Security

DeepStack allows you to protect your api endpoints with keys to prevent unauthorized access.

You can set two types of keys: API Key and Admin Key.

The API Key protects all recognition and detection endpoints including face, scene, object detection and custom models. The admin key protects admin apis such as adding models, deleting models, list models, backup and restore.

Setting API Key

Run the command below as it applies to the version you have installed

bash
sudo docker run -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack
bash
sudo docker run --gpus all -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack:gpu
bash
deepstack --VISION-SCENE True --PORT 80 --API-KEY Mysecretkey
bash
sudo docker run -e API-KEY=Mysecretkey --runtime nvidia  -e VISION-SCENE=True -p 80:5000 deepquestai/deepstack:jetpack
bash
sudo deepstack start "VISION-SCENE=True API-KEY=Mysecretkey"

The command -e API-KEY=Mysecretkey sets Mysecretkey as the api key.

Below we shall attempt to classify the scene of the image below without specifying the key.

python
import requests

image_data = open("test-image10.jpg","rb").read()

response = requests.post("http://localhost:80/v1/vision/scene",
files={"image":image_data}).json()
print(response)
js
const request = require("request")
const fs = require("fs")

image_stream = fs.createReadStream("test-image10.jpg")

var form = {"image":image_stream}

request.post({url:"http://localhost:80/v1/vision/scene", formData:form},function(err,res,body){

    response = JSON.parse(body)
    console.log(response)
})
c#
using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;

namespace app
{

    class App {

    static HttpClient client = new HttpClient();

    public static async Task makeRequest(){

        var request = new MultipartFormDataContent();
        var image_data = File.OpenRead("test-image5.jpg");
        request.Add(new StreamContent(image_data),"image",Path.GetFileName("test-image5.jpg"));
        var output = await client.PostAsync("http://localhost:80/v1/vision/scene",request);
        var jsonString = await output.Content.ReadAsStringAsync();

        Console.WriteLine(jsonString);

    }

    static void Main(string[] args){

        makeRequest().Wait();

    }

    }

}

Response:

json
{'success': False, 'error': 'Incorrect api key'}

As seen above, the prediction fails returning incorrect api key.

Below, we make the request with the api key specified

python
import requests

image_data = open("test-image10.jpg","rb").read()

response = requests.post("http://localhost:80/v1/vision/scene",
files={"image":image_data}, data={"api_key":"Mysecretkey"}).json()
print(response)
js
const request = require("request")
const fs = require("fs")

image_stream = fs.createReadStream("test-image10.jpg")

var form = {"image":image_stream,"api_key":"Mysecretkey"}

request.post({url:"http://localhost:80/v1/vision/scene", formData:form},function(err,res,body){

    response = JSON.parse(body)
    console.log(response)
})
c#
using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;

namespace app
{

    class App {

    static HttpClient client = new HttpClient();

    public static async Task makeRequest(){

        var request = new MultipartFormDataContent();
        var image_data = File.OpenRead("test-image5.jpg");
        request.Add(new StreamContent(image_data),"image",Path.GetFileName("test-image5.jpg"));
        request.Add(new StringContent("Mysecretkey"),"api_key");
        var output = await client.PostAsync("http://localhost:80/v1/vision/scene",request);
        var jsonString = await output.Content.ReadAsStringAsync();

        Console.WriteLine(jsonString);

    }

    static void Main(string[] args){

        makeRequest().Wait();

    }

    }

}

Response:

json
{'success': True, 'label': 'hospital_room', 'confidence': 0.4538608}

Setting Admin keys

Admin keys are set similarly to API Keys, see example below.

You can specify the admin key during startup of deepstack.

Run the command below as it applies to the version you have installed

bash
sudo docker run -e ADMIN-KEY=Secretadminkey -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack
bash
sudo docker run --gpus all -e ADMIN-KEY=Secretadminkey -e API-KEY=Mysecretkey -e VISION-SCENE=True -v localstorage:/datastore -p 80:5000 deepquestai/deepstack:gpu
bash
deepstack --VISION-SCENE True --PORT 80 --API-KEY Mysecretkey --ADMIN-KEY Secretadminkey
bash
sudo docker run -e ADMIN-KEY=Secretadminkey -e API-KEY=Mysecretkey --runtime nvidia  -e VISION-SCENE=True -p 80:5000 deepquestai/deepstack:jetpack
bash
sudo deepstack start "VISION-SCENE=True ADMIN-KEY=Secretadminkey API-KEY=Mysecretkey"

The command -e ADMIN-KEY=Secretadminkey sets Secretadminkey as the admin key. In this example, the API key is also set, note that you can set either without setting the other.

Once you set an Admin key, you need to specify it when making admin calls such as backup, restore and model management.

Example below is for adding models.

python
import requests
from io import  open

model = open("idenprof.pb","rb").read()
config = open("config.json","rb").read()

response = requests.post("http://localhost:80/v1/vision/addmodel",
files={"model":model,"config":config},data={"name":"profession","admin_key":"Secretadminkey"}).json()
js
iconst request = require("request")
const fs = require("fs")

model = fs.createReadStream("idenprof.onnx")
config = fs.createReadStream("config.json")

var form = {"model":image_stream, "config":config,"name":"profession"}

request.post({url:"http://localhost:80/v1/vision/addmodel", formData:form},function(err,res,body){

    response = JSON.parse(body)
    predictions = response["predictions"]

    console.log(response)
})
c#
using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;


namespace app
{

    class App {

    static HttpClient client = new HttpClient();

    public static async Task makeRequest(){

        var request = new MultipartFormDataContent();
        var model = File.OpenRead("idenprof.pb");
        var config = File.OpenRead("config.json");
        request.Add(new StreamContent(model),"model",Path.GetFileName("idenprof.pb"));
        request.Add(new StreamContent(config),"config",Path.GetFileName("config.json"));
        request.Add(new StringContent("profession"),"name");
        request.Add(new StringContent("Secretadminkey"),"admin_key");
        var output = await client.PostAsync("http://localhost:80/v1/vision/addmodel",request);
        var jsonString = await output.Content.ReadAsStringAsync();

        Console.WriteLine(jsonString);

    }


    static void Main(string[] args){

        makeRequest().Wait();

    }

    }

}