Merge pull request #114 from SiftScience/API-7827

[API-7827]: Stop using url parameters to authenticate Score API requests

Author: esingin-sift

sift/client.py

@@ -234,7 +234,7 @@ def score(self, user_id, timeout=None, abuse_types=None, version=None, include_s
             version = self.version
 
         headers = {'User-Agent': self._user_agent()}
-        params = {'api_key': self.api_key}
+        params = {}
         if abuse_types:
             params['abuse_types'] = ','.join(abuse_types)
 
@@ -248,7 +248,8 @@ def score(self, user_id, timeout=None, abuse_types=None, version=None, include_s
                 url,
                 headers=headers,
                 timeout=timeout,
-                params=params)
+                params=params,
+                auth=requests.auth.HTTPBasicAuth(self.api_key, ''))
             return Response(response)
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), url)
@@ -284,7 +285,7 @@ def get_user_score(self, user_id, timeout=None, abuse_types=None, include_score_
 
         url = self._user_score_url(user_id, self.version)
         headers = {'User-Agent': self._user_agent()}
-        params = {'api_key': self.api_key}
+        params = {}
         if abuse_types:
             params['abuse_types'] = ','.join(abuse_types)
 
@@ -296,7 +297,8 @@ def get_user_score(self, user_id, timeout=None, abuse_types=None, include_score_
                 url,
                 headers=headers,
                 timeout=timeout,
-                params=params)
+                params=params,
+                auth=requests.auth.HTTPBasicAuth(self.api_key, ''))
             return Response(response)
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), url)
@@ -326,7 +328,7 @@ def rescore_user(self, user_id, timeout=None, abuse_types=None):
 
         url = self._user_score_url(user_id, self.version)
         headers = {'User-Agent': self._user_agent()}
-        params = {'api_key': self.api_key}
+        params = {}
         if abuse_types:
             params['abuse_types'] = ','.join(abuse_types)
 
@@ -335,7 +337,8 @@ def rescore_user(self, user_id, timeout=None, abuse_types=None):
                 url,
                 headers=headers,
                 timeout=timeout,
-                params=params)
+                params=params,
+                auth=requests.auth.HTTPBasicAuth(self.api_key, ''))
             return Response(response)
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), url)
@@ -401,7 +404,7 @@ def unlabel(self, user_id, timeout=None, abuse_type=None, version=None):
 
         url = self._label_url(user_id, version)
         headers = {'User-Agent': self._user_agent()}
-        params = {'api_key': self.api_key}
+        params = {}
         if abuse_type:
             params['abuse_type'] = abuse_type
 
@@ -410,7 +413,8 @@ def unlabel(self, user_id, timeout=None, abuse_type=None, version=None):
                 url,
                 headers=headers,
                 timeout=timeout,
-                params=params)
+                params=params,
+                auth=requests.auth.HTTPBasicAuth(self.api_key, ''))
             return Response(response)
 
         except requests.exceptions.RequestException as e:

tests/test_client.py

@@ -4,6 +4,7 @@
 import unittest
 import warnings
 from decimal import Decimal
+from requests.auth import HTTPBasicAuth
 
 import mock
 import requests.exceptions
@@ -342,9 +343,10 @@ def test_score_ok(self):
             response = self.sift_client.score('12345')
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/score/12345',
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=mock.ANY)
+                timeout=mock.ANY,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -364,9 +366,10 @@ def test_score_with_timeout_param_ok(self):
             response = self.sift_client.score('12345', test_timeout)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/score/12345',
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -388,9 +391,10 @@ def test_get_user_score_ok(self):
             response = self.sift_client.get_user_score('12345', test_timeout)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/users/12345/score',
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -415,9 +419,10 @@ def test_get_user_score_with_abuse_types_ok(self):
                                                        timeout=test_timeout)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/users/12345/score',
-                params={'api_key': self.test_key, 'abuse_types': 'payment_abuse,content_abuse'},
+                params={'abuse_types': 'payment_abuse,content_abuse'},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -440,9 +445,10 @@ def test_rescore_user_ok(self):
             response = self.sift_client.rescore_user('12345', test_timeout)
             mock_post.assert_called_with(
                 'https://api.siftscience.com/v205/users/12345/score',
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -467,9 +473,10 @@ def test_rescore_user_with_abuse_types_ok(self):
                                                      timeout=test_timeout)
             mock_post.assert_called_with(
                 'https://api.siftscience.com/v205/users/12345/score',
-                params={'api_key': self.test_key, 'abuse_types': 'payment_abuse,content_abuse'},
+                params={'abuse_types': 'payment_abuse,content_abuse'},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -968,7 +975,8 @@ def test_unlabel_user_ok(self):
                 'https://api.siftscience.com/v205/users/%s/labels' % user_id,
                 headers=mock.ANY,
                 timeout=mock.ANY,
-                params={'api_key': self.test_key, 'abuse_type': 'account_abuse'})
+                params={'abuse_type': 'account_abuse'},
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
 
