Authorization

The API allows for users with different permissions.

By default the existence and metadata for all datasets is available without authentication and without any permissions, but no queries for viewing actual data are available.

This can be changed with the requires_permission options in the dataset configuration.

Protari comes with two alternative authentication/authorization interfaces:

See the links above for the details of each.

Applying Query Limits

Lifetime user query limits (per query class and dataset) can be applied by adding them to the auth interface.

Do this by applying a post processor after the user's permissions are decoded and verified, eg:

auth_interface:
  reference: protari.auth_interface.jwt_auth.JWTAuthInterface
  parameters:
    ...
    permissions_post_processors:
      - reference: protari_api.sql_query_limiter.SqlQueryLimiter
        parameters:
          url: postgresql:///protari_demo
          table_name: query_limit

This applies the post-processor called SqlQueryLimiter, using a SQL database table for storage.

Rate limits

Datasets that require authorization can be rate limited. See the discussion under Global Settings.