Skip to main content

Automatic Web API REST

Project description

AutoApi

PyPI pyversions Build Status Coverage Status Code Climate

The goal of AutoApi is avoid developing an API REST at the start of a project, making a prototype easier than usual. AutoApi also has an authentication system and multiple APIs are supported.

Quickstart

Assuming you have MongoDB server running in localhost on the default port without authentication, AutoApi starts as:

$ workon api
(api) $ pip install auto_api
(api) $ autoapi
  * Running on http://localhost:8686/ (Press CTRL+C to quit)
  ...

A personal agenda is a good example to show how AutoApi works. We will use the example API to insert and retrieve items from agenda collection.

Insert

To add an item in the agenda, the following HTTP request shows how to do it:

POST http://localhost:8686/example/agenda
Content-Type: application/json

{
  "name": "user",
  "email": "user@email.com",
  "phone": "+123 456-789",
  "address": "123 Street"
}

It's important to add /example (API name) before the REST path /agenda, because that is the way AutoApi identifies them. The response will contain the id of the created item as:

{"id": "591a79400000000000000000"}

Where the value of id will always be a MongoDB ObjectId.

Retrieve

To get the previous inserted item in the agenda, is required to know the id of the item. The previous response shows the id is 591a79400000000000000000, so the item can be retrieve making the following HTTP request:

GET http://localhost:8686/example/agenda/591a79400000000000000000

In the same way as the insert operation, the API name and the REST path are required, in this case the path is /agenda/591a79400000000000000000. The response will contain the initial inserted data and the AutoApi assigned id:

{
  "id": "591a79400000000000000000",
  "name": "user",
  "email": "user@email.com",
  "phone": "+123 456-789",
  "address": "123 Street"
}

But, if you want to retrieve all the items of the agenda, the following HTTP request shows how:

GET http://localhost:8686/example/agenda

And the response will be:

[
  {
    "id": "591a79400000000000000000",
    "name": "user",
    "email": "user@email.com",
    "phone": "+123 456-789",
    "address": "123 Street"
  },
  ...
]

How does AutoApi work?

AutoApi was develop on Python using Flask and MongoDB, it was thought to support multiples API because AutoApi uses a database to represent an API, thus to differentiate between two APIs it is necessary to add the api name as a prefix in the URL. For instance, to retrieve all the movies from imdb-copy API it is necessary to do a GET to /imdb-copy/movies, but to retrieve the movies from rottentomatoes-copy API the URL is /rottentomatoes-copy/movies.

Another important feature of AutoApi is the authentication, but authentication in this develop is at API level, so users can not be shared between APIs, the reason is because AutoApi uses MongoDB users instead of using a collection to store them, so they are related to a database and AutoApi consider a database as an API.

Configuration file

As AutoApi uses MongoDB to store the data, it is necessary to know the location of the database, by default AutoApi will try to connect to the default connection of MongoDB (localhost, 27017) unless a configuration file is given.

The configuration file stores the configuration for the MongoDB connection (including the authentication credentials), there is a template on this repository that show the syntax and the options, the template is called server.cfg.default.

AutoApi can receive a configuration file using two methods, one is defining an environment variable with the name AUTOAPI_SETTINGS where the value is the file path. The other way is passing the parameter config_path to the constructor of AutoApi object with the file path.

If you are going to use the given script to run AutoApi, you can provide the configuration file as a parameter with the flag -f, that script uses one of the previous options.

AutoApi features

Authentication & Authorization

AutoApi authentication is optional, by default it is not activated. To activate it is necessary:

Authentication

Each API has their own users, so users have to logged specifying the API in the request:

POST /login
Content-Type: application/json

{
  "api": "example",
  "email": "user@email.com",
  "password": "pass"
}

The response will contain a session token in the headers and body:

X-Email: user@email.com
X-Token: 123456

{
  "email": "user@email.com",
  "token": "123456"
}

To logout, users have to specify the API too:

POST /logout
Content-Type: application/json
X-Email: user@email.com
X-Token: 123456

{"api": "example"}

Users and Authorization

Only admin users can create more users specifying the API and CRUD roles:

POST /user
Content-Type: application/json
X-Email: ADMIN_USER
X-Token: ADMIN_USER_TOKEN

{
  "email": "other_user@email.com",
  "password": "pass",
  "api": "example",
  "roles": ["read", "update"]
}

The last request creates the user other_user@email.com and authorizes him to read and update the example API without any API creation request.

