The API allows for users with different permissions.
By default the existence and metadata for all datasets is available without authentication and without any permissions, but no queries for viewing actual data are available.
This can be changed with the
in the dataset configuration.
Protari comes with two alternative authentication/authorization interfaces:
- DatabaseAuthInterface, which refers to a database table of keys and permissions.
- JWTAuthInterface, which accepts JWT tokens per the OpenID Connect standard.
See the links above for the details of each.
Applying Query Limits
Lifetime user query limits (per query class and dataset) can be applied by adding them to the auth interface.
Do this by applying a post processor after the user's permissions are decoded and verified, eg:
auth_interface: reference: protari.auth_interface.jwt_auth.JWTAuthInterface parameters: ... permissions_post_processors: - reference: protari_api.sql_query_limiter.SqlQueryLimiter parameters: url: postgresql:///protari_demo table_name: query_limit
This applies the post-processor called
SqlQueryLimiter, using a SQL database table for storage.
Datasets that require authorization can be rate limited. See the discussion under Global Settings.