APIArmor is a Python package designed to enhance the security of API communication. It provides server-side middleware for Flask applications and client-side utilities to ensure secure, timestamped, and hash-verified data exchanges.
-
Server-Side Middleware: Protect your Flask API with APIArmorMiddleware, adding time-based and hash verification to incoming requests.
-
Client-Side Utilities: Utilize client-side functions for secure data hashing and sending to APIArmor-protected servers.
pip install apiarmorfrom flask import Flask
from apiarmor.server.middleware import APIArmorMiddleware
app = Flask(__name__)
secret_key = b'your_secret_key'
api_armor_middleware = APIArmorMiddleware(secret_key=secret_key)
app.before_request(api_armor_middleware)
# Define your routes...from apiarmor_client import ApiArmorClientContributions are welcome! If you find a bug or have a suggestion, please open an issue.
This project is licensed under the MIT License - see the LICENSE file for details.
Important: Ensure the secure handling of your API keys and secrets. Do not hard code sensitive information directly in your source code. Consider using environment variables or a secure configuration management system to store and retrieve confidential data.
For example, you can use the python-decouple library along with a .env file to manage your project's configuration:
-
Install
python-decouple:pip install python-decouple
-
Create a
.envfile in your project's root directory and add your secret information:SECRET_KEY=your_actual_secret_key -
In your code, use
python-decoupleto access your configuration variables:from decouple import config secret_key = config('SECRET_KEY')
By following secure practices, you help protect your application and sensitive data.