Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How do I access modern, remote APIs requiring HTTPS?

See original GitHub issue

First check

  • I added a very descriptive title to this issue.
  • I used the GitHub search to find a similar issue and didn’t find it.
  • I searched the FastAPI documentation, with the integrated search.
  • I already searched in Google “How to X in FastAPI” and didn’t find any information.
  • I already read and followed all the tutorial in the docs and didn’t find an answer.
  • I already checked if it is not related to FastAPI but to Pydantic.
  • I already checked if it is not related to FastAPI but to Swagger UI.
  • I already checked if it is not related to FastAPI but to ReDoc.
  • After submitting this, I commit to:
    • Read open issues with questions until I find 2 issues where I can help someone and add a comment to help there.

Problem

I’m trying to access Food Data Central’s API to retrieve food information, but it tell me I need an HTTPS connection:

usda.base.DataGovApiError: HTTPS_REQUIRED: Requests must be made over HTTPS. Try accessing the API at: https://api.nal.usda.gov/ndb/search?q=eggs&max=10&offset=0&sort=r&api_key={FDC_API_KEY}&format=json

Here’s the code snippet doing the requesting:

@app.post("/")
async def index(request: Request, food_name: str = Form(...)):

    eggs = client.search_foods("eggs", 10)
    print(next(eggs))

    eggs_data = client.get_food_report(eggs.id)
    print(eggs_data)
    data = requests.get("https://api.nal.usda.gov/ndb/search?q=eggs&max=10&offset=0&sort=r&api_key={FDC_API_KEY}&format=json")

    return templates.TemplateResponse("foods.html", context={"request": request, "data": data})

What I’ve tried:

Hoverfly Postman Docker Twisted Trustme OpenSSL http-server one or two others I’ve forgotten

I’ve went through the process of making a CA certificate and importing it to the “Trusted Authorities” certificates file in the MMC manager, as well as just trying to use the trustme module, but browsers, and especially the remote API, won’t accept it. Each of these things failed on me for some reason or another, and I need some way to send secure http requests to the USDA database.

Does anyone know of a free method I could implement quickly for testing?

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
Hultnercommented, May 12, 2021

Just some general pointers.

  • You’re using requests which is a sync http client with an async route
    • Either remove your async def from the route
    • Or use an async http client like for instance httpx
  • You’ve included an API-key in your question, if this is a personal API key it would be wise to at this point both revoke the key and remove it from the post.
  • Is it the request which doesn’t work?
    • I don’t get any certificate errors from that endpoint but I do get an 404, is the URI correct?
  • Is the client module an internal thing? You don’t explain it’s purpose but since we don’t know anything about it we can’t know if your error is there.
1reaction
Mausecommented, May 12, 2021

This looks like an issue with the client library you’re using, not anything to do with fastapi or SSL on your api?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Remote Access API - Jenkins
Remote API and security​​ When your Jenkins is secured, you can use HTTP BASIC authentication to authenticate remote API requests. See Authenticating scripted ......
Read more >
Web API implementation - Best practices for cloud applications
Learn about best practices for implementing a web API and publishing it to make it available to client applications.
Read more >
Securing APIs: 10 Best Practices for Keeping Your Data and ...
Ensure that APIs only return as much information as is necessary to fulfill their function. In addition, enforce data access controls at the...
Read more >
12 API security best practices to protect your business
1. Authenticate and authorize ... To control access to API resources, you must carefully and comprehensively identify all related users and ...
Read more >
Web API Security | Best Practices for SOAP and REST API
REST (Representational State Transfer) uses HTTP to obtain data and perform operations on remote computer systems. It supports SSL authentication and HTTPS ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

After executing first request, rest of the request got stuck till the first one is executed

Next page

How to start background_tasks on event startup