Sign up
Sign in

Ouro as API middleware

This guide outlines the process of configuring your API to use Ouro as an authentication and monetization middleman. By integrating Ouro, you can streamline several critical aspects of API management:

  • Simplified authentication: Ouro handles user authentication, reducing the complexity of implementing and maintaining your own auth system.
  • Monetization made easy: Ouro provides built-in tools for setting up paid routes, usage limits, and billing, allowing you to monetize your API without building a custom billing system.
  • Rate limiting: By using Ouro as a proxy, you add an extra layer of security between your API and end-users.
  • Usage analytics: Get insights into how your API is being used.
A diagram of how the Ouro middleware sits in between your users and your API.

We've designed this process so that your end users will need to make minimal changes to their existing configuration:

  • A new base URL to use
  • An API key to pass with requests as an Auth header

Everything else, including parameter and request body configuration will be exactly the same as you originally designed it.

1. Getting started

To start using Ouro as your API middleman, you'll need to sign up for an Ouro account if you haven't already.

Next, you'll need to modify your API to work with Ouro. Your API will need to verify that incoming requests are coming from Ouro and to only respond to those requests.

Finally, you'll need to add your service to Ouro and configure any desired pricing and usage limits.

See our guide for more details on how to add an API to the platform:

How to monetize APIs

Charge for access to your API

2. Limiting access

When using Ouro as an API middleman, it's important to ensure that your service only responds to legitimate requests forwarded by Ouro. This prevents unauthorized direct access to your API and maintains the integrity of your authentication and monetization setup.

Domain whitelisting

Configure your API to accept requests only from our domain. This involves checking the origin of incoming requests and rejecting any that don't come from Ouro's whitelisted domains.

You can use CORS configurations to ensure that your API only responds to the following origins:

  • api.ouro.foundation
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
 
app = FastAPI()
 
# List of allowed domains
ALLOWED_DOMAINS = ["api.ouro.foundation"]
 
# CORS middleware setup
app.add_middleware(
    CORSMiddleware,
    allow_origins=ALLOWED_DOMAINS,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)
 
# Your API routes go here
@app.get("/")
async def root():
    return {"message": "Hello from your API!"}

Auth header verification

Coming soon

See all guides