Integration Guide - Python ASGI (FastAPI)

Built For Latest Version Language Versions Software License Source Code

ASGI middleware that automatically logs incoming or outgoing API calls and sends to Moesif for API analytics and monitoring. Supports Python Frameworks built on ASGI such as FastAPI and more.

Source Code on GitHub

ASGI (Asynchronous Server Gateway Interface) is a spiritual successor to WSGI, intended to provide a standard interface between async-capable Python web servers, frameworks, and applications. Many Python Frameworks are build on top of ASGI, such as FastAPI, etc. Moesif ASGI Middleware help APIs that are build on top of these Frameworks to easily integrate with Moesif.

How to install

pip install moesifasgi

How to use

FastAPI

Add Moesif middleware to fastAPI app.

from moesifasgi import MoesifMiddleware

moesif_settings = {
    'APPLICATION_ID': 'Your Moesif Application id',
    'LOG_BODY': True,
    # ... For other options see below.
}

app = FastAPI()

app.add_middleware(MoesifMiddleware, settings=moesif_settings)

Your Moesif Application Id can be found in the Moesif Portal. After signing up for a Moesif account, your Moesif Application Id will be displayed during the onboarding steps.

You can always find your Moesif Application Id at any time by logging into the Moesif Portal, click on the top right menu, and then clicking API Keys.

For an example with Flask, see example in the /examples/flask folder of this repo.

Other ASGI frameworks

If you are using a framework that is built on top of ASGI, it should work just by adding the Moesif middleware. Please read the documentation for your specific framework on how to add middleware.

Configuration options

APPLICATION_ID

(required), string, is obtained via your Moesif Account, this is required.

For options that use the request and response as input arguments, these use the Requests and Responses objects respectively.

SKIP

(optional) (request, response) => boolean, a function that takes a request and a response, and returns true if you want to skip this particular event.

IDENTIFY_USER

(optional, but highly recommended) (request, response) => string, a function that takes a request and a response, and returns a string that is the user id used by your system. While Moesif tries to identify users automatically, but different frameworks and your implementation might be very different, it would be helpful and much more accurate to provide this function.

IDENTIFY_COMPANY

(optional) (request, response) => string, a function that takes a request and a response, and returns a string that is the company id for this event.

GET_METADATA

(optional) (request, response) => dictionary, a function that takes a request and a response, and returns a dictionary (must be able to be encoded into JSON). This allows your to associate this event with custom metadata. For example, you may want to save a VM instance_id, a trace_id, or a tenant_id with the request.

GET_SESSION_TOKEN

(optional) (request, response) => string, a function that takes a request and a response, and returns a string that is the session token for this event. Again, Moesif tries to get the session token automatically, but if you setup is very different from standard, this function will be very help for tying events together, and help you replay the events.

MASK_EVENT_MODEL

(optional) (EventModel) => EventModel, a function that takes an EventModel and returns an EventModel with desired data removed. The return value must be a valid EventModel required by Moesif data ingestion API. For details regarding EventModel please see the Moesif Python API Documentation.

DEBUG

(optional) boolean, a flag to see debugging messages.

LOG_BODY

(optional) boolean, default True, Set to False to remove logging request and response body.

BATCH_SIZE

(optional) int, default 25, Maximum batch size when sending events to Moesif.

AUTHORIZATION_HEADER_NAME

(optional) string, A request header field name used to identify the User in Moesif. Default value is authorization. Also, supports a comma separated string. We will check headers in order like "X-Api-Key,Authorization".

AUTHORIZATION_USER_ID_FIELD

(optional) string, A field name used to parse the User from authorization header in Moesif. Default value is sub.

BASE_URI

(optional) string, A local proxy hostname when sending traffic via secure proxy. Please set this field when using secure proxy. For more details, refer secure proxy documentation.

Options specific to outgoing API calls

The options below are applicable to outgoing API calls (calls you initiate using the Python Requests lib to third parties like Stripe or to your own services).

For options that use the request and response as input arguments, these use the Requests lib’s request or response objects.

