ANNCSU Software Development Kit for API consumption

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for geobeyond from gravatar.com geobeyond

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

anncsu-sdk

ANNCSU Software Development Kit for API consumption

Developer-friendly & type-safe Python SDK specifically catered to leverage anncsu API.



[!IMPORTANT] This SDK is not yet ready for production use. To complete setup please follow the steps outlined in your workspace. Delete this section before > publishing to a package manager.

Summary

ANNCSU REST API: API dei servizi REST di ANNCSU su PDND

Table of Contents

SDK Installation

[!TIP] To finish publishing your SDK to PyPI you must run your first generation action.

[!NOTE] Python version upgrade policy

Once a Python version reaches its official end of life date, a 3-month grace period is provided for users to upgrade. Following this grace period, the minimum python version supported in the SDK will be updated.

The SDK can be installed with either pip or poetry package managers.

PIP

PIP is the default package installer for Python, enabling easy installation and management of packages from PyPI via the command line.

pip install git+<UNSET>.git

Poetry

Poetry is a modern tool that simplifies dependency management and package publishing by using a single pyproject.toml file to handle project metadata and dependencies.

poetry add git+<UNSET>.git

Shell and script usage with uv

You can use this SDK in a Python shell with uv and the uvx command that comes with it like so:

uvx --from anncsu.pa python

It's also possible to write a standalone Python script without needing to set up a whole project like so:

#!/usr/bin/env -S uv run --script
# /// script
# requires-python = ">=3.9"
# dependencies = [
#     "anncsu",
# ]
# ///

from anncsu.pa import Anncsu

sdk = Anncsu(
  # SDK arguments
)

# Rest of script here...

Once that is saved to a file, you can run it with uv run script.py where script.py can be replaced with the actual file name.

IDE Support

PyCharm

Generally, the SDK will work well with most IDEs out of the box. However, when using PyCharm, you can enjoy much better integration with Pydantic by installing an additional plugin.

SDK Example Usage

Example

# Synchronous Example
from anncsu.pa import Anncsu


with Anncsu() as a_client:

    res = a_client.queryparam.esiste_odonimo_get_query_param(codcom="H501", denom="VklBIFJPTUE=")

    # Handle response
    print(res)

The same SDK client can also be used to make asychronous requests by importing asyncio.

# Asynchronous Example
from anncsu.pa import Anncsu
import asyncio

async def main():

    async with Anncsu() as a_client:

        res = await a_client.queryparam.esiste_odonimo_get_query_param_async(codcom="H501", denom="VklBIFJPTUE=")

        # Handle response
        print(res)

asyncio.run(main())

Security and Authentication

All ANNCSU APIs use PDND (Piattaforma Digitale Nazionale Dati) voucher-based authentication with HTTP Bearer tokens.

Complete Authentication Flow

The SDK supports the complete PDND authentication flow:

┌─────────────────────┐     ┌─────────────────────┐     ┌─────────────────────┐
│  1. Create Client   │     │  2. Exchange for    │     │  3. Use Access      │
│     Assertion       │────▶│     Access Token    │────▶│     Token           │
│     (JWT)           │     │     (OAuth2)        │     │     (API Calls)     │
└─────────────────────┘     └─────────────────────┘     └─────────────────────┘

from pathlib import Path
from anncsu.pa import Anncsu
from anncsu.common import (
    # Step 1: Client Assertion
    ClientAssertionConfig,
    create_client_assertion,
    # Step 2: Token Exchange
    TokenConfig,
    get_access_token,
    # Step 3: API Authentication
    Security,
)

# Step 1: Create client assertion (JWT)
assertion_config = ClientAssertionConfig(
    kid="your-key-id",
    issuer="your-client-id",
    subject="your-client-id",
    audience="auth.uat.interop.pagopa.it/client-assertion",
    purpose_id="your-purpose-id",
    key_path=Path("./private_key.pem"),
)
client_assertion = create_client_assertion(assertion_config)

# Step 2: Exchange for access token
token_config = TokenConfig(
    client_id="your-client-id",
    client_assertion=client_assertion,
    token_endpoint="https://auth.uat.interop.pagopa.it/token.oauth2",
)
token_response = get_access_token(token_config)

# Step 3: Use access token for API calls
security = Security(bearer=token_response.access_token)
sdk = Anncsu(security=security)

response = sdk.queryparam.esiste_odonimo_get_query_param(
    codcom="H501",
    denom="VklBIFJPTUE="
)

Basic Authentication (with existing token)

