Kable as an Authentication Provider

Authenticating customer access to your API with Kable

Suggest Edits

❗️

Not every API uses Kable as an Authentication Provider. If you have your own API key management system for customer access to your own API, you can skip this section.

API access and customer identification starts with authentication. Your customers must to be authenticated to access your API. If Kable is providing authentication services for your API, your customers will need to provide credentials to access your endpoints.

Generating API Keys

You can create API keys for your customers from the Customers tab in your dashboard. Just like your own API keys, customers will have distinct keys for both Test and Live environments.

You can also generate API keys at the time of customer creation by including a keys=true query parameter in your Kable create customer call. You can then display these keys to a new customer in your signup flow.

Configuring a Kable SDK for Authentication

Similar to the setup you may have gone through in Quick Start or when setting up usage metrics through Kable, you'll need to configure a Kable library to use as an authentication provider.

🚧

If you use a programming language or framework that we do not yet support as a library, using Kable for authentication is not recommended.

The primary concern here is performance. Kable libraries are instrumented with in-memory buffers and caches to minimize latency impacts to your API. If you were to call the Kable API via HTTP on every request to your API to authenticate your users, your API's performance would suffer.

The following demonstrates what your API might look like when configured with Kable authentication: 

const express = require('express');
const app = express();
const { Kable } = require('kable-node-express');

const kable = new Kable({
  clientId: '<YOUR_API_CLIENT_ID>',
  clientSecret: '<YOUR_API_CLIENT_SECRET>',
  baseUrl: 'https://test.kable.io'
});

app.get('/api/endpoint', kable.authenticate, function(req, res) {
  res.json({ message: 'This request has been authenticated and recorded by Kable!' });
});

`kable.authenticate` is functional middleware. If you use NestJS on top of Node Express,
follow the instructions in the Node Express tab, and read more about functional middleware
at https://docs.nestjs.com/middleware#functional-middleware.

from flask import Flask, jsonify
from kable_python_flask import Kable
app = Flask(__name__)

kable = Kable({
  'client_id': '<YOUR_API_CLIENT_ID>',
  'client_secret': '<YOUR_API_CLIENT_SECRET>',
  'base_url': 'https://test.kable.io'
})

@app.get('/api/endpoint')
@kable.authenticate
def get_endpoint():
    return jsonify({ 'message': 'This request has been authenticated and recorded by Kable!' })

from django.http import JsonResponse
from kable_python_django import Kable

kable = Kable({
  'client_id': '<YOUR_API_CLIENT_ID>',
  'client_secret': '<YOUR_API_CLIENT_SECRET>',
  'base_url': 'https://test.kable.io'
})

@kable.authenticate
def get_endpoint():
    return JsonResponse({'message': 'This request has been authenticated and recorded by Kable!'})

Using authenticate and record together

By default, calls to authenticate are automatically recorded by Kable. Therefore, if you plan to use both authenticate and record within the same API, you should probably disable recording of authentication requests.

You can disable authentication recording through your Kable configuration: 

const kable = new Kable({
  clientId: '<YOUR_API_CLIENT_ID>',
  clientSecret: '<YOUR_API_CLIENT_SECRET>',
  baseUrl: 'https://test.kable.io',
  recordAuthentication: false
});

kable = Kable({
  'client_id': '<YOUR_API_CLIENT_ID>',
  'client_secret': '<YOUR_API_CLIENT_SECRET>',
  'base_url': 'https://test.kable.io',
  'record_authentication': False
})

If you do not disable authentication recording, and you use both authenticate and record on the same API, requests may be double-counted (authenticate and record will each record an event).

Customer Requests

When using Kable as an authentication provider, your customers must provide two HTTP headers on requests to your API:

  • X-CLIENT-ID: The Client ID header corresponds to the same clientId you defined when creating the customer in the first place.
  • X-API-KEY: The API key header corresponds to the secret key generated specifically for the Live or Test environment.

Kable uses these headers to authenticate, authorize and record usage of your API. The following example demonstrates a what a customer's request to your API (hosted at https://yourAPI.com) might look like: 

curl -X GET \
  -H "X-CLIENT-ID: yourcompanyuser_1234567890" \
  -H "X-API-KEY: sk_test.M1VTLy4o.qAbs56udYLtGMw6war2gImpt5qjI92Ck" \
  https://yourAPI.com/endpoint

Updated 6 months ago