Are there javadoc-like tools to generate RESTful web service apidoc from JAX-RS annotations? [closed]
Restful Client from WADL
Swagger Codegen CLI Java Client - How to use it right
How to POST Model with Many to Many through in Django REST
Symfony2 And Single Webpage Applications using a framework like AngularJS
Simple URL routes in WCF Rest 4.0 without trailing slash
Spring Data REST in plain JSON (not HAL format)
RESTful API design - best practices for passing dates
Django, REST and Angular Routes
how to POST contents of JSON file to RESTFUL API with Python using requests module
A RESTful approach to data synchronization
REST url for create and edit forms
RESTful API: require user agent string?
REST response - should I put the URL of the new resource in the header, body, or both?
Why use ASP.NET MVC 2 for REST services? Why not WCF?
Access blocked by CORS policy: Response to preflight request doesn't pass access control check
Maximum default POST request size of IIS 7 - how to increase 64kB/65kB limit?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!