Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[FEATURE] APIKeyHeader for Websockets

See original GitHub issue

I used the GitHub search to find a similar issue and didn’t find it.
I searched the FastAPI documentation, with the integrated search.
I already searched in Google “How to X in FastAPI” and didn’t find any information.

Is your feature request related to a problem

Yes. It would be nice to use Security with APIKeyHeader (maybe APIKeyCookie, APIKeyQuery as well) for websocket connections.

The solution you would like

Consistent with the current http way of doing it

api_key_header = APIKeyHeader(name=API_KEY_NAME)

async def get_origin(
        api_key: str = Security(api_key_header),
        db: AsyncIOMotorClient = Depends(get_database), ):

Describe alternatives you’ve considered

At the moment we plan to protect websocket endpoints with a simple api_key: str = Header(None), and then we do

if not api_key:
        await websocket.close(code=WS_1008_POLICY_VIOLATION)
        return None

For this I guess we might need the WebSocketException feature in Starlette

If someone can give me some guiding on how to structure this feature I might give it a try and do a PR

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:5 (1 by maintainers)

Top GitHub Comments

4reactions

tiangolocommented, Feb 14, 2020

Yes, you can, it’s documented here: https://fastapi.tiangolo.com/advanced/websockets/#using-depends-and-others

Also, have in mind that browsers don’t have a way to set headers when creating WebSocket connections: https://stackoverflow.com/a/4361358/219530

3reactions

phy25commented, Feb 17, 2020

@Catastropha APIKeyHeader requires Request which is not available in WebSocket. I guess you can just implement your own Security object for your use case.

https://github.com/tiangolo/fastapi/blob/9c3c9b6e78768374868d690bc05918d58481e880/fastapi/security/api_key.py#L38

Top Results From Across the Web

AWS API Gateway - WebSocket API + EC2 (HTTP ... - YouTube

In this video, we're going to create WebSocket API in AWS and integrate it with EC2 instances. ‍♂️ - To support my...

The WebSocket API (WebSockets) - Web APIs - MDN Web Docs

desktop desktop Chrome Edge WebSocket Full support. Chrome4. Toggle history Full support. Edge12. Toggl... WebSocket() constructor Full support. Chrome4. Toggle history Full support. Edge12. Toggl...

Building a real-time WebSocket client - AWS AppSync

AWS AppSync real-time WebSocket client setup. ... A single WebSocket connection supports multiple subscriptions, even if they are in ... API key header....

Using the Fetch API with API key header - javascript

Your options are in the wrong place. They should be in the 2nd parameter of the fetch function. return fetch(url, { mode: 'cors', ......

Security Intro - FastAPI

Features · FastAPI People · Python Types Intro ... WebSockets · Events: startup - shutdown · Custom Request and APIRoute class · Testing...