Calling APIs with Authentication Token
I had to write a python script to calling a series of APIs based on business logic. The issue was that these APIs needed an authentication token to execute. In absence of the token I got 403 Forbidden error because the API was not able to identify that the call (from program) is coming from authentic source.
I googled on how to call API from python code but every article I saw assumed an open, public API that did not need any authorization through token. This article is a result of my research and various unsuccessful code executions to finally finding out the way to call the API from python code with authentication token.
What do you need?
You should know the details of API that generates token. This is usually the first API and all the subsequent APIs use the same token generated by first API for authentication. Let’s call the first API as Login API that would need a user id and password as input. One should know the correct user id and password to begin with. Let’s call the second one as Report API. You should also be aware of which key-value pair in header of Login API contains the web token and the correct key-value pair in header of Report API where the web token should be passed.
Pre-Requisites
The details of Login API URL, Report API URL, user id and password are already stored in config file in a specific folder. We know that the web token is present key at in response header of Login API.
Assumption
Due to the sensitive nature of user id and password, I have not put them in code but in a separate config file which is read to get the details of url, user id and password etc. The code that I have written below assumes that you have worked with configparser and logging package in python. Please read my other article Config Files and Logging for more details. read_config and set_logging_basics functions are described in that article.
So let’s begin!
The config file looks something like this
First let’s define some static variables for the sections and key names in the config file.
Next we will define 2 small functions to read the URL and login details from the dictionary and return the relevant details back.
After defining the functions and static variables, it is time to get the logger details.
Get the login details and create a key-value pair of user name and password. The key name should be exactly same as coded in API.
Once the setup is done, it is time to call the Login API and get the authentication token. The authentication token is a part of Login API response. It is present in header for the key at. The token has to be passed on to subsequent Report API in the same at key of header of payload.
Till this point we have created the the header for the request of Report API with the authentication token. The call to Report API is now made.
Now we know how to read the authentication token from one API and pass it to other. In case of error I have just terminated the program — relevant business logic can be put in if resp_login.status_code != 200 to handle the graceful exit.