If you already have an access token:

from anncsu.pa import Anncsu
from anncsu.common import Security

security = Security(bearer="your-access-token")
sdk = Anncsu(security=security)

response = sdk.queryparam.esiste_odonimo_get_query_param(
    codcom="H501",
    denom="VklBIFJPTUE="
)

Token Expiration Validation

The Security class automatically validates token expiration when initialized. If the token is expired, it raises TokenExpiredError instead of letting the API return a confusing 404 error:

from anncsu.common import Security, TokenExpiredError

try:
    security = Security(bearer=token_response.access_token)
except TokenExpiredError as e:
    print(f"Token expired at {e.expired_at}, current time: {e.current_time}")
    # Obtain a new access token...
    token_response = get_access_token(token_config)
    security = Security(bearer=token_response.access_token)

You can also check expiration manually:

# Check if token is expired
if security.is_expired():
    print("Token needs refresh!")

# Get seconds until expiration (negative if already expired)
ttl = security.time_until_expiration()
if ttl and ttl < 60:
    print(f"Token expires in {ttl} seconds, consider refreshing")

To skip validation (not recommended):

security = Security(bearer=expired_token, validate_expiration=False)

Key Features

  • Complete Auth Flow: Generate assertions, exchange for tokens, authenticate API calls
  • PDND Voucher: Full PDND (Piattaforma Digitale Nazionale Dati) authentication support
  • Bearer Token: JWT format tokens in Authorization header
  • Sync & Async: Both get_access_token and get_access_token_async available
  • Error Handling: Dedicated exceptions for token errors (TokenRequestError, TokenResponseError)
  • Type-Safe: Full type hints with modern Python syntax

Loading Configuration from Environment Variables

The SDK supports loading configuration from environment variables or a .env file:

from anncsu.common.config import ClientAssertionSettings
from anncsu.common import create_client_assertion, TokenConfig, get_access_token, Security
from anncsu.pa import Anncsu

# Automatically loads from environment variables or .env file
settings = ClientAssertionSettings()
client_assertion = create_client_assertion(settings.to_config())

# Exchange for access token
token_response = get_access_token(TokenConfig(
    client_id=settings.issuer,
    client_assertion=client_assertion,
    token_endpoint="https://auth.uat.interop.pagopa.it/token.oauth2",
))

# Use with SDK
sdk = Anncsu(security=Security(bearer=token_response.access_token))

Required Environment Variables (prefix: PDND_)

Variable Description
PDND_KID Key ID (kid) header parameter
PDND_ISSUER Issuer claim - your client_id
PDND_SUBJECT Subject claim - your client_id
PDND_AUDIENCE Audience claim - must end with /client-assertion
PDND_PURPOSE_ID Purpose ID for the request
PDND_PRIVATE_KEY Private key content (or use PDND_KEY_PATH)
PDND_KEY_PATH Path to private key file (or use PDND_PRIVATE_KEY)

Example .env file

PDND_KID=my-key-id
PDND_ISSUER=my-client-id
PDND_SUBJECT=my-client-id
PDND_AUDIENCE=auth.uat.interop.pagopa.it/client-assertion
PDND_PURPOSE_ID=my-purpose-id
PDND_KEY_PATH=./private_key.pem

Documentation

For comprehensive security documentation including:

  • Complete authentication flow (3 steps)
  • Token exchange parameters and error handling
  • Client assertion generation
  • Token refresh strategies
  • Best practices and security checklist
  • Testing with security

See docs/SECURITY.md

Available Resources and Operations

Available methods

json_post

pathparam

queryparam

status

Retries

Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.

To change the default retry strategy for a single API call, simply provide a RetryConfig object to the call:

from anncsu.pa import Anncsu
from anncsu.common.utils import BackoffStrategy, RetryConfig


with Anncsu() as a_client:

    res = a_client.queryparam.esiste_odonimo_get_query_param(codcom="H501", denom="VklBIFJPTUE=",
        RetryConfig("backoff", BackoffStrategy(1, 50, 1.1, 100), False))

    # Handle response
    print(res)

If you'd like to override the default retry strategy for all operations that support retries, you can use the retry_config optional parameter when initializing the SDK:

from anncsu.pa import Anncsu
from anncsu.common.utils import BackoffStrategy, RetryConfig


with Anncsu(
    retry_config=RetryConfig("backoff", BackoffStrategy(1, 50, 1.1, 100), False),
) as a_client:

    res = a_client.queryparam.esiste_odonimo_get_query_param(codcom="H501", denom="VklBIFJPTUE=")

    # Handle response
    print(res)

Error Handling

AnncsuError is the base class for all HTTP error responses. It has the following properties:

Property Type Description
err.message str Error message
err.status_code int HTTP response status code eg 404
err.headers httpx.Headers HTTP response headers
err.body str HTTP body. Can be empty string if no body is returned.
err.raw_response httpx.Response Raw HTTP response
err.data Optional. Some errors may contain structured data. See Error Classes.

