--- title: "Secure Falcon APIs with API Key Authentication" description: "Secure your Falcon API using a shared secret." canonicalUrl: "https://zuplo.com/use-cases/api-key-auth/python/falcon/secure-header" framework: "Falcon" language: "Python" authStrategy: "shared secret header" pageType: use-case --- # Secure Falcon APIs with API Key Authentication Secure your Falcon API using a shared secret. ## How Zuplo Handles It Put Zuplo in front of your Falcon backend to authenticate API keys and forward a shared secret header so your origin only accepts traffic from Zuplo. ## Falcon Backend Code ```python import falcon import os import hmac import hashlib class SharedSecretMiddleware: def process_request(self, req, resp): expected_secret = os.getenv('SHARED_SECRET') if not expected_secret: raise falcon.HTTPInternalServerError( title='Server configuration error', description='Shared secret is not configured on the server.' ) secret = req.get_header('X-Shared-Secret') if not secret: raise falcon.HTTPUnauthorized( title='Authentication required', description='No secret provided.' ) # Use hmac.compare_digest for timing-safe comparison if not hmac.compare_digest(secret, expected_secret): raise falcon.HTTPUnauthorized( title='Authentication failed', description='Invalid secret.' ) class ProtectedResource: def on_get(self, req, resp): resp.media = {'message': 'Access granted'} app = falcon.App(middleware=[SharedSecretMiddleware()]) app.add_route('/protected', ProtectedResource()) ``` ## Example Request ```bash curl -X GET \ 'https://your-api.zuplo.dev/your-route' \ -H 'Authorization: Bearer YOUR_API_KEY' ``` ## Learn More - [API Key Authentication on Zuplo](https://zuplo.com/docs/policies/api-key-auth-inbound) - [JWT Authentication on Zuplo](https://zuplo.com/docs/policies/open-id-jwt-auth-inbound) - [All use cases](https://zuplo.com/use-cases)