How to secure a REST Api on flask

rest api security flask
24,058

You should use token based authentication technique to secure your API, the concept is simple once your user signs in, your site should save it somewhere and you send back that token to your user.

For each call to your API, user should send token with every API request and you should validate the encoded toke and either deny or send back the response.

Have a look here: https://realpython.com/blog/python/token-based-authentication-with-flask/

Check this too http://flask-jwt-extended.readthedocs.io/en/latest/

For better performance, you can store your session tokens in a NOSQL database like Redis.

To support logins with social media sites, you should use OAuth which is working in the same way except it send back a couple of more tokens to the client.

Share:
24,058
Pusheen_the_dev
Author by

Pusheen_the_dev

Very interested in neural-nets and generally in machine learning. I know : Python-2 | Python-3 | C | C++ | PHP5

Updated on July 05, 2022

Comments

  • Pusheen_the_dev
    Pusheen_the_dev almost 2 years

    I need to develop a Rest API on my app (Based on Flask)

    But I don't really know how I should secure it.

    Currently, I have a normal authentication for users who are coming from a browser. (Using the session etc.)

    But for the API users, should I ask the username/password at every API request ? Is it really secured ? I know than a lot of web API use tokens for API calls, is it a best way ?

    And in this case, how to implement it ? (This is not really my field of expertise..) Thanks a lot

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Getting Insufficient scope for this resource using Spring Boot and OAuth2
Securing a REST API in Java
werkzeug.exceptions.BadRequestKeyError: 400 Bad Request: The browser (or proxy) sent a request that this server could not understand. KeyError: 'id'
Flask POST request is causing server to crash
How do I secure my REST api developed in playframework
How to protect a private REST API in an AJAX app
Updating Value From API in a constructor flutter
How to access COWIN APIs?
In Flutter how I can fetch data inside a JASON with API and GetX
Flutter REST API Security