Back to Templates

Flask middleware with RBAC

Protect your Flask API with Unkey

Repository
Written by
harshsbhat
Framework
Flask
Language
Python
Protect your Flask API with Unkey

Flask middleware with Unkey RBAC

This simple Flask application demonstrates how to implement API key verification using the Unkey service. The application has both public and protected routes, with the protected route requiring a valid API key.

Features

  • Public Route: Accessible without any authentication.
  • Protected Route: Requires a valid API key to access.
  • Middleware: Utilizes a decorator to enforce unkey verification on protected routes.

Setup Unkey

  1. Create an unkey account
  2. Create a new API. Copy the API ID.
  3. Go to permissions and create a new permission named withAuth
  4. Now go to roles and create a new role and select the withAuth permission for the role.
  5. Go to apis again and create a new key
  6. Click on the "Keys" tab.
  7. Select the key you created.
  8. Click on the "Permissions" tab.
  9. Check the role's checkbox to assign the role and permission to the key.
  10. Create a new root key from the settings/root-key

Prerequisites

  • Python 3.x
  • Flask
  • Requests library
  • An account with Unkey and your API ID and Root Key

Installation

  1. Clone this repository:

    1git clone https://github.com/harshsbhat/unkey-flask.git
    2cd unkey-flask
    3

    4

  2. Set up a virtual environment (optional but recommended): :

    1python3 -m venv venv   # For Linux/macOS
    2source venv/bin/activate  # For Linux/macOS
    3

    4python -m venv venv   # For Windows
    5venv\Scripts\activate  # For Windows
    6

  3. Set up your environment variables: Create a .env file in the project root and add the following variables. Get the Unkey API ID and Unkey rootkey from unkey dashboard

    1UNKEY_API_ID=your_unkey_api_id
    2UNKEY_ROOT_KEY=your_unkey_root_key

  4. Install the required dependencies

    1pip install -r requirements.txt

Usage

  1. Run the project:

    1python3 src/main.py  # For MacOS/Linux
    2

    3python src/main.py # For windows
  • Public Route: Visit http://localhost:3000/public to access the public route.
  • Protected Route: Use a tool like Postman or curl to send a GET request to http://localhost:3000/protected with an Authorization header containing your API key.

Example protected request using curl:

1curl http://127.0.0.1:3000/public

Example protected request using curl ( MAKE SURE THE API KEY has the withAuth permission ):

1curl -H "Authorization: Bearer <api_key>" http://localhost:3000/protected

Protect your API.
Start today.

Chat with us
Start Now

2500 verifications and 100K successful rate‑limited requests per month. No CC required.