Python SDK for OKAP (Open Key Access Protocol) - Secure API key delegation

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for g33k from gravatar.com g33k
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags ai , anthropic , api-keys , oauth , okap , openai , security
  • Requires: Python >=3.9
  • Provides-Extra: dev , vault
Classifiers
Report project as malware

Project description

OKAP Logo

OKAP Python SDK

Python SDK for OKAP (Open Key Access Protocol) - Secure API key delegation.

Installation

pip install okap

For vault server functionality:

pip install okap[vault]

Quick Start

For Apps (Requesting Access)

from okap import OkapClient

# Connect to user's vault
client = OkapClient(
    vault_url="https://vault.example.com",
    app_name="My AI App"
)

# Request access to OpenAI
token = client.request_access(
    provider="openai",
    models=["gpt-4", "gpt-4o-mini"],
    capabilities=["chat"],
    monthly_limit=10.00,  # $10/month max
    reason="For AI-powered features"
)

# Use with OpenAI SDK - just change base_url
from openai import OpenAI

ai = OpenAI(
    api_key=token.token,
    base_url=token.base_url  # Points to vault proxy
)

response = ai.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Hello!"}]
)

For Vaults (Hosting Keys)

from okap.vault import OkapVault, MemoryStorage
from fastapi import FastAPI

app = FastAPI()
vault = OkapVault(
    storage=MemoryStorage(),
    base_url="https://vault.example.com"
)

# Add your API keys
vault.add_key("openai", "sk-...")
vault.add_key("anthropic", "sk-ant-...")

@app.post("/okap/request")
def handle_request(request: dict):
    from okap.models import AccessRequest
    req = AccessRequest.model_validate(request)
    
    # In production, show approval UI to user first!
    # For demo, auto-approve:
    return vault.approve_request(req)

Features

  • 🔐 Secure delegation: Master keys never leave the vault
  • 📊 Usage limits: Set spend caps and rate limits per app
  • Expiration: Tokens auto-expire
  • 🔄 Revocable: Revoke access instantly
  • 🔌 Provider agnostic: Works with OpenAI, Anthropic, Google, etc.

Models

AccessRequest

from okap import AccessRequest

request = AccessRequest(
    provider="openai",
    models=["gpt-4"],
    capabilities=["chat", "embeddings"],
    limits=Limits(monthly_spend=10.00),
    expires="2025-03-01",
    reason="For my cool app"
)

OkapToken

from okap import OkapToken

# Returned after approval
token = OkapToken(
    token="okap_abc123...",
    base_url="https://vault.example.com/v1/openai",
    provider="openai",
    models=["gpt-4"],
    expires_at=datetime(2025, 3, 1)
)

Error Handling

from okap import OkapClient
from okap.errors import AccessDeniedError, VaultError

try:
    token = client.request_access(provider="openai")
except AccessDeniedError as e:
    print(f"User denied access: {e}")
except VaultError as e:
    print(f"Vault error: {e}")

Development

# Install dev dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Lint
ruff check .

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for g33k from gravatar.com g33k
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags ai , anthropic , api-keys , oauth , okap , openai , security
  • Requires: Python >=3.9
  • Provides-Extra: dev , vault
Classifiers

Release history Release notifications | RSS feed

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

okap-0.1.0.tar.gz (7.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

okap-0.1.0-py3-none-any.whl (9.4 kB view details)

Uploaded Python 3

File details

Details for the file okap-0.1.0.tar.gz.

File metadata

  • Download URL: okap-0.1.0.tar.gz
  • Upload date:
  • Size: 7.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for okap-0.1.0.tar.gz
Algorithm Hash digest
SHA256 d2a0b9dc099be873cec123fa0be3b09c63958d9dc2e43cb3ad3affd9ee762623
MD5 be9c1db08bcef5bbf2528a646376cf8e
BLAKE2b-256 db1968aef2ccfadf1b507cdfdb9a969d8a8ede3066c7a29721f08c952e7bbb49

See more details on using hashes here.

File details

Details for the file okap-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: okap-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 9.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for okap-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9cae774bb8e04abfa85a66a25df461c6a1b23c5a0396e730ea1611a5677e5270
MD5 360d6a875495bbf31c8238e14a8c51ec
BLAKE2b-256 f917dd3b4ad8d389d089a4bae66f6a81a9de5e69bb61a4d7ea756d2082b2ceb2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page