Python SDK for OKAP (Open Key Access Protocol) - Secure API key delegation
Project description
OKAP Python SDK
Python SDK for OKAP (Open Key Access Protocol) - Secure API key delegation.
Installation
pip install okap
For vault server functionality:
pip install okap[vault]
Quick Start
For Apps (Requesting Access)
from okap import OkapClient
# Connect to user's vault
client = OkapClient(
vault_url="https://vault.example.com",
app_name="My AI App"
)
# Request access to OpenAI
token = client.request_access(
provider="openai",
models=["gpt-4", "gpt-4o-mini"],
capabilities=["chat"],
monthly_limit=10.00, # $10/month max
reason="For AI-powered features"
)
# Use with OpenAI SDK - just change base_url
from openai import OpenAI
ai = OpenAI(
api_key=token.token,
base_url=token.base_url # Points to vault proxy
)
response = ai.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello!"}]
)
For Vaults (Hosting Keys)
from okap.vault import OkapVault, MemoryStorage
from fastapi import FastAPI
app = FastAPI()
vault = OkapVault(
storage=MemoryStorage(),
base_url="https://vault.example.com"
)
# Add your API keys
vault.add_key("openai", "sk-...")
vault.add_key("anthropic", "sk-ant-...")
@app.post("/okap/request")
def handle_request(request: dict):
from okap.models import AccessRequest
req = AccessRequest.model_validate(request)
# In production, show approval UI to user first!
# For demo, auto-approve:
return vault.approve_request(req)
Features
- Secure delegation: Master keys never leave the vault
- Usage limits: Set spend caps and rate limits per app
- Expiration: Tokens auto-expire
- Revocable: Revoke access instantly
- Provider agnostic: Works with OpenAI, Anthropic, Google, etc.
Models
AccessRequest
from okap import AccessRequest
request = AccessRequest(
provider="openai",
models=["gpt-4"],
capabilities=["chat", "embeddings"],
limits=Limits(monthly_spend=10.00),
expires="2025-03-01",
reason="For my cool app"
)
OkapToken
from okap import OkapToken
# Returned after approval
token = OkapToken(
token="okap_abc123...",
base_url="https://vault.example.com/v1/openai",
provider="openai",
models=["gpt-4"],
expires_at=datetime(2025, 3, 1)
)
Error Handling
from okap import OkapClient
from okap.errors import AccessDeniedError, VaultError
try:
token = client.request_access(provider="openai")
except AccessDeniedError as e:
print(f"User denied access: {e}")
except VaultError as e:
print(f"Vault error: {e}")
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Lint
ruff check .
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
okap-0.1.2.tar.gz
(7.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
okap-0.1.2-py3-none-any.whl
(9.3 kB
view details)
File details
Details for the file okap-0.1.2.tar.gz.
File metadata
- Download URL: okap-0.1.2.tar.gz
- Upload date:
- Size: 7.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
19409e3bdaa5966a1c3ba8d3a934bcabe6ead60735ba46cfbe48b3526a51c462
|
|
| MD5 |
1c59886b41e3eedfe4082f47e3a7bc25
|
|
| BLAKE2b-256 |
86c3a6a082c345da3fd20563b1633530b744673eb09530a44ada1983ba81edd4
|
File details
Details for the file okap-0.1.2-py3-none-any.whl.
File metadata
- Download URL: okap-0.1.2-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f801e7fcd9f0805da12a3efc8efd2f5396699b2a72ea8d139db244f19b005f2f
|
|
| MD5 |
f422750bda78b15174d64519fdc34318
|
|
| BLAKE2b-256 |
37b8d4cd565c9cb1e9ef934b90c96b54ca929e783f19eb1c091c170faa7e9729
|