Example

from anncsu.pa import Anncsu, errors


with Anncsu() as a_client:
    res = None
    try:

        res = a_client.queryparam.esiste_odonimo_get_query_param(codcom="H501", denom="VklBIFJPTUE=")

        # Handle response
        print(res)


    except errors.AnncsuError as e:
        # The base class for HTTP error responses
        print(e.message)
        print(e.status_code)
        print(e.body)
        print(e.headers)
        print(e.raw_response)

        # Depending on the method different errors may be thrown
        if isinstance(e, errors.EsisteOdonimoGetQueryParamBadRequestError):
            print(e.data.title)  # Optional[str]
            print(e.data.detail)  # Optional[str]

Error Classes

Primary error:

  • AnncsuError: The base class for HTTP error responses.
Less common errors (120)

Network errors:

Inherit from AnncsuError:

* Check the method documentation to see if the error is applicable.

Server Selection

Override Server URL Per-Client

The default server can be overridden globally by passing a URL to the server_url: str optional parameter when initializing the SDK client instance. For example:

from anncsu.pa import Anncsu


with Anncsu(
    server_url="https://modipa.agenziaentrate.gov.it/govway/rest/in/AgenziaEntrate-PDND/anncsu-consultazione/v1",
) as a_client:

    res = a_client.queryparam.esiste_odonimo_get_query_param(codcom="H501", denom="VklBIFJPTUE=")

    # Handle response
    print(res)

UAT Environment Configuration

When working with the UAT (User Acceptance Testing) environment, you may need to configure a different server URL and handle SSL certificate issues.

Basic UAT Configuration

from anncsu.pa import Anncsu
from anncsu.common import Security

sdk = Anncsu(
    security=Security(bearer_auth=token_response.access_token),
    server_url="https://modipa-uat.agenziaentrate.gov.it/govway/rest/in/AgenziaEntrate-PDND/anncsu-consultazione/v1",
)

Disabling SSL Verification (UAT Only)

The UAT environment may use certificates that are not trusted by your system's certificate store. To bypass SSL verification for testing purposes only:

import httpx
from anncsu.pa import Anncsu
from anncsu.common import Security

# Create HTTP client with SSL verification disabled
client = httpx.Client(verify=False)

sdk = Anncsu(
    security=Security(bearer_auth=token_response.access_token),
    server_url="https://modipa-uat.agenziaentrate.gov.it/govway/rest/in/AgenziaEntrate-PDND/anncsu-consultazione/v1",
    client=client,
)

# Make API calls
response = sdk.queryparam.esiste_odonimo_get_query_param(
    codcom="H501",
    denom="VklBIFJPTUE="
)

For async operations, also configure the async client:

import httpx
from anncsu.pa import Anncsu
from anncsu.common import Security

client = httpx.Client(verify=False)
async_client = httpx.AsyncClient(verify=False)

sdk = Anncsu(
    security=Security(bearer_auth=token_response.access_token),
    server_url="https://modipa-uat.agenziaentrate.gov.it/govway/rest/in/AgenziaEntrate-PDND/anncsu-consultazione/v1",
    client=client,
    async_client=async_client,
)

Warning: Never disable SSL verification in production! This should only be used for UAT/testing environments where the server uses self-signed or untrusted certificates.

Complete UAT Example

Here's a complete example for UAT environment with PDND authentication:

import httpx
from pathlib import Path
from anncsu.pa import Anncsu
from anncsu.common import (
    ClientAssertionConfig,
    create_client_assertion,
    TokenConfig,
    get_access_token,
    Security,
)

# Step 1: Create client assertion for UAT
assertion_config = ClientAssertionConfig(
    kid="your-key-id",
    issuer="your-client-id",
    subject="your-client-id",
    audience="auth.uat.interop.pagopa.it/client-assertion",  # UAT audience
    purpose_id="your-purpose-id",
    key_path=Path("./private_key.pem"),
)
client_assertion = create_client_assertion(assertion_config)

