Skip to content

Client

VARSClient is the main entry point: it resolves a ConfigProvider's endpoints once, then wires each generated service client to a Kiota RequestAdapter with the auth provider appropriate for that service.

from vars_client.client import VARSClient
from vars_client.config import RazielConfigProvider

config = RazielConfigProvider("https://raziel.example.org", "user", "password")
client = await VARSClient(config).connect()

connect()

connect() does the actual endpoint resolution and client construction, and returns self so it can be chained with the constructor as above. It's async because resolving endpoints may itself be a network call (e.g. RazielConfigProvider).

Attributes

After connect(), use whichever of these your ConfigProvider returned an endpoint for — anything else is left as None:

Attribute Type
client.annosaurus AnnosaurusClient
client.vampire_squid VampireSquidClient
client.oni OniClient
client.panoptes PanoptesClient
client.beholder BeholderClient
client.raziel RazielClient
client.skimmer SkimmerClient

client.raziel is only populated when the ConfigProvider passed in is a RazielConfigProvider — it reuses that provider's already-authenticated (or anonymous) session rather than requiring a separate set of credentials.

Each of annosaurus, vampire_squid, oni, and panoptes is a full Kiota-generated client with a fluent API mirroring its OpenAPI paths, e.g.:

health = await client.annosaurus.v1.health.get()
await client.oni.v1.phylogeny.taxa.get()

client.beholder and client.raziel work the same way. client.skimmer is the hand-written Skimmer URL builder, not a Kiota client.

Anonymous access

An endpoint with no secret isn't an error — connect() builds that service anonymously (no Authorization header at all) instead of refusing to connect. This matches how VARS' services are actually secured: every read endpoint on Annosaurus, Vampire Squid, Oni, and Panoptes works without auth, only writes need a Bearer token. So you can get a fully read-capable client with zero credentials:

from vars_client.config import StaticConfigProvider

config = StaticConfigProvider.from_dict({
    "annosaurus": {"url": "https://annosaurus.example.org"},  # no secret
})
client = await VARSClient(config).connect()

await client.annosaurus.v1.health.get()  # works anonymously

If you then attempt a write with no secret configured, it fails at that call with the server's 401/403 — not eagerly at connect().

Beholder is the exception: every capture endpoint requires its key, only /health doesn't, so an anonymous Beholder client is of limited use.

RazielConfigProvider follows the same rule: omit username/password and it discovers endpoints anonymously from /config/endpoints, which still works but omits each entry's secret — see Auth.