Signes API requests: each client is identified by its key and granted access by a secret. (no secret transmitted over to server - used only to sign a request)
pip install git+git://github.com/mediapredict/resigner.git
In settings.py:
INSTALLED_APPS = (
...
'resigner',
...
)Optional
RESIGNER_API_MAX_DELAY = 30 # max delay in seconds (default 5*60 seconds)from django.http import JsonResponse
from resigner.server import signed_req_required
@signed_req_required
def my_api_view(request):
resp = {"result": "this API has been protected with secret key"}
return JsonResponse(resp)Add through admin:
- in
ApiKeys: MY_API_KEY (key, used to identify a client) and my_secret_key (secret, used to get access)
You may use auto generated or provide specific value.
...
res = post_signed(
"http://mysite/api_url", {"some": "data_we_want_to_transmit"}, "my_client_key", "my_secret_key"
)
if res.status_code == 200:
print "went good!"
else:
print "error HTTP status_code:{0}".format(res.status_code)
...Make sure MY_API_KEY and MY_TEST_CLIENT have been added in the server's DB as explained above.