Forums

Securely calling a PythonAnywhere application from a node.js server

Hello.

I have an online application that uses Python to run a little analysis. It successfully receives a set of parameters in json format and returns the results. No login required etc. so it can be run from a simple stand alone http page.

My next task is to run the same application but only when called from a node server and to make it secure. That is, the application will only run if a password is supplied by the node call (or some other method). i.e. if anything other than this specific node server calls the application it won't run. No problem calling the application from node, it's how to secure the Python application and only let the node server queries in that's got me stuck.

As a dumb way of doing this I could I suppose just pass a secret code in the node call which Python will use to assess if the query is genuine. But this still leaves the Python application open to (unsuccessful) queries from anywhere.

I'm presuming (but very new to this) that secure data exchange between two servers isn't a big deal? Except for me. Any hints as to how I go about this would be most gratefully received. I should add, I have access to both the PythonAnywhere and Node.js servers so can alter the code as needed.

Many thanks,

Phil

That seems like a very convoluted way to do a simple authentication task. Pretty-much every Python web framework will have some sort of authentication system included or easily available. Doing that authentication in Python will make it much simpler.

Ah... I'm glad you say this Glenn.

I'm assuming something like Flask but to authenticate communication between servers?

I'll do some research.

Thanks,

Phil