# Step 2: Exchange for access token (UAT token endpoint)
token_config = TokenConfig(
    client_id="your-client-id",
    client_assertion=client_assertion,
    token_endpoint="https://auth.uat.interop.pagopa.it/token.oauth2",  # UAT endpoint
)
token_response = get_access_token(token_config)

# Step 3: Create SDK with UAT configuration
client = httpx.Client(verify=False)  # Only for UAT!

sdk = Anncsu(
    security=Security(bearer_auth=token_response.access_token),
    server_url="https://modipa-uat.agenziaentrate.gov.it/govway/rest/in/AgenziaEntrate-PDND/anncsu-consultazione/v1",
    client=client,
)

# Step 4: Make API calls
response = sdk.queryparam.esiste_odonimo_get_query_param(
    codcom="H501",
    denom="VklBIFJPTUE="
)
print(response)

Custom HTTP Client

The Python SDK makes API calls using the httpx HTTP library. In order to provide a convenient way to configure timeouts, cookies, proxies, custom headers, and other low-level configuration, you can initialize the SDK client with your own HTTP client instance. Depending on whether you are using the sync or async version of the SDK, you can pass an instance of HttpClient or AsyncHttpClient respectively, which are Protocol's ensuring that the client has the necessary methods to make API calls. This allows you to wrap the client with your own custom logic, such as adding custom headers, logging, or error handling, or you can just pass an instance of httpx.Client or httpx.AsyncClient directly.

For example, you could specify a header for every request that this sdk makes as follows:

from anncsu.pa import Anncsu
import httpx

http_client = httpx.Client(headers={"x-custom-header": "someValue"})
s = Anncsu(client=http_client)

or you could wrap the client with your own custom logic:

from anncsu.pa import Anncsu
from anncsu.pa.httpclient import AsyncHttpClient
import httpx

class CustomClient(AsyncHttpClient):
    client: AsyncHttpClient

    def __init__(self, client: AsyncHttpClient):
        self.client = client

    async def send(
        self,
        request: httpx.Request,
        *,
        stream: bool = False,
        auth: Union[
            httpx._types.AuthTypes, httpx._client.UseClientDefault, None
        ] = httpx.USE_CLIENT_DEFAULT,
        follow_redirects: Union[
            bool, httpx._client.UseClientDefault
        ] = httpx.USE_CLIENT_DEFAULT,
    ) -> httpx.Response:
        request.headers["Client-Level-Header"] = "added by client"

        return await self.client.send(
            request, stream=stream, auth=auth, follow_redirects=follow_redirects
        )

    def build_request(
        self,
        method: str,
        url: httpx._types.URLTypes,
        *,
        content: Optional[httpx._types.RequestContent] = None,
        data: Optional[httpx._types.RequestData] = None,
        files: Optional[httpx._types.RequestFiles] = None,
        json: Optional[Any] = None,
        params: Optional[httpx._types.QueryParamTypes] = None,
        headers: Optional[httpx._types.HeaderTypes] = None,
        cookies: Optional[httpx._types.CookieTypes] = None,
        timeout: Union[
            httpx._types.TimeoutTypes, httpx._client.UseClientDefault
        ] = httpx.USE_CLIENT_DEFAULT,
        extensions: Optional[httpx._types.RequestExtensions] = None,
    ) -> httpx.Request:
        return self.client.build_request(
            method,
            url,
            content=content,
            data=data,
            files=files,
            json=json,
            params=params,
            headers=headers,
            cookies=cookies,
            timeout=timeout,
            extensions=extensions,
        )

s = Anncsu(async_client=CustomClient(httpx.AsyncClient()))

Resource Management

The Anncsu class implements the context manager protocol and registers a finalizer function to close the underlying sync and async HTTPX clients it uses under the hood. This will close HTTP connections, release memory and free up other resources held by the SDK. In short-lived Python programs and notebooks that make a few SDK method calls, resource management may not be a concern. However, in longer-lived programs, it is beneficial to create a single SDK instance via a context manager and reuse it across the application.

from anncsu.pa import Anncsu
def main():

    with Anncsu() as a_client:
        # Rest of application here...


# Or when using async:
async def amain():

    async with Anncsu() as a_client:
        # Rest of application here...

Debugging

You can setup your SDK to emit debug logs for SDK requests and responses.

You can pass your own logger class directly into your SDK.

from anncsu.pa import Anncsu
import logging

logging.basicConfig(level=logging.DEBUG)
s = Anncsu(debug_logger=logging.getLogger("anncsu"))

You can also enable a default debug logger by setting an environment variable ANNCSU_DEBUG to true.

