Skip to main content

Using HTTPie with the Python authentication library

The Veracode APIs require that you enable HMAC authentication for your Python application as a security measure for accessing API resources. The Python authentication library provides an integration between HTTPie and the Veracode APIs, which adds HMAC authentication when using the Veracode APIs from the command line.

You use the library to:

  • Load the API credentials
  • Generate an HMAC authorization header
  • Issue an HTTP call to a Veracode API with a valid endpoint

The default HTTP method is GET. For command examples, see REST APIs.

You can download HTTPie from the HTTPie website.

To access the HTTPie documentation, run http --help. To get tips and examples, go to the httpie cheatsheet.

HMAC authentication is the same for all calls, but the other aspects of authentication are specific to the API endpoint you want to call.

Using multiple profiles

You may need to store multiple sets of credentials for your interactive user and an API Service Account. You can store multiple profiles in the Veracode credentials file, and specify which profile to use when invoking API commands with HTTPie.

If you are using the config file, you can define multiple profiles.

[default]
veracode_api_key_id = <YOUR_API_KEY_ID>
veracode_api_key_secret = <YOUR_API_KEY_SECRET>

[api_service]
veracode_api_key_id = <YOUR_SERVICE_ACCT_API_KEY_ID>
veracode_api_key_secret = <YOUR_SERVICE_ACCT_API_KEY_SECRET>

By default, you still use the default profile. Set VERACODE_API_PROFILE to change profiles. For example, to use the profile api_service in Bash, or a similar shell environment, enter this command before calling httpie:

$ export VERACODE_API_PROFILE=api_service

In Bash and similar shells, you can also set environment variables for each command. For example:

VERACODE_API_PROFILE=api_service http -A veracode_hmac "https://api.veracode.com/appsec/v1/applications"

This works on Linux, Mac, and Windows as long as you are using a command shell like Bash or Zsh.

To use a different profile on Windows in the DOS prompt, use the SET command in the DOS prompt:

SET VERACODE_API_PROFILE=api_service

Debugging HTTPie with Python

After installing the HMAC library, if you use HTTPie and receive an error that includes:

pkg_resources.DistributionNotFound: The 'PySocks!=1.5.7,>=1.5.6; extra == "socks"' distribution was not found and is required by requests 

Run this command to debug it:

pip install "PySocks!=1.5.7,>=1.5.6"