Hey everyone,
I've been working on some projects using Django for about five years now. But when I discovered DRF, I've decided to focus on building backend API applications without dealing much with the frontend. But about a year or two ago, I started to build APIs for some SaaS projects, and I realized I needed a robust API key management system.
I initially used https://github.com/florimondmanca/djangorestframework-api-ke... which is fantastic and has everything you need for API key systems, including great authorization and identification based on Django's password authentication system.
I will say this library shines if you only need API keys for permissions and nothing more.
However, when I wanted to push the package further, I hit some limitations. I needed features like key rotation, monitoring, and usage analytics to help with billing per request and permissions and better performances as the package use passwords hashing algorithms to create api keys.
So, I decided to create my own package. I've been working on it for about nine months to a year now, and it's come a long way. Here are some of the key features:
- Quick Authentication and Permission System: You can easily implement authentication and permissions, for example, for organizations or businesses.
- Monitoring and Analytics: There's a built-in application to track the usage of API keys per endpoint and the number of requests made, which is great for billing or security measures.
- API Key Rotation: This feature took some time to perfect. Because the package use Fernet to encrypt and decrypt the api keys, you can smoothly rotate API keys. If you have a leak, you can start using a new Fernet key while phasing out the old one without any service interruption. You can choose between automatic and manual rotation. The old Fernet key will be used to decrypt api keys, while the new Fernet key will be used to encrypt new api keys. This gives you time to send messages about an ongoing key migration to your users. https://cryptography.io/en/latest/fernet/#cryptography.ferne...
The package is currently at version 2.2.1. I initially released version at 1.0 in the beginning, but quickly realized I should have started with a lower version number. I'm continuously working on improvements, mostly on versioning. For instance, typing is not yet fully implemented, and I'm working on enhancing the documentation using Nextra in the next few weeks.
I'm looking for feedback to make this package even better. Whether it's about security measures, missing features, or any other suggestions, I'd love to hear from you.
You can find the package https://github.com/koladev32/drf-simple-apikey.
Thanks for your time and any feedback you can provide!
koladev32•9mo ago
I initially used https://github.com/florimondmanca/djangorestframework-api-ke... which is fantastic and has everything you need for API key systems, including great authorization and identification based on Django's password authentication system. I will say this library shines if you only need API keys for permissions and nothing more. However, when I wanted to push the package further, I hit some limitations. I needed features like key rotation, monitoring, and usage analytics to help with billing per request and permissions and better performances as the package use passwords hashing algorithms to create api keys.
So, I decided to create my own package. I've been working on it for about nine months to a year now, and it's come a long way. Here are some of the key features:
- Quick Authentication and Permission System: You can easily implement authentication and permissions, for example, for organizations or businesses.
- Monitoring and Analytics: There's a built-in application to track the usage of API keys per endpoint and the number of requests made, which is great for billing or security measures.
- API Key Rotation: This feature took some time to perfect. Because the package use Fernet to encrypt and decrypt the api keys, you can smoothly rotate API keys. If you have a leak, you can start using a new Fernet key while phasing out the old one without any service interruption. You can choose between automatic and manual rotation. The old Fernet key will be used to decrypt api keys, while the new Fernet key will be used to encrypt new api keys. This gives you time to send messages about an ongoing key migration to your users. https://cryptography.io/en/latest/fernet/#cryptography.ferne...
The package is currently at version 2.2.1. I initially released version at 1.0 in the beginning, but quickly realized I should have started with a lower version number. I'm continuously working on improvements, mostly on versioning. For instance, typing is not yet fully implemented, and I'm working on enhancing the documentation using Nextra in the next few weeks.
I'm looking for feedback to make this package even better. Whether it's about security measures, missing features, or any other suggestions, I'd love to hear from you. You can find the package https://github.com/koladev32/drf-simple-apikey. Thanks for your time and any feedback you can provide!