0

We are working on a project to provide search service of our search engine Humkinar to our clients. We are looking forward to have REST api which our client will use to get search results from our servers into his custom app.

To avoid public access to my REST API i want some sort of authentication in it. HTTP authentication do not work in my case. Because in my case, if i use basic HTTP authentication i have to provide username and password of client which is a secrete for client and users on client custom app must not know about client credentials.

For this purpose i need some sort of KEY based authentication which we provide to our clients and clients put them in their custom apps.

can anyone guide me how i can do this in flask REST API's?
how i can generate API keys and authenticate them?

Is there any standards for this? Kindly reply to me as soon as possible.

Improve this question
2
  • 1
    realpython.com/token-based-authentication-with-flask/#jwt-setup Commented Oct 24, 2018 at 10:50
  • Thanks for the response @Carlo1585 . I have seen this method before, but this method provides token which expires after some time. In my case i don't need such a thing. I will provide sort of API Key to my clients and my clients will use that API KEY to their custom apps where users can search from our server through that API KEY embedded in REST. server then validate the REST API and provide results. I don't want to expire my API Key, so the client do not have to regenerate it every time it expires. Can i use UUID for this purpose? Kindly please help me Commented Oct 25, 2018 at 6:11

1 Answer 1

Reset to default
1

With little research i have solved this issue. Best way of authentication in my case was using API-Keys. Now i am generating API-Key for my clients which is universally unique. Each client will have its own API-key and will send this key in REST request. our service will receive request and get that key from it. Then this key will be verified from DB to validate and this way authentication will be make sure.

I am using UUID4 for generating universally unique 36 character long key

code for generating API-key is given below:

import uuid
uuid_str = str(uuid.uuid4())
print(uuid_str)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.