Adding an Allowlist to Your Agent
Last updated
Last updated
This is part of the Developer Tutorial, but for clarity it's been added here as well.
Allowlists make it easy for your to control who can send requests to our agent. This is useful for both preventing spam as well as ensuring that, if you wish, only your customers can access your agent.
This all comes down to the fact that our xmtp-service.js
sends the address of the message sender in the API request to the FastAPI app. This is sent as a header argument called "Sender," so to access the header we need to modify our route to accept a Request model:
Now we can use the header, but we need to impose some rules on it before we actually write our whitelisting logic. We don't want the sender address to be invalid.
Great, now we can be sure that the sender
variable is going to actually have a valid sender address. I am now going to create a whitelisting function called check_whitelist
that uses neynar.com APIs to make this agent only available to addresses which have been associated with a farcaster.xyz account.
We need to import time
as a module and set a variable neynar_key
, then we can use this check_whitelist
function:
Now before we go any further, I am going to my fly.io dashboard and set a new secret for NEYNAR_SQL_API_KEY
.
Great. We can go back to our code and see where in our /entry route we can use our whitelist function.
I am going to add the logic right after our simple validation logic for the sender address, and have it throw a 400 error if the sender address is not in the whitelist:
Now I am going to save this new main.py
and deploy it to fly using fly deploy
. Then it's time to test the app by sending a message from my XMTP address which is also an address I use for my farcaster account:
It looks like that worked. Now I will try messaging the agent using an address that is brand new:
You can see our message was successfully blocked using our new whitelist logic.