search

Authenticate to the API

Create a JWT request token and authenticate to the API with it, returning a JWT bearer token. Store the bearer token to a file.

1

hashtag
Assign configuration variables

Here, we set up the required configuration variables that are needed to authenticate with the API. Replace the 'CHANGEME' placeholders with your own values. These variables include the application name (APPNAME), application key (APPKEY), short name (SHORTNAME), and shared secret (SHARED_SECRET). Additionally, we define a CACHE_FILE variable that will store the access token we receive from the API.

import jwt
import requests
import random
import time
import json
import os
from http.client import responsesimport requests

url = "https://api.netography.com/api/v1/auth/token"
APPNAME = 'CHANGEME
APPKEY = 'CHANGEME'
SHORTNAME = 'CHANGEME'
SHARED_SECRET = 'CHANGEME'

# path/filename to cache the bearer auth token 
CACHE_FILE = '~/.neto.token'
2

hashtag
Prepare JWT request payload

In this step, we create a dictionary called 'payload' that will be used as the input for generating the JWT token. The payload includes the following fields:

iat: The current timestamp (issued at time) in seconds. jti: A random integer as a unique identifier for the token. appname: The application name. appkey: The application key. shortname: The short name.

payload = {
    'iat': int(time.time()),
    'jti': random.randint(0,10000000),
    'appname': APPNAME,
    'appkey': APPKEY,
    'shortname': SHORTNAME
  }
3

hashtag
Encode JWT token and create HTTP POST request

We encode the JWT token using the payload and shared secret. The 'HS256' algorithm is used for signing the token. Then, we create a dictionary called 'body' with a single key, 'jwt', which holds the encoded JWT token. This body will be used in the HTTP POST request to the API.

token = jwt.encode(payload, SHARED_SECRET, algorithm="HS256")

# Create the HTTP POST request with a JSON payload containing the JWT request token
body = {
  'jwt': token
}
4

hashtag
Check for existing token, validate and handle API call

In this final step, we first check if a valid token already exists in the cache file (lines 31-42).

If it does, we will reuse it. If not, we send an HTTP POST request to the API endpoint (lines 44-53) to obtain a new access token.

The 'try' block (lines 44-52) handles the API call, parses the JSON response, and extracts the access token. If the response contains a valid access token, it is stored in the cache file for later reuse. In case of any errors during the API call, an error message is printed with the status code and the reason for the error (line 53).

This example demonstrates how to generate JWT tokens, authenticate with a SaaS API, and manage access tokens efficiently.34-57

# Cache Bearer token and re-use if not expired
jwt_valid = False
access_token = None
if os.path.exists(CACHE_FILE):
  with open(CACHE_FILE) as f:
    cache_data = json.load(f)
  access_token = cache_data['access_token']
  expires_in = cache_data['expires_in']
  token_date = os.path.getmtime(CACHE_FILE)
  expire_timestamp = token_date + expires_in - 60 # account for some clock skew

  if (time.time() <= expire_timestamp):
    jwt_valid = True

if not jwt_valid:
	try:
		resp = requests.post(API_BASE_URL + '/auth/token', json=body)
 		data = resp.json()
 		access_token = data['access_token']
    with open(CACHE_FILE, 'w') as f:
    	json.dump(data, f)
    
	except Exception as e:
  	print(f"{str(resp.status_code)} {responses[resp.status_code]}.  Verify your configuration parameters")
{"success":true}

PreviousBulk add IP labels (php)NextCreate a JWT request token

Last updated