Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #109683 > unrolled thread

Design an encrypted time-limited API on Client/Server side

Started byiMath <redstone-cold@163.com>
First post2016-06-08 09:51 -0700
Last post2016-06-08 17:04 +0000
Articles 3 — 3 participants

Back to article view | Back to comp.lang.python


Contents

  Design an encrypted time-limited API on Client/Server side iMath <redstone-cold@163.com> - 2016-06-08 09:51 -0700
    Re: Design an encrypted time-limited API on Client/Server side dieter <dieter@handshake.de> - 2016-06-09 08:55 +0200
    RE: Design an encrypted time-limited API on Client/Server side Joaquin Alzola <Joaquin.Alzola@lebara.com> - 2016-06-08 17:04 +0000

#109683 — Design an encrypted time-limited API on Client/Server side

FromiMath <redstone-cold@163.com>
Date2016-06-08 09:51 -0700
SubjectDesign an encrypted time-limited API on Client/Server side
Message-ID<3cef557f-bb1c-490a-a9ff-4c136cfdef2c@googlegroups.com>
​I am planning design an encrypted time-limited API on both Client and Server sides, the server side is written in Django, the client side is a GUI program which call the API by
import requests
c = requests.post("http://127.0.0.1:8000/VideoParser/", data={'videoUrl': videoUrl })
The way it call the API is desperately exposed to those who can use network traffic capturing tools like wireshark and fiddler, while I don't want anyone else could call the API with their customized videoUrl, and if people made the post call with the same parameters 2 minutes later after the client initially made the call, the call should be valid or expired, so how to design the encrypted time-limited API on both Client and Server side in this case ?

P.S. I think add an identifier to the post data could prevent them using the API

import requests
c = requests.post("http://127.0.0.1:8000/VideoParser/", data={'videoUrl': videoUrl, 'identifier':value_of_identifier })
provided there is something encrypted in the value_of_identifier and it changes with each call, but I don't know how to get started, any idea ?

It would be better to show some code , I really don't know which modules to use and  how to start to write code.

[toc] | [next] | [standalone]


#109701

Fromdieter <dieter@handshake.de>
Date2016-06-09 08:55 +0200
Message-ID<mailman.90.1465455417.2306.python-list@python.org>
In reply to#109683
iMath <redstone-cold@163.com> writes:

> ?I am planning design an encrypted time-limited API on both Client and Server sides, the server side is written in Django, the client side is a GUI program which call the API by
> import requests
> c = requests.post("http://127.0.0.1:8000/VideoParser/", data={'videoUrl': videoUrl })
> The way it call the API is desperately exposed to those who can use network traffic capturing tools like wireshark and fiddler

You could require the "https" protocol to prevent this.

> while I don't want anyone else could call the API with their customized videoUrl, and if people made the post call with the same parameters 2 minutes later after the client initially made the call, the call should be valid or expired, so how to design the encrypted time-limited API on both Client and Server side in this case ?

There is a general concept of "one-time-url" to handle cases such
as this one. These are urls which can be used just once.

Usually, they have associated an expiration date
and an uuid. The uuid is used on the server to maintain state (still
unused, already used); the expiration date allows state cleanup.

[toc] | [prev] | [next] | [standalone]


#109749

FromJoaquin Alzola <Joaquin.Alzola@lebara.com>
Date2016-06-08 17:04 +0000
Message-ID<mailman.116.1465481112.2306.python-list@python.org>
In reply to#109683
> I am planning design an encrypted time-limited API on both Client and Server sides,
If you want client/server communitation in an encypted way you can use the ssl module.
This email is confidential and may be subject to privilege. If you are not the intended recipient, please do not copy or disclose its content but contact the sender immediately upon receipt.

[toc] | [prev] | [standalone]


Back to top | Article view | comp.lang.python


csiph-web