Protect your backend APIs with Flask (Python) SDK
Prerequisites
Prerequisites
Python ≥ 3.8
Install and initialize the SDK
Import and initialize Frontegg along with your FastApi application
Regions
Regions
The SDK defaults to Frontegg's EU region, in case you're running on one of the other regions, make sure to change the FRONTEGG_API_GATEWAY_URL
to use your region's URL, instead of api.frontegg.com
.
from frontegg.fastapi import frontegg from fastapi import FastAPI import uvicorn fe_client_id = 'REPLACE_WITH_FRONTEGG_CLIENT_ID' fe_api_key = 'REPLACE_WITH_FRONTEGG_API_KEY' async def startup_event(): await frontegg.init_app(client_id=client_id, api_key=api_key) app = FastAPI() app.add_event_handler("startup", startup_event) uvicorn.run(app)
Protect backend routes
When using Frontegg's secure access, you can protect your baceknd routes using the authentication middleware
from frontegg.fastapi.secure_access import FronteggSecurity, User @app.get("/protected") def protected(user: User = Depends(FronteggSecurity(permissions=['my-permission']))) -> User: return user
The FronteggSecurity
function gets an optional argument of permission_keys
to specify which permissions are required in order to access the route.
Use access tokens
When using M2M authentication, access tokens are being cached by the SDK. By default access tokens will be cached locally, however you can use one other kind of cache:
- redis
Use Redis as your cache
When initializing your context, pass an access tokens options object with your redis parameters
access_tokens_options = { cache: { type: 'redis', options: { host: 'localhost', port: 6379, password: '', db: 10, }, }, }; frontegg.init_app(fe_client_id, fe_api_key, options)
Cross-origin resource sharing (CORS)
In order to use Frontegg, it is required that your app will be able to handle CORS. It's easy to set up:
from fastapi.middleware.cors import CORSMiddleware origins = [ "http://localhost:3000", ] app.add_middleware( CORSMiddleware, allow_origins=origins, allow_credentials=True, allow_methods=["*"], allow_headers=["*"], )
Working with the REST API
Frontegg offers a comprehensive REST API for your application. To use the API from your backend, you'll need to initialize the HTTP client with your credentials.
# define your base url base_url = "https://api.frontegg.com/audits" http_client = HttpClient(client_id=<YOUR_CLIENT_ID>, api_key=<YOUR_API_KEY>, base_url=base_url)
The http client can now be used to make API requests to Frontegg's REST API (base on the provided base url).
Using the audits client
Frontegg’s Managed Audit Logs feature allows collecting custom audit logs that are specific for your application and displaying these in Frontegg's self-service component.
Creating a new client
from frontegg.common.clients import AuditsClient, HttpClient, Severity http_client = HttpClient(client_id=<YOUR_CLIENT_ID>, api_key=<YOUR_API_KEY>, base_url=frontegg_urls.audits_service['base_url']) audits_client = AuditsClient(http_client)
Sending audits using the client
audits_client.send_audit(audit={'severity': Severity.INFO}, tenant_id="tenant-id")
Debugging
Frontegg uses python 3 built-in logging libary to log useful debugging information. To utilize this functionality, add the variable FRONTEGG_DEBUG
:
FRONTEGG_DEBUG=True
Or configure it in the application:
from frontegg import frontegg_logger import logging frontegg_logger.setLevel(logging.DEBUG)