Each user can update his own password and only an admin user can change other users password . The change can be done using the following request:

POST /password
Content-Type: application/json
X-Email: USER
X-Token: USER_TOKEN

{
  "email": "other_user@email.com",
  "password": "new-pass",
  "api": "example"
}

It is important to note that the request needs the email parameter to select to user that will change the password.

Finally, only an admin user can change the authorization roles for a particular user using the following request:

POST /roles
Content-Type: application/json
X-Email: ADMIN_USER
X-Token: ADMIN_USER_TOKEN

{
  "email": "other_user@email.com",
  "api": "example",
  "roles": {
    "update": false,
    "delete": true
  }
}

Collections and Resources

API

To use an API in AutoApi it is not necessary to create it, it is created on demand and there is no operations related for path /api.

API collection

To use and API collection in AutoApi it is not necessary to create it, it is also created on demand.

CRUD collection's resources

It is important to remember that if AutoApi's authentication is enabled then only logged users, with the respective authorization, can CRUD API's resources.

A good API REST example is to show how to mark as a classic all the movies where actor_1 appears.

PATCH /example/actors/actor_1/movies
Content-Type: application/json
X-Email: user@email.com
X-Token: USER_TOKEN

{"classic": true}

More info about REST:

Dependencies and configuration

OpenSSL Ubuntu dependencies

$ sudo apt-get install libffi-dev libssl-dev

Python dependencies

I strongly recommend you to use virtualenv and virtualenvwrapper.

$ workon autoapi
(autoapi) $ python setup.py develop

MongoDB

AutoApi doesn't required modifications on MongoDB configuration to handle APIs, collectios or resources. But, if you want to activate Authentication and Authorization, as AutoApi uses MongoDB users, it is necessary to set auth=true in your mongodb.cfg or run mongod with the flag --auth. If MongoDB was started with the authentication flag but doesn't have an admin user, AutoApi will try to create him using the given configuration file.

Related info:

Running AutoApi

To start the service AutoApi implements the __main__.py file, so after installing AutoApi it will be created the executable called autoapi and the module auto_api. Also, remember that if you want to run AutoApi with authentication, you must first turn on the authentication in MongoDB and then provide the flags -a (or --auth) and -f (or --config) with a configuration file based on server.cfg.default (located on this repository) to the following commands:

(api) $ autoapi [[-a] -f server.cfg]

or

(api) $ python -m auto_api [[-a] -f server.cfg]

Testing AutoApi

To run the AutoApi test there is a script called run_tests.py. This script will automatically start and stop two MongoDB servers (one with authentication enabled) for testing purpose only.

$ ./run_tests.py [nose-parameters]

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auto_api-2.0.1.tar.gz (18.5 kB view details)

Uploaded Source

Built Distribution

auto_api-2.0.1-py2.py3-none-any.whl (19.6 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file auto_api-2.0.1.tar.gz.

File metadata

  • Download URL: auto_api-2.0.1.tar.gz
  • Upload date:
  • Size: 18.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.1

File hashes

Hashes for auto_api-2.0.1.tar.gz
Algorithm Hash digest
SHA256 72d010778a76489e177e515c800ae3c59e2cf349f4cf42e256ab2c90522157d0
MD5 ba88ce014f50026ed76d447a81ee1a1c
BLAKE2b-256 7de800a58f1cf5ed9192be25e68f812d63e0271eb6cca0b8f8b46ff29097fd23

See more details on using hashes here.

File details

Details for the file auto_api-2.0.1-py2.py3-none-any.whl.

File metadata

  • Download URL: auto_api-2.0.1-py2.py3-none-any.whl
  • Upload date:
  • Size: 19.6 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.1

File hashes

Hashes for auto_api-2.0.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 7dd77bf80673e0dc0c42251b3e857706b6d800d037588da51b95dfccd4b97465
MD5 d834e13989ad43bf33695fccba429837
BLAKE2b-256 d3d6c46a9c104abd9a217faa7ee33527399a3ca29682538c7d904a133c3769d9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page