Using environment variable in Python to authenticate against 3rd party API.

  • by
Accessing environment variables

I am working on a python script. The script is using the IEX Cloud API with a python library called pyEX.

For most APIs, you will need to register and use some sort of token to use it. This is the case with IEX API. When you create the IEX client you need to provide the token.

The documentation tells me the following:

IEX Cloud Client has access to all methods provided as standalone but in an authenticated way

Parameters:

  • api_token (str) – api token (can pickup from IEX_TOKEN environment variable)
  • version (str) – api version to use (defaults to v1) set version to ‘sandbox’ to run against the IEX sandbox
  • api_limit (int) – cache calls in this interval

Including your secret token in your source code is not considered best practice. Checking it in a Github repo is even worse. There are automated tools scanning public repo and harvesting these kinds of credentials.

But the docs also say that if you set IEX_TOKEN as an environment variable then the client will pick it up.

This brings me to the subject of today’s article. How do I set up environment variables for my scripts on different platforms?

Setting up environment variables on Windows

Setting up environment variables on Windows is easy. Just hit the Start menu and type environment then choose Edit environment variables for your account. If you want system-level environment variables the choose Edit the system environment variables.

Then provide the name and value for the environment variable. In our case, the variable name is going to be IEX_TOKEN. The variable value is going to be your private key from the IEX cloud, something like pk_3e45ee233ddc1233ba22.

Creating your environment variable for IEX API on windows
Creating your environment variable on Windows.

Setting up environment variables on macOS

Setting up the environment variable on macOS is very easy. I assume that you use the bash shell which is the default one on macOS and you will need to edit the .bashrc file that is located in your user directory. Create one if it does not exist and add the following line in the file

export IEX_TOKEN=YOUR_ACTUAL_IEX_TOKEN

then to test it you issue this command in your bash shell window and the token value should be printed as the result.

echo $IEX_TOKEN

Reading the environment variable

If you need to read environment variables for your own code then you can do this by using os library:

import os env_var = os.environ.get('ENV_VAR', 'default value')

or another way is to use os.getenv():

import os env_var = os.getenv('ENV_VAR', 'default value')

I prefer providing a default value most of the time, so there are will be no empty values in those variables.

Summary

In this article, we discussed how to access sensitive information like API tokens or credentials in a secure way. Storing these keys in the code and then checking in these secret keys and passwords in GitHub repos are going make it publicly visible and going to expose you to malicious actors.

The secret keys and passwords should be part of your environment and not your code. Storing this information in your environment variables helps you to achieve this.

Another option is to store the sensitive information in .env files and make sure that these files are added to your .gitignore, so it is not part of your code repository, but environment variables are easier to deal with in my opinion.