Secure Your Api Flask Token Based

Flask Token Based Authentication Example : Secure Your API

Most of the machine learning models and deep learning model do prediction through APIs.These APIs must be secured in such a way that no one can use it without your permission. There are many ways to do API authentication but the popular and common one is JWT authentication. In this entire intuition, you will know how to secure your API using Flask and MongoDB. I am assuming that you already have knowledge of Flask and MongoDB. Here is the only implementation part. You will learn the following things

How to register the Users?

Login Flask route for Authentication

Accessing the API route with Generated Tokens.

Steps by Steps to Secure your API

Step 1: Import the necessary Libraries.

import pymongo
from flask import Flask, jsonify, request
from flask_jwt_extended import JWTManager, jwt_required, create_access_token
from pymongo import MongoClient

Pymongo is the official MongoDB Database Python Package. Flask is the Python Web Framework and flask_jwt is the JWT plugin for the Flask Package.

Step 2: Connect to the MongoDB Database Server

Before knowing further keep in mind that MongoDB is schemaless Database Mangement System. It is No SQL database and it differs from other SQL Database. You can do all SQL operation like Create, Read, Update and Delete without creating any Class Model in Python. Use the following code to connect create db and collection for the MongoDB.

# Making a Connection with MongoClient
client = MongoClient("mongodb://localhost:27018/")
# database
db = client["app_database"]
# collection
user = db["User"]

Here, First of all, you will create a client for connection using the MongoClient() method and pass the database URL. I am using the database locally so it is ” mongodb://localhost:27017/“. After that create a database named “app_database“,using  client[“app_database”] and  then collection “Userusing db[“User”].

Step 3: Create a Flask app and Configure it

After making a connection with the MongoDB then next step is to create a Flask App and do some configuration on it. Use the Following Code

app = Flask(__name__)
jwt = JWTManager(app)

# JWT Config
app.config["JWT_SECRET_KEY"] = "this-is-secret-key" #change it

As you can see in the above code. First I have created an app and pass it into the JWTManager(app) method to secure the entire Flask Application and also config the JWT_SECRET_KEY.

Step 4: Design your Flask API routes

Now You will design API routes for registering, log in. Use the following code.

@app.route("/register", methods=["POST"])
def register():
    email = request.form["email"]
    # test = User.query.filter_by(email=email).first()
    test = user.find_one({"email": email})
    if test:
        return jsonify(message="User Already Exist"), 409
    else:
        first_name = request.form["first_name"]
        last_name = request.form["last_name"]
        password = request.form["password"]
        user_info = dict(first_name=first_name, last_name=last_name, email=email, password=password)
        user.insert_one(user_info)
        return jsonify(message="User added sucessfully"), 201

In the registered route first I am checking that email is in the database or not and if it is not then Insert the form response to the Database. To find an email in the database You will use find_one() method and for adding insert_one() method.  After registration, it will return the JSON response with the message User added successfully otherwise returns User Already Exist.

Login Route

@app.route("/login", methods=["POST"])
def login():
    if request.is_json:
        email = request.json["email"]
        password = request.json["password"]
    else:
        email = request.form["email"]
        password = request.form["password"]

    test = user.find_one({"email": email,"password":password})
    if test:
        access_token = create_access_token(identity=email)
        return jsonify(message="Login Succeeded!", access_token=access_token), 201
    else:
        return jsonify(message="Bad Email or Password"), 401

For the login route, I have created the condition for checking the JSON and form response. Thus it works for both the requests from Json or Form.

Here also I am using the find_one() method for checking username and password. If it is ok then I give the user Access Token that will be valid for some time to access the Other routes that require access.

Step 5: Secure the Route

Let’s create a route and test and secure it. First, you will create it and then add a decorator below the route

above the function definition. Use the following code.

@app.route("/dashboard")
@jwt_required
def dasboard():
    return jsonify(message="Welcome! to the Data Science Learner")

Full Code

import pymongo
from flask import Flask, jsonify, request
from flask_jwt_extended import JWTManager, jwt_required, create_access_token
from pymongo import MongoClient

# Making a Connection with MongoClient
client = MongoClient("mongodb://localhost:27018/")
# database
db = client["app_database"]
# collection
user = db["User"]

app = Flask(__name__)
jwt = JWTManager(app)

# JWT Config
app.config["JWT_SECRET_KEY"] = "this-is-secret-key"


@app.route("/dashboard")
@jwt_required
def dasboard():
    return jsonify(message="Welcome! to the Data Science Learner")


@app.route("/register", methods=["POST"])
def register():
    email = request.form["email"]
    # test = User.query.filter_by(email=email).first()
    test = user.find_one({"email": email})
    if test:
        return jsonify(message="User Already Exist"), 409
    else:
        first_name = request.form["first_name"]
        last_name = request.form["last_name"]
        password = request.form["password"]
        user_info = dict(first_name=first_name, last_name=last_name, email=email, password=password)
        user.insert_one(user_info)
        return jsonify(message="User added sucessfully"), 201


@app.route("/login", methods=["POST"])
def login():
    if request.is_json:
        email = request.json["email"]
        password = request.json["password"]
    else:
        email = request.form["email"]
        password = request.form["password"]

    test = user.find_one({"email": email, "password": password})
    if test:
        access_token = create_access_token(identity=email)
        return jsonify(message="Login Succeeded!", access_token=access_token), 201
    else:
        return jsonify(message="Bad Email or Password"), 401


if __name__ == '__main__':
    app.run(host="localhost", debug=True)

All tests

Registration

When you press the send button again you will get the error message.

user already exist in the database

 

User Details inside the MongoDB database.

 

Login Testing

 

Use the token key to get into the dashboard route defined above.

Before Login if you try to access the dashboard URL. Then you will get the following error message.

without login

After Login

after login with the secret key

Conclusion

Flask is a micro web framework for Python. In addition, you can use it to secure your  API for machine learning. This entire intuition covers a basic but effective authentication using username and password. Here you can see that I am storing the password as a simple text. But you can store it as a hashed version in the database. But you have to create an algorithm depending upon your language.

Hope you have understood all the concepts mentioned here. If you have any query about it then you can contact us or message us at the official Data Science Learner Page.

Join our list

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for signup. A Confirmation Email has been sent to your Email Address.

Something went wrong.

 
Thank you For sharing.We appreciate your support. Don't Forget to LIKE and FOLLOW our SITE to keep UPDATED with Data Science Learner