APIMatic announces the support for multiple authenticaion schemes in Python SDKs. With the new design, it has become quite easy to configure multiple authentication schemes per SDK. All of the auth managers are instantiated at the start during the client initialization. After that their relevant auth managers can be used to apply auth schemes per endpoint as required in SDK.
Details
Please note that the support for multiple authentication schemes is still in alpha, and some cases may not be supported at this point. Please contact support@apimatic.io
in case of any guidance.
Some REST APIs support several authentication types. The security section in the OpenAPI specification lets you combine the security requirements using logical OR
and AND
to achieve the desired result. Multiple authentication schemes can be applied per endpoint using the OR
or AND
combination. OR
means to successfully apply one of the allowed authentication schemes and AND
means to successfully apply all of those schemes for verification. OpenAPI specification allows for multiple authentication representation in security schemes as follows:
security: # A OR B
- A
- B
security: # A AND B
- A
B
We have also improved our previous design of applying single authentication schemes on requests. Let's take a detailed look at it.
What was Supported Before?
Previously, all the endpoints were authenticated by applying one auth scheme throughout the SDK. Below is an example of how Python SDK used to apply a single authentication scheme to endpoints. Single authentication design included static auth managers ensuring authentication per endpoint.
# Prepare and execute request
_request = self.config.http_client.get(_query_url, headers=_headers)
# Apply authentication scheme on request
self.apply_auth_schemes(_request, 'global')
_response = self.execute_request(_request)
What has Changed?
Improved Design of Single Authentication
We have now accommodated one-time instantiation of auth managers during the client initialization and authentication is applied at each endpoint level where it's required through that instance. The auth credentials required for the authentication scheme have been now made a part of Configuration.
Changes in Configuration
The example has been taken from a Python SDK configured with Custom Query
authentication. token
and api_key
are two of the credentials required for this auth scheme.
def __init__(
self, http_client_instance=None,
override_http_client_configuration=False, http_call_back=None,
timeout=60, max_retries=0, backoff_factor=2,
retry_statuses=[408, 413, 429, 500, 502, 503, 504, 521, 522, 524],
retry_methods=['GET', 'PUT'], environment=Environment.TESTING,
port='80', suites=1, token='TODO: Replace', api_key='TODO: Replace'
):
Client
CustomHeader AuthManager being instantiated below:
def initialize_auth_managers(self, config):
self.auth_managers = { key: None for key in ['global']}
self.auth_managers['global'] = CustomHeaderAuthentication(config.token, config.api_key)
return self.auth_managers
Add Support for Multiple Authentication
With the new design, it has become quite easy to configure multiple authentication schemes per SDK. All of the auth managers are instantiated at the start during the client initialization. After that their relevant auth managers can be used to apply auth schemes per endpoint as required in SDK. Furthermore, the auth schemes are applied in the combination of AND
and OR
. Let's understand the concept with the help of an example.
Example
Let's take an example of an SDK supporting OR
auth scheme combination of Custom Header
and Custom Query
at the same time. The SDK would have separate auth managers differentiating the flow of these auth schemes. At and endpoint level both of their auth keys will be passed as comma-separated values. The endpoint will try to authenticate using the first auth scheme i.e Custom Header
. In case of any credential failure, it will move on to apply and validate the second auth scheme. The API call will completely fail if validation is unsuccessful for both auth schemes..
# Prepare and execute request
_request = self.config.http_client.get(_query_url)
# Apply authentication scheme on request
self.apply_auth_schemes(_request, 'apiKey', 'apiHeader')
_response = self.execute_request(_request)
Another example could be an AND
auth scheme combination of Basic Auth
, Custom Header
, and Custom Query
in the SDK. It is applied as a space-separated string at each endpoint as shown below. An API call using AND
auth combination will be unsuccessful in case of invalid credentials of any applied auth scheme. To make this call successful all of the auth schemes credentials should be available during initialization.
# Prepare and execute request
_request = self.config.http_client.get(_query_url)
# Apply authentication scheme on request
self.apply_auth_schemes(_request, 'basicAuth apiKey apiHeader')
_response = self.execute_request(_request)