Security

Security

DeepStack allows you to protect your api endpoints with keys to prevent unauthorized access.

You can set two types of keys: API Key and Admin Key

The API Key protects all recognition and detection endpoints including face, scene, object detection and custom models. The admin key protects admin apis such as adding models, deleting models, list models, backup and restore.

Setting API Key

You can specify the api key during startup of deepstack

CPU Version
GPU Version
sudo docker run -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore \
-p 80:5000 deepquestai/deepstack

The command -e API-KEY=Mysecretkey sets “Mysecretkey” as the api key.

On Raspberry PI, specify the key as below.

sudo deepstack start "VISION-SCENE=True API-KEY=Mysecretkey"

On Windows, simply type in the API Key in the Start Up Interface

Below we shall attempt to classify the scene of the image below without specifying the key.

_images/test-image10.jpg
using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;
namespace app
{
class App {
static HttpClient client = new HttpClient();
public static async Task makeRequest(){
var request = new MultipartFormDataContent();
var image_data = File.OpenRead("test-image5.jpg");
request.Add(new StreamContent(image_data),"image",Path.GetFileName("test-image5.jpg"));
var output = await client.PostAsync("http://localhost:80/v1/vision/scene",request);
var jsonString = await output.Content.ReadAsStringAsync();
Console.WriteLine(jsonString);
}
static void Main(string[] args){
makeRequest().Wait();
}
}
}

Response:

{'success': False, 'error': 'Incorrect api key'}

As seen above, the prediction fails returning incorrect api key

Below, we make the request with the api key specified

using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;
namespace app
{
class App {
static HttpClient client = new HttpClient();
public static async Task makeRequest(){
var request = new MultipartFormDataContent();
var image_data = File.OpenRead("test-image5.jpg");
request.Add(new StreamContent(image_data),"image",Path.GetFileName("test-image5.jpg"));
request.Add(new StringContent("Mysecretkey"),"api_key");
var output = await client.PostAsync("http://localhost:80/v1/vision/scene",request);
var jsonString = await output.Content.ReadAsStringAsync();
Console.WriteLine(jsonString);
}
static void Main(string[] args){
makeRequest().Wait();
}
}
}

Response:

{'success': True, 'label': 'hospital_room', 'confidence': 0.4538608}

Setting Admin keys

Admin keys are set similarly to API Keys, see example below.

You can specify the admin key during startup of deepstack

CPU Version
GPU Version
sudo docker run -e ADMIN-KEY=Secretadminkey -e API-KEY=Mysecretkey \
-e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack

The command -e ADMIN-KEY=Secretadminkey sets “Secretadminkey” as the admin key. In this example, the API key is also set, note that you can set either without setting the other.

On Raspberry PI, specify the key as below.

sudo deepstack start "VISION-SCENE=True ADMIN-KEY=Secretadminkey"

On Windows, simply type in the Admin Key in the Start Up Interface

Once you set an Admin key, you need to specify it when making admin calls such as backup, restore and model management.

Example below is for adding models.

using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;
namespace app
{
class App {
static HttpClient client = new HttpClient();
public static async Task makeRequest(){
var request = new MultipartFormDataContent();
var model = File.OpenRead("idenprof.pb");
var config = File.OpenRead("config.json");
request.Add(new StreamContent(model),"model",Path.GetFileName("idenprof.pb"));
request.Add(new StreamContent(config),"config",Path.GetFileName("config.json"));
request.Add(new StringContent("profession"),"name");
request.Add(new StringContent("Secretadminkey"),"admin_key");
var output = await client.PostAsync("http://localhost:80/v1/vision/addmodel",request);
var jsonString = await output.Content.ReadAsStringAsync();
Console.WriteLine(jsonString);
}
static void Main(string[] args){
makeRequest().Wait();
}
}
}

Changing Keys

When you specify keys during startup of DeepStack, the keys will be stored and reused even if you run deepstack again without specifying a key.

This behaviour is slightly different for the Windows Version, if no key is provided in startup, it will not require any key for further requests.

You can easily change the keys by specifying new ones during startup of deepstack, you can also remove the keys by setting them to an empty string during startup.

Below, both keys are removed.

CPU Version
GPU Version
sudo docker run -e ADMIN-KEY="" -e API-KEY="" -e VISION-SCENE=True \
-v localstorage:/datastore -p 80:5000 deepquestai/deepstack