@@ -1008,7 +1016,8 @@ def test_unlabel_user_with_special_chars_ok(self):
                 'https://api.siftscience.com/v205/users/%s/labels' % urllib.parse.quote(user_id),
                 headers=mock.ANY,
                 timeout=mock.ANY,
-                params={'api_key': self.test_key})
+                params={},
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
 
@@ -1055,9 +1064,10 @@ def test_score__with_special_user_id_chars_ok(self):
             response = self.sift_client.score(user_id, abuse_types=['legacy'])
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/score/%s' % urllib.parse.quote(user_id),
-                params={'api_key': self.test_key, 'abuse_types': 'legacy'},
+                params={'abuse_types': 'legacy'},
                 headers=mock.ANY,
-                timeout=mock.ANY)
+                timeout=mock.ANY,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -1464,9 +1474,10 @@ def test_score_api_include_score_percentiles_ok(self):
             response = self.sift_client.score(user_id='12345', include_score_percentiles=True)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/score/12345',
-                params={'api_key': self.test_key, 'fields': 'SCORE_PERCENTILES'},
+                params={'fields': 'SCORE_PERCENTILES'},
                 headers=mock.ANY,
-                timeout=mock.ANY)
+                timeout=mock.ANY,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")
@@ -1488,9 +1499,10 @@ def test_get_user_score_include_score_percentiles_ok(self):
             response = self.sift_client.get_user_score(user_id='12345', timeout=test_timeout, include_score_percentiles=True)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v205/users/12345/score',
-                params={'api_key': self.test_key, 'fields': 'SCORE_PERCENTILES'},
+                params={'fields': 'SCORE_PERCENTILES'},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert (response.is_ok())
             assert (response.api_error_message == "OK")

tests/test_client_v203.py

@@ -7,6 +7,7 @@
 import unittest
 import sys
 import requests.exceptions
+from requests.auth import HTTPBasicAuth
 if sys.version_info[0] < 3:
     import six.moves.urllib as urllib 
 else:
@@ -166,9 +167,10 @@ def test_score_ok(self):
             response = self.sift_client_v204.score('12345', version='203')
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v203/score/12345',
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=mock.ANY)
+                timeout=mock.ANY,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert(response.is_ok())
             assert(response.api_error_message == "OK")
@@ -186,9 +188,10 @@ def test_score_with_timeout_param_ok(self):
             response = self.sift_client.score('12345', test_timeout)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v203/score/12345',
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=test_timeout)
+                timeout=test_timeout,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert(response.is_ok())
             assert(response.api_error_message == "OK")
@@ -285,7 +288,8 @@ def test_unlabel_user_ok(self):
                 'https://api.siftscience.com/v203/users/%s/labels' % user_id,
                 headers=mock.ANY,
                 timeout=mock.ANY,
-                params={'api_key': self.test_key})
+                params={},
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert(response.is_ok())
 
@@ -326,7 +330,8 @@ def test_unlabel_user_with_special_chars_ok(self):
                 'https://api.siftscience.com/v203/users/%s/labels' % urllib.parse.quote(user_id),
                 headers=mock.ANY,
                 timeout=mock.ANY,
-                params={'api_key': self.test_key})
+                params={},
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert(response.is_ok())
 
@@ -373,9 +378,10 @@ def test_score__with_special_user_id_chars_ok(self):
             response = self.sift_client.score(user_id)
             mock_get.assert_called_with(
                 'https://api.siftscience.com/v203/score/%s' % urllib.parse.quote(user_id),
-                params={'api_key': self.test_key},
+                params={},
                 headers=mock.ANY,
-                timeout=mock.ANY)
+                timeout=mock.ANY,
+                auth=HTTPBasicAuth(self.test_key, ''))
             self.assertIsInstance(response, sift.client.Response)
             assert(response.is_ok())
             assert(response.api_error_message == "OK")