Documentation
Python SDK
The official TigerIdentity SDK for Python. Seamless async support, type hints, and Pythonic APIs for modern access control.
Installation
Install the SDK using pip:
pip install tigeridentity
Or with optional dependencies for async support:
pip install tigeridentity[async]
Requirements: Python 3.8 or higher
Quick Start
Initialize the client and make your first access decision:
from tigeridentity import TigerClient
from tigeridentity.models import EvaluateRequest
# Initialize client
client = TigerClient(
api_key="your-api-key",
base_url="https://api.tigeridentity.com"
)
# Evaluate access
result = client.decisions.evaluate(
EvaluateRequest(
principal_id="user-123",
action="read",
resource="document:sensitive-report",
context={
"ip_address": "203.0.113.42",
"device_trust": "high",
"mfa_verified": True
}
)
)
if result.allowed:
print(f"Access granted: {result.reason}")
else:
print(f"Access denied: {result.reason}")
# List principals
principals = client.principals.list(
type="user",
limit=50
)
for principal in principals.items:
print(f"Principal: {principal.id} ({principal.type})")Async Support
Use the async client for high-performance applications with asyncio:
import asyncio
from tigeridentity import AsyncTigerClient
from tigeridentity.models import EvaluateRequest
async def main():
# Initialize async client
async with AsyncTigerClient(api_key="your-api-key") as client:
# Concurrent evaluations
results = await asyncio.gather(
client.decisions.evaluate(
EvaluateRequest(
principal_id="user-alice",
action="read",
resource="project:alpha"
)
),
client.decisions.evaluate(
EvaluateRequest(
principal_id="user-bob",
action="write",
resource="project:beta"
)
)
)
for result in results:
print(f"Allowed: {result.allowed}, Reason: {result.reason}")
asyncio.run(main())Key Modules
TigerClient
Main synchronous client with automatic retries, connection pooling, and caching.
TigerClient(api_key=...)AsyncTigerClient
Async client for high-performance applications with full asyncio support.
AsyncTigerClient(api_key=...)Decision
Real-time access decisions with rich context and policy evaluation.
client.decisions.evaluate()Principal
Identity management for users, services, and AI agents.
client.principals.get()Policy
Create and manage access policies with simulation and versioning.
client.policies.create()models
Pydantic models for type-safe request/response handling with validation.
from tigeridentity.models import *Usage Examples
Creating a Policy
from tigeridentity.models import CreatePolicyRequest, PolicyRule, Condition
# Create a risk-based access policy
policy = client.policies.create(
CreatePolicyRequest(
name="high-risk-mfa-required",
description="Require MFA for high-risk operations",
rules=[
PolicyRule(
effect="allow",
conditions=[
Condition(
field="context.risk_score",
operator="less_than",
value=0.3
)
]
),
PolicyRule(
effect="allow",
conditions=[
Condition(
field="context.risk_score",
operator="greater_than_or_equal",
value=0.3
),
Condition(
field="context.mfa_verified",
operator="equals",
value=True
)
]
)
],
resources=["financial:*", "user:pii:*"],
actions=["read", "write", "delete"]
)
)
print(f"Created policy: {policy.id}")Batch Access Evaluation
from tigeridentity.models import BatchEvaluateRequest, EvaluateRequest
# Evaluate multiple access requests at once
results = client.decisions.batch_evaluate(
BatchEvaluateRequest(
requests=[
EvaluateRequest(
principal_id="user-alice",
action="read",
resource="project:alpha",
context={"department": "engineering"}
),
EvaluateRequest(
principal_id="user-alice",
action="write",
resource="project:alpha",
context={"department": "engineering"}
),
EvaluateRequest(
principal_id="user-alice",
action="delete",
resource="project:alpha",
context={"department": "engineering"}
)
]
)
)
for i, result in enumerate(results.results):
action = ["read", "write", "delete"][i]
print(f"{action}: {'✓' if result.allowed else '✗'}")Django Integration
from django.conf import settings
from django.http import HttpResponseForbidden
from functools import wraps
from tigeridentity import TigerClient
from tigeridentity.models import EvaluateRequest
# Initialize in settings
tiger_client = TigerClient(api_key=settings.TIGER_API_KEY)
def require_access(action, resource_fn):
"""Decorator to check access using TigerIdentity"""
def decorator(view_func):
@wraps(view_func)
def wrapper(request, *args, **kwargs):
resource = resource_fn(request, *args, **kwargs)
result = tiger_client.decisions.evaluate(
EvaluateRequest(
principal_id=f"user-{request.user.id}",
action=action,
resource=resource,
context={
"ip_address": request.META.get("REMOTE_ADDR"),
"user_agent": request.META.get("HTTP_USER_AGENT"),
"session_age": request.session.get("age_seconds", 0)
}
)
)
if not result.allowed:
return HttpResponseForbidden(result.reason)
return view_func(request, *args, **kwargs)
return wrapper
return decorator
# Usage in views
@require_access("write", lambda req, pk: f"document:{pk}")
def update_document(request, pk):
# Only called if access is granted
passFastAPI Integration
from fastapi import FastAPI, Depends, HTTPException, Request
from tigeridentity import AsyncTigerClient
from tigeridentity.models import EvaluateRequest
app = FastAPI()
tiger_client = AsyncTigerClient(api_key="your-api-key")
async def check_access(
request: Request,
action: str,
resource: str
):
"""Dependency to check access"""
user_id = request.state.user_id # From auth middleware
result = await tiger_client.decisions.evaluate(
EvaluateRequest(
principal_id=user_id,
action=action,
resource=resource,
context={
"ip_address": request.client.host,
"path": request.url.path
}
)
)
if not result.allowed:
raise HTTPException(status_code=403, detail=result.reason)
return result
@app.delete("/projects/{project_id}")
async def delete_project(
project_id: str,
access=Depends(
lambda req: check_access(req, "delete", f"project:{project_id}")
)
):
# Only executed if access is granted
return {"status": "deleted", "project_id": project_id}Error Handling
from tigeridentity.exceptions import (
TigerIdentityError,
APIError,
NotFoundError,
RateLimitError,
UnauthorizedError
)
try:
result = client.decisions.evaluate(request)
except NotFoundError as e:
print(f"Principal not found: {e.message}")
except RateLimitError as e:
print(f"Rate limited. Retry after {e.retry_after} seconds")
time.sleep(e.retry_after)
except UnauthorizedError:
print("Invalid API key")
except APIError as e:
print(f"API error: {e.message} (code: {e.code})")
except TigerIdentityError as e:
# Generic SDK error
print(f"SDK error: {e}")Start building with Python
Get your API key and integrate TigerIdentity in minutes.