I'm looking for a Python-based, small, self-contained package to
hand out API keys, in the same spirit as Google API keys.
The basic specs are simple: 1) enforce the "one key per customer"
rule; 2) be robot-proof; 3) be reasonably difficult to circumvent
even for humans.
(This is for a web service we would like to implement; the goal is
to be able to control the load on our servers. Therefore, if the
package includes an automated log-analysis component, all the
better, but this is not necessary.)
Any suggestions would be appreciated.
Thanks!
~K
Define "customer". You probably cannot do better than defining it as an
e-mail address, which makes requirements 2) and 3) pretty much impossible
unless you add invite codes or something.
--
Aahz (aa...@pythoncraft.com) <*> http://www.pythoncraft.com/
"It is easier to optimize correct code than to correct optimized code."
--Bill Harlan
>In article <hqnrgs$sme$1...@reader1.panix.com>, kj <no.e...@please.post> wrote:
>>
>>I'm looking for a Python-based, small, self-contained package to
>>hand out API keys, in the same spirit as Google API keys.
>>
>>The basic specs are simple: 1) enforce the "one key per customer" rule;
>>2) be robot-proof; 3) be reasonably difficult to circumvent even for
>>humans.
>Define "customer". You probably cannot do better than defining it as an
>e-mail address, which makes requirements 2) and 3) pretty much impossible
>unless you add invite codes or something.
Sorry to ask, but are you being cute here? As I wrote, what I'm
looking for is something in the spirit of Google API keys. Therefore,
if you understand Google's "one key per customer" rule, then you
understand what I want.
I realize that with enough determination, any scheme for limiting
keys to one per "customer" can be circumvented, but as long as the
"enough determination" threshold is "high enough" the requirement
is met for practical purposes. (This paragraph applies to **any**
security measure, of course.)