Skip to main content

A Requests auth module for HTTP Signature

Project description

requests-http-signature is a Requests authentication plugin (requests.auth.AuthBase subclass) implementing the IETF HTTP Signatures draft RFC. It has no required dependencies outside the standard library. If you wish to use algorithms other than HMAC (namely, RSA and ECDSA algorithms specified in the RFC), there is an optional dependency on cryptography.

import requests
from requests_http_signature import HTTPSignatureAuth
preshared_secret = 'monorail_cat'
url = ''
requests.get(url, auth=HTTPSignatureAuth(key=preshared_secret, key_id='squirrel'))

In addition to signing messages in the client, the class method HTTPSignatureAuth.verify() can be used to verify incoming requests:

def key_resolver(key_id, algorithm):
    return 'monorail_cat'

HTTPSignatureAuth.verify(request, key_resolver=key_resolver)


pip install requests-http-signature

Asymmetric key algorithms (RSA and ECDSA)

For asymmetric key algorithms, you should supply the private key as the key parameter to the HTTPSignatureAuth() constructor as bytes in the PEM format. When verifying, the key_resolver() callback should provide the public key as bytes in the PEM format as well.


Licensed under the terms of the Apache License, Version 2.0.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-http-signature-0.0.2.tar.gz (5.1 kB view hashes)

Uploaded Source

Built Distribution

requests_http_signature-0.0.2-py2.py3-none-any.whl (6.5 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page