Using HTTPie with the Python authentication library
The Veracode APIs require that you enable HMAC authentication for your Python application as a security measure for accessing API resources. The Python authentication library provides an integration between HTTPie and the Veracode APIs, which adds HMAC authentication when using the Veracode APIs from the command line.
You use the library to:
- Load the API credentials
- Generate an HMAC authorization header
- Issue an HTTP call to a Veracode API with a valid endpoint
The default HTTP method is GET
. For command examples, see REST APIs.
You can download HTTPie from the HTTPie website.
To access the HTTPie documentation, run http --help
. To get tips and examples, go to the httpie cheatsheet.
HMAC authentication is the same for all calls, but the other aspects of authentication are specific to the API endpoint you want to call.
Using multiple profiles
You may need to store multiple sets of credentials for your interactive user and an API Service Account. You can store multiple profiles in the Veracode credentials file, and specify which profile to use when invoking API commands with HTTPie.
If you are using the config
file, you can define multiple profiles.
[default]
veracode_api_key_id = <YOUR_API_KEY_ID>
veracode_api_key_secret = <YOUR_API_KEY_SECRET>
[api_service]
veracode_api_key_id = <YOUR_SERVICE_ACCT_API_KEY_ID>
veracode_api_key_secret = <YOUR_SERVICE_ACCT_API_KEY_SECRET>
By default, you still use the default profile. Set VERACODE_API_PROFILE
to change profiles. For example, to use the profile api_service
in Bash, or a similar shell environment, enter this command before calling httpie
:
$ export VERACODE_API_PROFILE=api_service
In Bash and similar shells, you can also set environment variables for each command. For example:
VERACODE_API_PROFILE=api_service http -A veracode_hmac "https://api.veracode.com/appsec/v1/applications"
This works on Linux, Mac, and Windows as long as you are using a command shell like Bash or Zsh.
To use a different profile on Windows in the DOS prompt, use the SET
command in the DOS prompt:
SET VERACODE_API_PROFILE=api_service
Debugging HTTPie with Python
After installing the HMAC library, if you use HTTPie and receive an error that includes:
pkg_resources.DistributionNotFound: The 'PySocks!=1.5.7,>=1.5.6; extra == "socks"' distribution was not found and is required by requests
Run this command to debug it:
pip install "PySocks!=1.5.7,>=1.5.6"