Architecture

This SDK follows a modular architecture designed to support multiple ANNCSU API specifications:

Package Structure

anncsu/
├── common/          # Shared infrastructure (utilities, types, HTTP client, base errors)
└── pa/              # API-specific: Consultazione per le PA
    ├── models/      # Request/response models
    ├── errors/      # Operation-specific errors
    └── sdk.py       # Main SDK class

Shared Components (anncsu.common)

The anncsu.common package contains shared primitives used across all ANNCSU API clients:

  • Types: Base models and type definitions (BaseModel, OptionalNullable, UNSET)
  • Utilities: 16 utility modules for HTTP operations, serialization, retry logic, etc.
  • HTTP Infrastructure: HTTP client wrappers, base SDK class, configuration
  • Hooks: Before/after request hooks for customization
  • Base Errors: Generic error classes (AnncsuBaseError, APIError, NoResponseError)

Using Shared Components

When using advanced features like retry configuration, import from anncsu.common:

from anncsu.pa import Anncsu
from anncsu.common.utils import BackoffStrategy, RetryConfig  # Shared utilities

For regular SDK usage, you only need to import from anncsu.pa:

from anncsu.pa import Anncsu  # All you need for basic usage

Multiple API Support

This architecture allows adding new ANNCSU API specifications (e.g., aggiornamento_accessi, coordinate, interni, odonimi) as separate packages under the anncsu namespace, all sharing the same infrastructure.

For more details, see Refactoring Documentation.

Command Line Interface

The SDK includes a command-line interface (anncsu) for managing PDND authentication and performing common operations without writing code.

Quick Start

# Configure PDND credentials
anncsu config set --kid YOUR_KEY_ID --issuer YOUR_CLIENT_ID

# Login and obtain access token
anncsu auth login

# Check authentication status
anncsu auth status

Key Features

  • Authentication Management: Generate client assertions, obtain and refresh access tokens
  • Configuration: Manage PDND credentials via CLI or environment variables
  • Standalone Utilities: Create assertions independently for integration with other tools

Documentation

For complete CLI documentation including all commands, options, and examples, see docs/CLI.md.

Development

Maturity

This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.

Contributions

While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.

SDK Created by Speakeasy

Validate the specifications

Development/Validation Environment

spectral lint oas/dev/Specifica\ API\ -\ ANNCSU\ \ Consultazione\ per\ le\ PA.yaml --ruleset oas/.spectral.yaml

[!NOTE] Production environment specification will be available in oas/prod/ when provided by Agenzia delle Entrate.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for geobeyond from gravatar.com geobeyond

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.0.8

0.0.8.dev1 pre-release

0.0.7

0.0.7.dev2 pre-release

0.0.7.dev1 pre-release

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.1.dev32 pre-release

0.0.1.dev31 pre-release

This version

0.0.1.dev30 pre-release

0.0.1.dev28 pre-release

0.0.1.dev24 pre-release

0.0.1.dev21 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

anncsu_sdk-0.0.1.dev30.tar.gz (260.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

anncsu_sdk-0.0.1.dev30-py3-none-any.whl (145.0 kB view details)

Uploaded Python 3

File details

Details for the file anncsu_sdk-0.0.1.dev30.tar.gz.

File metadata

  • Download URL: anncsu_sdk-0.0.1.dev30.tar.gz
  • Upload date:
  • Size: 260.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for anncsu_sdk-0.0.1.dev30.tar.gz
Algorithm Hash digest
SHA256 e13477e5752014c6a77b66ff7a2c3ff64379184ae0686d56e4574a401e441f8d
MD5 b55dea7b23c0a15104c499d6688686c3
BLAKE2b-256 77a97b12d242806db6ed1bb08f5038809a232fc370ca332cbb954ba960d9a3d6

See more details on using hashes here.

File details

Details for the file anncsu_sdk-0.0.1.dev30-py3-none-any.whl.

File metadata

  • Download URL: anncsu_sdk-0.0.1.dev30-py3-none-any.whl
  • Upload date:
  • Size: 145.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for anncsu_sdk-0.0.1.dev30-py3-none-any.whl
Algorithm Hash digest
SHA256 589fc09c9ecccc2c78d22cc829303a273a13949a29bb0a606dd06e8681c7138b
MD5 409bb1493dca06dfcbfa3c447d753b3a
BLAKE2b-256 7ede9a2009c2a0708c69ea332115a1d4a98422bb4e02b8f66b87f2392c79b317

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page