{"id":48564359,"url":"https://github.com/jthop/flask-api-key","last_synced_at":"2026-04-08T12:37:37.373Z","repository":{"id":115612529,"uuid":"503353629","full_name":"jthop/flask-api-key","owner":"jthop","description":"Flask extension to facilitate traditional api-key auth of an api","archived":false,"fork":false,"pushed_at":"2023-09-04T06:17:55.000Z","size":99,"stargazers_count":16,"open_issues_count":4,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-01-03T16:02:05.766Z","etag":null,"topics":["api","authentication","flask","python","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jthop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-14T12:38:44.000Z","updated_at":"2025-01-27T20:38:47.000Z","dependencies_parsed_at":"2024-11-21T03:31:47.600Z","dependency_job_id":null,"html_url":"https://github.com/jthop/flask-api-key","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/jthop/flask-api-key","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jthop%2Fflask-api-key","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jthop%2Fflask-api-key/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jthop%2Fflask-api-key/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jthop%2Fflask-api-key/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jthop","download_url":"https://codeload.github.com/jthop/flask-api-key/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jthop%2Fflask-api-key/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31556238,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T10:21:54.569Z","status":"ssl_error","status_checked_at":"2026-04-08T10:21:38.171Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","authentication","flask","python","python3"],"created_at":"2026-04-08T12:37:37.212Z","updated_at":"2026-04-08T12:37:37.358Z","avatar_url":"https://github.com/jthop.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit) \n[![Build and publish pkg](https://github.com/jthop/flask-api-key/actions/workflows/python-publish.yml/badge.svg)](https://github.com/jthop/flask-api-key/actions/workflows/python-publish.yml)\n[![PyPI version](https://badge.fury.io/py/flask-api-key.svg)](https://badge.fury.io/py/flask-api-key)\n[![MIT license](https://img.shields.io/badge/License-MIT-blue.svg)](https://lbesson.mit-license.org/)\n[![GitHub last commit](https://img.shields.io/github/last-commit/jthop/flask-api-key)](https://github.com/jthop/flask-api-key)\n[![GitHub repo size](https://img.shields.io/github/repo-size/jthop/flask-api-key?style=flat)](https://github.com/jthop/flask-api-key)\n[![GitHub language count](https://img.shields.io/github/languages/count/jthop/flask-api-key?style=flat)](https://github.com/jthop/flask-api-key)\n[![GitHub top language](https://img.shields.io/github/languages/top/jthop/flask-api-key?style=flat)](https://python.org)\n[![Profile View Counter](https://komarev.com/ghpvc/?username=jthop)](./)\n[![Visitors](https://api.visitorbadge.io/api/visitors?path=jhopper%2Fflask-api-key\u0026label=visitors\u0026countColor=%234c1\u0026style=flat)](https://visitorbadge.io/status?path=jhopper%2Fflask-api-key)\n[![Whos your daddy](https://img.shields.io/badge/whos%20your%20daddy-2.0.7rc3-brightgreen.svg)](https://14.do/)\n[![volkswagen status](https://auchenberg.github.io/volkswagen/volkswargen_ci.svg?v=1)](https://github.com/auchenberg/volkswagen)\n[![works badge](https://cdn.jsdelivr.net/gh/nikku/works-on-my-machine@v0.2.0/badge.svg)](https://github.com/nikku/works-on-my-machine)\n\u003c!-- [![No Maintenance Intended](http://unmaintained.tech/badge.svg)](http://unmaintained.tech/) --\u003e\n\n\n# flask-api-key #\n\nSimple Flask Extension to easily add api auth using the good tried and tested api key model.\n\n## Why :man_shrugging: ##\n\nJWTs can be great.  Especially if you have 100 microservices and are growing at the rate of Facebook.\n\nBut for those of us that are not scaling at the rate of Facebook or Google, JWTs may be unnecessary.  Api Keys can be instantly revoked.  No refresh-token policies to worry about (is there a secure refresh standard yet?). With just a little caching(Redis), many of the DB round-trips can be avoided as well.  But most of all, api keys are easy to use.  Your developers can get started in no time.\n\nSo obviously, we believe.  However, while there are tons of JWT/JWS/JWE,JWABC token extensions, very few api key extensions exist.  So, this is my attempt to fill that void.\n\n\n## Install :floppy_disk: ##\n\n\nFirst things first, install it.\n\n`pip install flask-api-key`\n\n\n## Use :muscle: ##\n\n\n1.  Add to your flask project **without** the *app factory* pattern\n\n```python\nfrom flask import Flask\nfrom flask_api_key import APIKeyManager\n\napp = Flask(__name__)\nmy_key_manager = APIKeyManager(app)\n```\n\nOr **with** the *app factory* pattern\n\n```python\nmy_key_manager = APIKeyManager()\n...\ndef create_app():\n    app = Flask(__name__)\n    my_key_manager.init_app(app)\n    return app\n```\n\n2.  Create an api-key\n\n```python\nmy_key = my_key_manager.create('MY_FIRST_KEY')\nprint(my_key.secret)\n```\n\n3.  Decorate an endpoint\n\n```python\nfrom flask_api_key import api_key_required\n\n@route('/api/v1/secure')\n@api_key_required\ndef my_endpoint():\n    return jsonify({'foo': 'bar'})\n```\n\n4.  Fetch your endpoint with your key in the Auth header\n\n```shell\ncurl https://yoursite.com/api/v1/secure\n   -H \"Accept: application/json\"\n   -H \"Authorization: Bearer INSERT_YOUR_API_KEY_HERE\"\n```\n\n## Extension Configuration :toolbox: ##\n\n\n| Variable | Default | Type | Description |\n| --- | --- | --- | --- |\n| FLASK_API_KEY_LOCATION | `'Header'` | String | Location of the key in the request |\n| FLASK_API_KEY_HEADER_NAME | `'Authorization'` | String | Which header to use |\n| FLASK_API_KEY_HEADER_TYPE | `'Bearer'` | String | Which header type to use |\n| FLASK_API_KEY_PREFIX | `'my_api'` | String | Used to identify your site's keys in a breach [^1] |\n| FLASK_API_KEY_SECRET_LENGTH | `64` | Int | Length in characters of the key's secret portion |\n| FLASK_API_KEY_SECRET_CHARSET | `'ascii_62'` | String | Passlib compliant charset name to use |\n\n\nThe extension is configured via Flask's built-in config object, app.config.  If unfamiliar with Flask's app.config, it's time to read up on flask:\n\u003chttps://flask.palletsprojects.com/\u003e\n\nAll configuration writing should be done in flask.  However, often times it is necessary to read the config.  We have included multiple ways to access a read-only version of the config.  This read-only config has normalized keys.  The FLASK_API_KEY_ namespace has been removed and the remainder is lower case.\n\nExample [^2]\n\n```python\nloc = my_key_manager.config['location']\nprint(loc)    # will print 'Header'\n```\n\nAlso\n\n```python\nfrom flask-api-key.utils import get_ext_config\n\ncfg = get_ext_config()\nloc = cfg['location']\nprint(loc)    # will print 'Header'\n```\n\n[^1]: Prefix has many options to explore.  You could use a prefix that unquestionably identifies your keys, such as real_sitename_com_.  Or, if you want to be more vague, you could make up a prefix such as acFFC128jlk_.  As long as you can write a regex to identify your keys, sites such as github will assist you in identifying compromised keys.\n[^2]: Both of the examples should print 'Header' only if the config is default and has not been changed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjthop%2Fflask-api-key","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjthop%2Fflask-api-key","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjthop%2Fflask-api-key/lists"}