Security

DeepStack allows you to protect your api endpoints with keys to prevent unauthorized access.

You can set two types of keys: API Key and Admin Key

The API Key protects all recognition and detection endpoints including face, scene, object detection and custom models. The admin key protects admin apis such as adding models, deleting models, list models, backup and restore.

Setting API Key

You can specify the api key during startup of deepstack

docker run -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack

The command -e API-KEY=Mysecretkey sets “Mysecretkey” as the api key.

Below we shall attempt to classify the scene of the image below without specifying the key.

_images/test-image10.jpg
using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;

namespace app
{

    class App {

    static HttpClient client = new HttpClient();

    public static async Task makeRequest(){

        var request = new MultipartFormDataContent();
        var image_data = File.OpenRead("test-image5.jpg");
        request.Add(new StreamContent(image_data),"image",Path.GetFileName("test-image5.jpg"));
        var output = await client.PostAsync("http://localhost:80/v1/vision/scene",request);
        var jsonString = await output.Content.ReadAsStringAsync();

        Console.WriteLine(jsonString);

    }

    static void Main(string[] args){

        makeRequest().Wait();

    }

    }

}

Response:

{'success': False, 'error': 'Incorrect api key'}

As seen above, the prediction fails returning incorrect api key

Below, we make the request with the api key specified

using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;

namespace app
{

    class App {

    static HttpClient client = new HttpClient();

    public static async Task makeRequest(){

        var request = new MultipartFormDataContent();
        var image_data = File.OpenRead("test-image5.jpg");
        request.Add(new StreamContent(image_data),"image",Path.GetFileName("test-image5.jpg"));
        request.Add(new StringContent("Mysecretkey"),"api_key");
        var output = await client.PostAsync("http://localhost:80/v1/vision/scene",request);
        var jsonString = await output.Content.ReadAsStringAsync();

        Console.WriteLine(jsonString);

    }

    static void Main(string[] args){

        makeRequest().Wait();

    }

    }

}

Response:

{'success': True, 'label': 'hospital_room', 'confidence': 0.4538608}

Setting Admin keys

Admin keys are set similarly to API Keys, see example below.

You can specify the admin key during startup of deepstack

docker run -e ADMIN-KEY=Secretadminkey -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack

The command -e ADMIN-KEY=Secretadminkey sets “Secretadminkey” as the admin key. In this example, the API key is also set, note that you can set either without setting the other.

Once you set an Admin key, you need to specify it when making admin calls such as backup, restore and model management.

Example below is for adding models.

using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;


namespace app
{

    class App {

    static HttpClient client = new HttpClient();

    public static async Task makeRequest(){

        var request = new MultipartFormDataContent();
        var model = File.OpenRead("idenprof.pb");
        var config = File.OpenRead("config.json");
        request.Add(new StreamContent(model),"model",Path.GetFileName("idenprof.pb"));
        request.Add(new StreamContent(config),"config",Path.GetFileName("config.json"));
        request.Add(new StringContent("profession"),"name");
        request.Add(new StringContent("Secretadminkey"),"admin_key");
        var output = await client.PostAsync("http://localhost:80/v1/vision/addmodel",request);
        var jsonString = await output.Content.ReadAsStringAsync();

        Console.WriteLine(jsonString);

    }


    static void Main(string[] args){

        makeRequest().Wait();

    }

    }

}

Changing Keys

When you specify keys during startup of DeepStack, the keys will be stored and reused even if you run deepstack again without specifying a key.

You can easily change the keys by specifying new ones during startup of deepstack, you can also remove the keys by setting them to an empty string during startup.

Below, both keys are removed.

sudo docker run -e ADMIN-KEY="" -e API-KEY="" -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack