Manualshelf

Extreme API with Python

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesWired and wireless orchestration for campus and IoT networks
11121314151617181920
Table Of Contents
Extreme API with Python
Page | 13
Part no.9036931-00 Rev AA February 2021
bearer scheme was created as part of OAuth 2.0 (rfc 6750), but is sometimes used alone. As the token
must remain secret, the best practice is to use it only with HTTPS.
2.3.3 API Key
API keys are common. This is what you would typically use when working with YouTube APIs, for
example.
The benefit of this method is that it uses a different set of identification credentials than those used for
the account itself, (for example, what basic authentication doesn’t provide). The drawback with this
method is that it is not standardized, and so the API determines how the key is passed. It could be
hidden in the body, in the authorization header, in a cookie, or as a query string. Because the key must
remain a secret, the best practice is to use it only with HTTPS.
2.3.4 OAuth 2.0
The Open Authorization protocol gives an API client limited access to user data. GitHub, Google, and
Facebook APIs notably use it. This standard is defined in rfc 8252
.
With OAuth 2.0, the authentication scenarios are called flows. Flows allow the resource owner to share
the protected content from the resource server without sharing their credentials. For this purpose,
access tokens (see bearer tokens) are issued by the server to client applications, giving them access the
protected data.
Several flows are defined in the standard:
- Authorization code
- Implicit
- Resource owner password credentials
- Client credentials
Learn more about how to use flows on the getting started official site:
HTTPS://oauth.net/getting-started/
2.3.5 Managing Passwords or Tokens with Python
When you are writing applications that need to access APIs, the best practice is to not store credentials
(hard-code them) in the code. Although this approach is convenient for testing purposes, it presents an
obvious security risk.
One way to handle this situation is to ask for credentials when executing the application, using at a
minimum a library (such as getpass) to hide the password. This approach is simple, but it requires
someone in front of the application to enter the information.
import getpass
username = input("Username: ")