Signes API requests: each client is identified by its key and granted access by a secret. (no secret transmitted over to server - used only to sign a request)
pip install git+git://github.com/mediapredict/resigner.git
In settings.py:
INSTALLED_APPS = (
...
'resigner',
...
)
Optional
RESIGNER_API_MAX_DELAY = 30 # max delay in seconds (default 5*60 seconds)
from django.http import JsonResponse
from resigner.server import signed_req_required
@signed_req_required
def my_api_view(request):
resp = {"result": "this API has been protected with secret key"}
return JsonResponse(resp)
Add through admin:
- in
ApiKeys
: MY_API_KEY (key, used to identify a client) and my_secret_key (secret, used to get access)
You may use auto generated or provide specific value.
from resigner.client import post_signed, get_signed
res = post_signed(
"http://mysite/api_url", {"some": "data_we_want_to_transmit"}, "my_client_key", "my_secret_key"
)
if res.status_code == 200:
print "went good!"
else:
print "error HTTP status_code:{0}".format(res.status_code)
...
In the case of connecting to Knitting Factory
KF_URL = 'https://knittingfactory.herokuapp.com'
api_url = "{0}/explorer/api/search".format(settings.KF_URL)
request_data = {
"q" :
'''
"your_daffodil" = "one long string"
''',
"flat" = False, # True will return kfid only
}
res = post_signed(api_url,
request_data,
settings.KF_API_KEY,
settings.KF_SECRET)
res.json()
will access the data dictionary
Make sure MY_API_KEY and MY_TEST_CLIENT have been added in the server's DB as explained above.