Using HTTPie with the Python Authentication Library

Veracode APIs

Publication
Veracode APIs
Edition date
2023-01-23
Last publication
2023-01-23T19:14:43.388829

The Veracode APIs require that you enable HMAC authentication for your Python application as a security measure for accessing API resources. The Python authentication library provides an integration between HTTPie and the Veracode APIs, which adds HMAC authentication when using the Veracode APIs from the command line.

You use the library to:

  • Load the Veracode API credentials
  • Generate an HMAC authorization header
  • Issue an HTTP call to a Veracode API with a valid endpoint

The default HTTP method is GET. For command examples, see REST APIs.

To download and install HTTPie, see https://httpie.org.

To learn more about HTTPie, you can run http --help and review the HTTPie documentation. You can also get tips and examples from https://devhints.io/httpie.

HMAC authentication is the same for all calls, but the other aspects of authentication are specific to the API endpoint you want to call.

Using Multiple Profiles

You may need to store multiple sets of credentials for your interactive user and an API Service Account. You can store multiple profiles in the Veracode credentials file, and specify which profile to use when invoking API commands with HTTPie.

If you are using the config file, you can define multiple profiles.

[default]
veracode_api_key_id = <YOUR_API_KEY_ID>
veracode_api_key_secret = <YOUR_API_KEY_SECRET>

[api_service]
veracode_api_key_id = <YOUR_SERVICE_ACCT_API_KEY_ID>
veracode_api_key_secret = <YOUR_SERVICE_ACCT_API_KEY_SECRET>

By default, you still use the default profile. Set VERACODE_API_PROFILE to change profiles. For example, to use the profile api_service in Bash, or a similar shell environment, enter this command before calling httpie:

$ export VERACODE_API_PROFILE=api_service

In Bash and similar shells, you can also set environment variables for each command. For example:

VERACODE_API_PROFILE=api_service http -A veracode_hmac "https://api.veracode.com/appsec/v1/applications"

This works on Linux, Mac, and Windows as long as you are using a command shell like Bash or Zsh.

To use a different profile on Windows in the DOS prompt, use the SET command in the DOS prompt:

SET VERACODE_API_PROFILE=api_service

Debugging HTTPie with Python

After installing the HMAC library, if you use HTTPie and receive an error that includes:

pkg_resources.DistributionNotFound: The 'PySocks!=1.5.7,>=1.5.6; extra == "socks"' distribution was not found and is required by requests 

Run this command to debug it:

pip install "PySocks!=1.5.7,>=1.5.6"