If you are not using ASGI, you can import the moesifpythonrequest directly.

CAPTURE_OUTGOING_REQUESTS

boolean, Default False. Set to True to capture all outgoing API calls. False will disable this functionality.

GET_METADATA_OUTGOING

(optional) (req, res) => dictionary, a function that enables you to return custom metadata associated with the logged API calls. Takes in the Requests request and response object as arguments. You should implement a function that returns a dictionary containing your custom metadata. (must be able to be encoded into JSON). For example, you may want to save a VM instance_id, a trace_id, or a resource_id with the request.

SKIP_OUTGOING

(optional) (req, res) => boolean, a function that takes a Requests request and response, and returns true if you want to skip this particular event.

IDENTIFY_USER_OUTGOING

(optional, but highly recommended) (req, res) => string, a function that takes Requests request and response, and returns a string that is the user id used by your system. While Moesif tries to identify users automatically, but different frameworks and your implementation might be very different, it would be helpful and much more accurate to provide this function.

IDENTIFY_COMPANY_OUTGOING

(optional) (req, res) => string, a function that takes Requests request and response, and returns a string that is the company id for this event.

GET_SESSION_TOKEN_OUTGOING

(optional) (req, res) => string, a function that takes Requests request and response, and returns a string that is the session token for this event. Again, Moesif tries to get the session token automatically, but if you setup is very different from standard, this function will be very help for tying events together, and help you replay the events.

LOG_BODY_OUTGOING

(optional) boolean, default True, Set to False to remove logging request and response body.

Example:

custom_user = "12345"

async def custom_identify_user():
    return custom_user

async def identify_user(request, response):
    user = await custom_identify_user()
    return user

def identify_user(request, response):
    return custom_user

custom_company = "67890"

async def custom_identify_company():
    return custom_company

async def identify_company(request, response):
    company = await custom_identify_company()
    return company

def identify_company(request, response):
    return custom_company

custom_session_token = "XXXXXXXXXXXXXX"

async def custom_get_token():
    # If you don't want to use the standard ASGI session token,
    # add your custom code that returns a string for session/API token
    return custom_session_token

async def get_token(request, response):
    result = await custom_get_token()
    return result

def get_token(request, response):
    return custom_session_token

custom_metadata = {
    'datacenter': 'westus',
    'deployment_version': 'v1.2.3',
}

async def custom_get_metadata():
    return custom_metadata

async def get_metadata(request, response):
    result = await custom_get_metadata()
    return result

def get_metadata(request, response):
    return custom_metadata

skip_route = "health/probe"

async def custom_should_skip(request):
    # Your custom code that returns true to skip logging
    return skip_route in request.url._url

async def should_skip(request, response):
    result = await custom_should_skip(request)
    return result

def should_skip(request, response):
    return skip_route in request.url._url

def custom_mask_event(eventmodel):
    # Your custom code to change or remove any sensitive fields
    if 'password' in eventmodel.response.body:
        eventmodel.response.body['password'] = None
    return eventmodel

async def mask_event(eventmodel):
    return custom_mask_event(eventmodel)

def mask_event(eventmodel):
    return custom_mask_event(eventmodel)


moesif_settings = {
    'APPLICATION_ID': 'Your Moesif Application Id',
    'DEBUG': False,
    'LOG_BODY': True,
    'IDENTIFY_USER': identify_user,
    'IDENTIFY_COMPANY': identify_company,
    'GET_SESSION_TOKEN': get_token,
    'SKIP': should_skip,
    'MASK_EVENT_MODEL': mask_event,
    'GET_METADATA': get_metadata,
    'CAPTURE_OUTGOING_REQUESTS': False
}

app = FastAPI()

app.add_middleware(MoesifMiddleware, settings=moesif_settings)

OAuth2 can also been used more info

Tested versions

Moesif has validated Moesif.Middleware against the following framework.

  Framework Version
fastapi > 0.51.0 - 0.78.0

Other integrations

To view more documentation on integration options, please visit the Integration Options Documentation.