Usage

To use Flask Api Sign in a project:

import flask_api_sign

Configuring flask-api-sign

flask-api-sign is configured through the standard Flask config API. These are the available options (each is explained later in the documentation):

• SIGN_LOCATION : default query_string

• SIGN_TIMESTAMP_EXPIRATION : default 30

• SIGN_APP_IDS : default ``{‘testapp’: ‘testsecret’}``

verification is managed through a ApiSignManager instance:

from flask import Flask
from flask_api_sign import ApiSignManager

app = Flask(__name__)
api_sign_mgr = ApiSignManager(app)

In this case all verification using the configuration values of the application that was passed to the ApiSignManager class constructor.

Alternatively you can set up your ApiSignManager instance later at configuration time, using the init_app method:

from flask import Flask
api_sign_mgr = ApiSignManager()
app = Flask(__name__)
api_sign_mgr.init_app(app)

In this case verification will use the configuration values from Flask’s current_app context global. This is useful if you have multiple applications running in the same process but with different configuration options.

Flask Api Sign Verification

To generate a serial number first create a ApiSignManager instance:

from flask import Flask
from flask_api_sign import ApiSignManager
from flask_api_sign import verify_sign

app = Flask(__name__)

api_sign_mgr = ApiSignManager()
api_sign_mgr.init_app(app)
@app.route("/")
@verify_sign
def index():
    pass

you can write a java client with the demo to generate the x-sign.

NOTE: Remember to set the secret key of the application, and ensure that no one else is able to view it. The request are signed with the secret key, so if someone gets that, they can create arbitrary request.