Derek Stegelman

Who's in my Data?

As a part of our projects at OME we like to develop APIs and keep access to our public data as easy as possible. Recently we’ve wanted to open up some of our APIs to allow others to add and modify that data. From the start we picked up django-piston to roll our APIs and have had great success. As we desire to open up that data and allow create/update/delete access, we needed an authentication solution.


Django-Piston comes with HTTP authentication out of the box, but we wanted a bit more control in terms of keeping track of API usage. Instead of using this authentication method we created a django app that we can use to issue API keys and keep track of their usage. While still in its infancy, this tool will be used to manage and authenticate users to our APIs.


We’ve compiled the app as a pip installable app, so to install simply:

pip install git+git://


Method Helpers

key_exists(dictionary) - Checks for a key. Returns true if key exists or false is not

dictionary is {‘key’: key}

key_check(dictionary) - Makes sure key is correct. If key is valid returns True Example

attrs = self.flatten_dict(request.PUT) key_dict = {‘key’: request.GET.get(‘key’)} if key_exists(key_dict) == False: return key_required_error() if key_check(key_dict): try: audience = except Audience.DoesNotExist: return rc.NOT_FOUND = attrs[‘name’] log_use(request.GET.get(‘key’), ‘Audience’,, ‘updated’) return audience else: return key_incorrect_error() ######Logging Helper

log_use(key, object being manipulated as string, id of object, action as string)


log_use(request.GET.get(‘key’), ‘Audience’,, ‘updated’) Error Reporting


  • Error for api required

def key_incorrect_error()

  • Error for api incorrect.

######CSRF Protection

Django comes with built in CSRF protection for all POST requests. Because of this by default POST HTTP headers will be rejected for not containing a valid CSRF token. In order to bypass this, API-Management has a helper method to use instead of the default django-piston resource.


CsrfExemptResource(Resource) Example

CsrfExemptResource(ScholarshipsHandler) Documentation

I haven’t gotten the docs fully written yet but there is some info along with the repo at I will be working on the docs and getting them up as soon as possible. Any suggestions or contributions on our github page are more than welcome.