scanoss.py icon indicating copy to clipboard operation
scanoss.py copied to clipboard
verified publisher icon scanoss

How to read API URL and KEY from file?

Open rettichschnidi opened this issue 2 months ago • 2 comments

For convenience and security reasons, I want scanoss-py to read the API URL and API key to be read from a file. How can I achieve this?

rettichschnidi avatar Nov 09 '25 23:11 rettichschnidi

Hi,

It's not possible currently, but is on the roadmap. We achieve it today by injecting environment variables at execution time. You can achieve that using --apiurl and --key or by specifying SCANOSS_SCAN_URL and SCANOSS_API_KEY.

I've marked this Issue as an enhancement.

Thanks!

eeisegn avatar Nov 10 '25 07:11 eeisegn

Just learned: For SCANOSS_SCAN_URL, https://api.scanoss.com is not the right value and results in such errors:

$ scanoss-py scan .
Loading settings file scanoss.json...
Searching . for files to fingerprint...
Fingerprinting \No response object returned from API. Please look in "bad_request-140180988081856-00108804-f888-45fa-beac-711c37669614.txt" for the offending WFP.
Warning: Error response code 405 () from https://api.scanoss.com. Retrying..
...

Not setting SCANOSS_SCAN_URL is the solution, as scanoss-py will just pick the right URL whenever SCANOSS_API_KEY is set.

rettichschnidi avatar Nov 14 '25 14:11 rettichschnidi

Just learned: For SCANOSS_SCAN_URL, https://api.scanoss.com is not the right value and results in such errors:

$ scanoss-py scan . Loading settings file scanoss.json... Searching . for files to fingerprint... Fingerprinting \No response object returned from API. Please look in "bad_request-140180988081856-00108804-f888-45fa-beac-711c37669614.txt" for the offending WFP. Warning: Error response code 405 () from https://api.scanoss.com. Retrying.. ...

Not setting SCANOSS_SCAN_URL is the solution, as scanoss-py will just pick the right URL whenever SCANOSS_API_KEY is set.

Hi @rettichschnidi,

When using --apiurl or env variable SCANOSS_SCAN_URL, you need to provide the complete endpoint URL including the path /scan/direct, not just the base URL.

Correct usage:

scanoss-py scan --apiurl https://api.scanoss.com/scan/direct --key $SC_API_KEY <folder>

Or via environment variable:

export SCANOSS_SCAN_URL="https://api.scanoss.com/scan/direct"
scanoss-py scan --key $SC_API_KEY <folder>

The default is https://api.osskb.org/scan/direct (community KB). For the premium API, use https://api.scanoss.com/scan/direct

We already have an internal ticket (SP-3630) to improve this by accepting the base URL without requiring the full endpoint path. We'll update here when there's progress.

isasmendiagus avatar Dec 02 '25 14:12 isasmendiagus

For convenience and security reasons, I want scanoss-py to read the API URL and API key to be read from a file. How can I achieve this?

Regarding your original question, we had an internal ticket (SP-3677) to add support for a settings/config file.

We'll update here when there's progress on native config file support.

isasmendiagus avatar Dec 02 '25 14:12 isasmendiagus