Implementing API keys on SUSI.AI server

Implementing API keys on SUSI.AI server

The clients of SUSI.AI need config keys to work with some APIs like captcha, maps and blog and these keys are stored in the server of SUSI and the clients fetch them using API calls to the server. The admins can add or delete api keys from the server using the

/aaa/apiKeys.json

 

API. This API stores the API keys in a json format in the apiKeys.json file in the system_keys_dir directory which is in the data directory on the susi server.

For the clients to fetch these API keys and use them in their respective APIs, they need to use

/aaa/getApiKeys.json

 

API to fetch the list of API keys from the server. In this post we will about these APIs in detail.

apiKeys.json

The endpoint apikeys.json is implemented in the ApiKeysService.java servlet in the aaa section of the susi server. This endpoint has the following parameters:

  • access_token (required)
  • keyName (required)
  • One of the following is required:
    • keyValue
    • deleteKey
  • type (optional)

The access_token parameter is needed to verify whether the user has admin accessor not. The keyName parameter is also required whether we want to create, edit or delete a key. The keyValue paramter is only required while creating a new key or updating the existing key. The deleteKey parameter is a bollean type parameter and is required only when we want to delete an existing key. The last parameter is the type parameter which is an optional parameter and is used to identify whether the key is a public key or a private key. If we don’t pass the parameter then it’s value is set to public by default. If the required parameters are not send while making a call to this API then the server responds with a bad request error.

if (call.get("keyName", null) == null

  &&
  call.get("keyValue", null) == null) {

  throw new APIException(422, "Bad Request. No parameter present");

}

String keyName = call.get("keyName", null);

String keyValue = call.get("keyValue", null);

String type = call.get("type", "public");

boolean deleteKey = call.get("deleteKey", false);

 

Once the parameters are fetched and their values are assigned to their respective variables, we then fetch the existing list of API keys from the server and create a JSONObject for the keys. If the deleteKey variable is set to false then it means that we need to either create or update an existing key, therefore we use the put function for json objects to add the key/value pair in the json object created above. Once the key is added or updated in the json object, this object is the put in the apiKeys JsonTray which is finally get stored in the apiKeys.json file of the system_keys_dir where they are finally stored. Once the above process is completed, the response is send to the client regarding the current status of the key.

JsonTray apiKeys = DAO.apiKeys;

JSONObject result = new JSONObject();

JSONObject keys = new JSONObject();

if (apiKeys.has(type)) {

  keys = apiKeys.getJSONObject(type);

}

if (!deleteKey) {

  try {

    JSONObject api = new JSONObject();

    api.put("value", keyValue);

    keys.put(keyName, api);

    apiKeys.put(type, keys, true);

    result.put("accepted", true);

    result.put("message", "Added new API key " + call.get("keyName") + " successfully !");

    return new ServiceResponse(result);

 

On the other hand is the value of deleteKey is set to true then the reverse process is followed in which we use the remove function to remove the already existing key with the name provided in the keyName parameter.

} else {

  try {

    keys.remove(keyName);

    apiKeys.put(type, keys, true);

    result.put("accepted", true);

    result.put("message", "Removed API key " + call.get("keyName") + " successfully !");

    return new ServiceResponse(result);

  } catch (Exception e) {

    throw new APIException(422, "Failed : " + call.get("keyName") + " doesn't exists!");

  }

}

 

getApiKeys.json

The endpoint apikeys.json is implemented in the getApiKeys.java servlet in the aaa section of the susi server. This API endpoint is used to get the list of public keys only and hence does not require any specific parameter. This API does not need user role of be admin and accessible to all, since public keys are those keys which are required by anonymous user roles as well. For example, captcha key is used during signup and so on. This API simply returns a list of all the public API keys stored on the susi server in the apiKeys.json file in the system_keys_dir.

JsonTray apiKeys = DAO.apiKeys;

JSONObject publicKeys = apiKeys.getJSONObject("public");

JSONObject result = new JSONObject();

JSONObject keys = new JSONObject();

for (String key: JSONObject.getNames(publicKeys)) {

  JSONObject values = (JSONObject) publicKeys.get(key);

  keys.put(key, values.get("value"));

}

try {

  result.put("accepted", true);

  result.put("keys", keys);

  result.put("message", "Success : Fetched all API key successfully !");

  return new ServiceResponse(result);

} catch (Exception e) {

  throw new APIException(422, "Failed : Unable to fetch API keys!");

}

 

Resources

Close Menu