Query Parameter ApiKey ---------------------- This example modifies the out-of-the-box ``AuthApiKey`` authenticator to send an API key as a query parameter instead of in a header key. The code for the ``AuthApiKey`` is shown below with the highlighted text that will be changed: .. code-block:: python :linenos: :emphasize-lines: 32 from silo.auth import Authenticator, add_auth, http_check_result @add_auth class AuthApiKey(Authenticator): def __init__(self, credentials): """Constructor method""" Authenticator.__init__(self, credentials) self.token_label = credentials.fields.get("auth_header", "Authorization") self.prefix = credentials.fields.get("prefix", "") self.suffix = credentials.fields.get("suffix", "") self.apikey = credentials.fields["apikey"] self.auth_info = {} self.cred_filter = CredentialFilter(credentials) def check_if_authenticated(self): """Returns the current authentication status.""" return False def check_result(self, result): """Provides a check on the returned response from the REST request that was made.""" return http_check_result(result) def authenticate(self): """Updates the auth_info with the ApiKey/Token using the credentials provided. :return: If the auth_info is updated, return True, else return False :rtype: boolean """ "" formatted_apikey = "{} {} {}".format(self.prefix, self.apikey, self.suffix).strip() self.auth_info[self.token_label] = formatted_apikey self.cred_filter.update_secret(self.token_label, formatted_apikey) return True def modify_request(self, res): """Modifies a requests.Session headers or query_params to contain the updated auth_info for a resource. :param requests.Session res: a Session object :return: If the session is authenticated, return True, else return False :rtype: boolean """ self.authenticate() res.headers.update(self.auth_info) return True @staticmethod def build(credentials, *args, **kwargs): """Build method to be called by get_authmethod in Snippet Framework""" return AuthApiKey(credentials) @staticmethod def get_name(): """Returns the name of the authentication method""" return "AuthApiKey" @staticmethod def get_desc(): """Returns a description of the authentication method""" return "ApiKey Authentication for HTTP" Line 32 will be modified such that the apikey is stored in query parameters versus the header. `res.headers.update(self.auth_info)` is changed to `res.params.update(self.auth_info)`. Our new authenticator looks like the following: .. code-block:: python :emphasize-lines: 4,19,25,30,35 from silo.auth import add_auth, AuthApiKey @add_auth class AuthApiKeyQuery(AuthApiKey): def __init__(self, credentials, **kwargs): """Constructor method""" AuthApiKey.__init__(self, credentials, **kwargs) def modify_request(self, res): """Modifies a requests.Session query_params to contain the updated auth_info for a resource. :param requests.Session res: a Session object :return: True :rtype: boolean """ self.authenticate() res.params.update(self.auth_info) return True @staticmethod def build(credentials, **kwargs): """Build method to be called by get_authmethod in Snippet Framework""" return AuthApiKeyQuery(credentials, **kwargs) @staticmethod def get_name(): """Returns the name of the authentication method""" return "AuthApiKeyQuery" @staticmethod def get_desc(): """Returns a description of the authentication method""" return "AuthApiKeyQuery Authentication for HTTP" The ``AuthApiKeyQuery`` inherits from the existing ``AuthApiKey`` authenticator for the token formatting done in ``authenticate()``. The biggest change is in ``modify_request()`` where it saves the apikey into the session's parameters. Putting It All Together ^^^^^^^^^^^^^^^^^^^^^^^ For a test, we will attempt to access a json payload listing alternative fuel stations. This endpoint accepts the apikey as a query parameter ``api_key=DEMO_KEY``. See `Data Gov Dev Manual `_ **Snippet** .. code-block:: python :emphasize-lines: 4,19,25,30,35 from silo.auth import add_auth, AuthApiKey @add_auth class AuthApiKeyQuery(AuthApiKey): def __init__(self, credentials, **kwargs): """Constructor method""" AuthApiKey.__init__(self, credentials, **kwargs) def modify_request(self, res): """Modifies a requests.Session query_params to contain the updated auth_info for a resource. :param requests.Session res: a Session object :return: True :rtype: boolean """ self.authenticate() res.params.update(self.auth_info) return True @staticmethod def build(credentials, **kwargs): """Build method to be called by get_authmethod in Snippet Framework""" return AuthApiKeyQuery(credentials, **kwargs) @staticmethod def get_name(): """Returns the name of the authentication method""" return "AuthApiKeyQuery" @staticmethod def get_desc(): """Returns a description of the authentication method""" return "AuthApiKeyQuery Authentication for HTTP" **Snippet Argument** .. code-block:: yaml low_code: version: 2 steps: - http: url: https://developer.nrel.gov/api/alt-fuel-stations/v1.json params: limit: 1 check_status_code: False - json **Credential** .. image:: ../../_static/authentication/images/apikey_query.png .. note:: The ``Authorization Header`` field is used to define the query parameter which, in this case, must be the expected apikey.