In a world where infrastructure monitoring is vital, having a flexible and secure way to collect and process custom data is essential. In this blog post, we’ll take you through building an API that not only allows for dynamic field configurations but also includes robust security with API keys tied to specific servers.
We’ll walk through the recent enhancements to our monitoring API:
- Dynamic configuration: Centralized database for fields and validation rules.
- Server management: Register servers and validate requests using API keys.
- Improved security: Restrict API access to authorized servers.
Dynamic Configuration
Instead of hardcoding validation rules or thresholds, we introduced a database-backed configuration system. This allows you to define:
- Field Names: The names of the metrics (e.g., CPU load, memory usage).
- Validation Rules: Ensure values are within acceptable ranges.
- Alert Thresholds: Trigger alarms if values exceed thresholds.
Example table structure for configuration:
Copied!CREATE TABLE fields ( id INTEGER PRIMARY KEY, name TEXT UNIQUE, validation_rule TEXT, alert_threshold REAL );
API Endpoint to add a field:
Copied!curl -X POST http://127.0.0.1:5000/api/add_field \ -H "Content-Type: application/json" \ -d '{"name": "temperature", "validation_rule": "value >= -50 and value <= 100", "alert_threshold": 90}'
Server Management with API Keys
To secure our API, we implemented an api_keys system. Each server must register to receive a unique API key. This ensures only authorized systems can send data.
Register a Server
Copied!curl -X POST http://127.0.0.1:5000/api/register_server \ -H "Content-Type: application/json" \ -d '{"hostname": "server1", "ip_address": "192.168.1.10"}'
The response includes a unique API key:
Copied!{ "status": "success", "hostname": "server1", "ip_address": "192.168.1.10", "api_key": "3c5d8974-6f7a-11ed-81ce-0242ac120002" }
Reset an API Key If a key is compromised:
Copied!curl -X POST http://127.0.0.1:5000/api/reset_api_key \ -H "Content-Type: application/json" \ -d '{"hostname": "server1"}'
Validating Requests
When data is submitted, the API validates:
- API Key: Is it associated with the correct hostname or IP?
- Data Fields: Are the values valid as per the configuration?
Example request:
Copied!curl -X POST http://127.0.0.1:5000/api/submit \ -H "Content-Type: application/json" \ -H "X-API-Key: 3c5d8974-6f7a-11ed-81ce-0242ac120002" \ -d '{"field": "temperature", "value": 85}'
Listing Registered Servers
For administrative purposes, you can fetch all registered servers:
Copied!curl -X GET http://127.0.0.1:5000/api/list_servers
Building a Future-Proof API
With these enhancements, the API is ready to handle:
- Dynamic Metrics: Add fields without changing the code.
- Security: Protect data with server-specific API keys.
- Custom Validation: Ensure data integrity with configurable rules.
- Scalability: Easily extend to accommodate more metrics and servers.
Code Overview
Check out our downloads section for all code of this api and test it yourself.
What’s Next?
In the next iteration, we plan to:
- Add notification mechanisms for alert thresholds.
- Integrate with machine learning for predictive analytics.
- Implement real-time dashboards for better visualization.
This project demonstrates how to build a secure and flexible API for custom monitoring needs. Whether tracking server updates, monitoring temperature sensors, or gathering business metrics, this API is ready to adapt to your requirements.