Integration Guide

FastAPI Integration

For the modern Python AI stack

💡 Why FastAPI?

FastAPI is the go-to framework for modern Python APIs. It's async, fast, and has built-in type validation with Pydantic - perfect for AI agents.

Complete Implementation

This example uses FastAPI's dependency injection to verify every incoming request:

from fastapi import FastAPI, Request, HTTPException, Depends
from amorce import verify_request, AmorceSecurityError

app = FastAPI()

async def amorce_security(request: Request):
    """Dependency to verify incoming Amorce requests."""
    try:
        # Get the raw body
        body = await request.body()
        
        # Verify headers and body signature
        # This checks: Timestamp freshness, Signature validity, Sender reputation
        verified = verify_request(
            headers=request.headers,
            body=body
        )
        
        return verified
        
    except AmorceSecurityError as e:
        raise HTTPException(status_code=401, detail=str(e))

@app.post("/agent/book-table")
async def book_table(
    payload: dict, 
    sender = Depends(amorce_security)  # ← Auto-verification
):
    # If we get here, the request is 100% verified.
    # 'sender' contains the verified agent info
    
    print(f"✅ Verified request from agent: {sender.agent_id}")
    print(f"Intent: {payload.get('intent')}")
    
    return {
        "status": "confirmed",
        "message": f"Hello agent {sender.agent_id}, table booked!",
        "table_number": "A5"
    }

@app.post("/agent/check-availability")
async def check_availability(
    payload: dict,
    sender = Depends(amorce_security)  # ← Reuse the dependency
):
    # Another protected endpoint - automatically verified
    date = payload.get("date")
    time = payload.get("time")
    
    return {
        "available": True,
        "date": date,
        "time": time,
        "tables_free": 12
    }

How It Works

1. Dependency Injection

Depends(amorce_security) runs before your endpoint handler. If verification fails, the endpoint never executes.

2. Automatic Rejection

If the signature is invalid, FastAPI returns 401 Unauthorized automatically. No need for manual error handling in each endpoint.

3. Verified Sender Info

The sender parameter contains the verified agent's ID, public key, and payload. Use this for logging or conditional logic.

Advanced: Intent Whitelisting

For extra security, only allow specific intents:

async def amorce_security_strict(request: Request):
    """Only allow specific intents."""
    try:
        body = await request.body()
        verified = verify_request(
            headers=request.headers,
            body=body,
            allowed_intents=['book_table', 'check_availability']  # ← Whitelist
        )
        return verified
    except AmorceSecurityError as e:
        raise HTTPException(
            status_code=403,
            detail=f"Intent not allowed: {e}"
        )

@app.post("/agent/critical-action")
async def critical_action(
    payload: dict,
    sender = Depends(amorce_security_strict)  # ← Stricter verification
):
    # Only 'book_table' and 'check_availability' intents allowed
    return {"status": "success"}

✅ Production Ready

This code is production-ready. Copy-paste it into your FastAPI app and it will work immediately. Just install the SDK: pip install amorce-sdk

Flask Integration

Test

Validate Your Manifest →