Python - Requests Library - How to ensure HTTPS requests

Question

This is probably a dumb question, but I just want to make sure with the below.

I am currently using the requests library in python. I am using this to call an external API hosted on Azure cloud.

If I use the requests library from a virtual machine, and the requests library sends to URL: https://api-management-example/run, does that mean my communication to this API, as well as the entire payload I send through is secure? I have seen in my Python site-packages in my virtual environment, there is a cacert.pem file. Do I need to update that at all? Do I need to do anything else on my end to ensure the communication is secure, or the fact that I am calling the HTTPS URL means it is secure?

Any information/guidance would be much appreciated.

Thanks,

Answer 1

1. A HTTPS is secure with valid signed certificate. Some people use self signed certificate to maintain HTTPS. In requests library, you explicitly verify your certificate. If you have self-signed HTTPS then, you need to pass the certificate to cross verify with your local certificate.

• verify = True

import requests

response = requests.get("https://api-management-example/run", verify=True)

• Self Signed Certificate

import requests

response = requests.get("https://api-management-example/run", verify="/path/to/local/certificate/file/")