My goal is to secure an api through token based authentication on aws beanstalk. Im using flask as a framework. To use the API, the user should only need the url and a token.
I really want to keep it as simple as possible but also secure.
My approach:
from flask import Flask, jsonify, request
app = Flask(__name__)
@app.route('/test', methods=['GET'])
def get_tasks():
headers = request.headers
auth = headers.get("auth")
if auth == lookupTokenInDatabase():
return jsonify({"message": "OK: Authorized"}), 200
else:
return jsonify({"message": "ERROR: Unauthorized"}), 401
if __name__ == '__main__':
app.run(debug=True)
The client request would look like this:
import requests
url = "test"
payload = {}
headers = {'auth':'token'}
response = requests.request("GET", url, headers=headers, data = payload)
print(response)
I am aware that this is probably not state of the art, but does it provide at least some type of security?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…