Falcon Authentication and Limiter Recommendations?

[erstwild]

Hello There-

I currently have several flask API projects that I am planning on moving to falcon.  I did want to inquire of the community about recs for how to approach some common flask functionality equivalents.  What the falcon equivalents of flask's jsonify, flask_limiter, and basic authentication (check for API key, etc.)?  Any other handy projects of tips would be great as well.  Really looking forward to working with Falcon to build my APIs moving forward.

Thanks!

John

[Kurt G. | @kgriffs]

Hi John,

Welcome to the community! Regarding JSON, the following community add-ons are available that I'm aware of:

• https://pypi.python.org/pypi/falconjsonio
  
• https://pypi.python.org/pypi/falcon-jsonify
  
• https://pypi.python.org/pypi/falcon_json

For rate limiting, I'm not aware of any Falcon-specific add-ons. That being said, it shouldn't be too difficult to create something using limits (https://pypi.python.org/pypi/limits), which is what flask_limiter uses. I would suggest a combination of middleware (for performing the rate limiting and managing the redis connection) and decorators (to annotate which on_* responder should have what limits). Alternatively, if you are OK with having a global Redis client instance, you could reference that instance in the decorators and forgo the middleware component. In any case, if you do end up creating a solution for this, please consider making it a community project and pinging the limits folks so they can add falcon to their list of supported frameworks. :)

Finally, regarding authentication, I'm not aware of any generic Falcon solutions for checking API keys, but there could be one out there. You might search for WSGI middleware projects in that vein. That being said, it is pretty straightforward to write a middleware component to handle this. If the key includes cryptographic proof of validity, authentication can be very efficient. One way to implement authorization would be to inject into req.context a role name that could be checked by a before hook for role-based access control (RBAC).

Hope that helps! You may also wish to check out some of the community resources listed on the Falcon wiki:

https://github.com/falconry/falcon/wiki

Cheers,

@kgriffs