---
title: Set up App and API Protection for Python in Docker
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > App and API Protection > Enabling App and API
  Protection > Enabling App and API Protection for Python > Set up App and API
  Protection for Python in Docker
---

# Set up App and API Protection for Python in Docker

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}

{% /callout %}

{% alert level="info" %}
You can enable App and API Protection for Python services with the following setup options:

1. If your Python service already has APM tracing set up and running, then skip to service configuration
1. If your Python service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's [Automatic Installation](https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/single-step-apm/docker/)
1. Otherwise, keep reading the following manual setup instructions

{% /alert %}

## Overview{% #overview %}

App and API Protection leverages the [Datadog Python library](https://github.com/DataDog/dd-trace-py/) to monitor and secure your Python service. The library integrates seamlessly with your existing application without requiring code changes.

For detailed compatibility information, including supported Python versions, frameworks, and deployment environments, see [Python Compatibility Requirements](https://docs.datadoghq.com/security/application_security/setup/python/compatibility).

This guide explains how to set up App and API Protection (AAP) for Python applications. The setup involves:

1. Installing the Datadog Agent
1. Enabling App and API Protection monitoring
1. Running your Python application with the Datadog Agent
1. Verifying the setup

## Prerequisites{% #prerequisites %}

- Docker installed on your host
- Python application containerized with Docker
- Your Datadog API key
- Datadog Python tracing library (see [version requirements](https://docs.datadoghq.com/security/application_security/setup/python/compatibility))

## 1. Installing the Datadog Agent

Install the Datadog Agent by following the [setup instructions for Docker](https://docs.datadoghq.com/agent/?tab=cloud_and_container).

## 2. Enabling App and API Protection monitoring
If your Python service already has APM tracing set up and running, you can automatically enable App and API Protection through Remote ConfigurationIf not, enable App and API Protection with the manual configuration instructions.navigation-menu{background:#f8f9fa;border:1px solid #e9ecef;border-radius:8px;padding:20px;margin:20px 0}.nav-container h3{margin-top:0;margin-bottom:15px;color:#333;font-size:1.1em}.nav-list{list-style:none;padding:0;margin:0}.nav-list li{margin-bottom:8px}.nav-list a{color:#06c;text-decoration:none;font-weight:500}.nav-list a:hover{text-decoration:underline;color:#049}
### Automatically enabling App and API Protection through Remote Configuration{% #automatically-enabling-app-and-api-protection-through-remote-configuration %}

You can enable services with remote configuration on your [services dashboard](https://app.datadoghq.com/security/configuration/asm/setup?services=recommended). Check the box for the service you want to enable App and API Protection for under Activate on your APM services.

### Manually enabling App and API Protection monitoring{% #manually-enabling-app-and-api-protection-monitoring %}

{% collapsible-section %}
#### APM Tracing Enabled

Add the following environment variables to your Dockerfile:

```dockerfile
# Install the Datadog Python tracing library
RUN pip install ddtrace

# Set environment variables
ENV DD_APPSEC_ENABLED=true
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_ENV=<YOUR_ENVIRONMENT>

# Use ddtrace-run to start your application
CMD ["ddtrace-run", "python", "app.py"]
```

{% /collapsible-section %}

{% collapsible-section %}
#### APM Tracing Disabled

To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false.

Add the following environment variables to your Dockerfile:

```dockerfile
# Install the Datadog Python tracing library
RUN pip install ddtrace

# Set environment variables
ENV DD_APPSEC_ENABLED=true
ENV DD_APM_TRACING_ENABLED=false
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_ENV=<YOUR_ENVIRONMENT>

# Use ddtrace-run to start your application
CMD ["ddtrace-run", "python", "app.py"]
```

{% /collapsible-section %}

## 3. Run your application

Build your image and then run your container.

When running your container, ensure you do the following:

1. Connect the container to the same Docker network as the Datadog Agent.
1. Set the required environment variables.

```bash
docker run -d \
  --name your-python-app \
  your-python-app-image
```

## 4. Verify setup

To verify that App and API Protection is working correctly:

1. Send some traffic to your application.
1. Check for security signals and vulnerabilities in the [Application Signals Explorer](https://app.datadoghq.com/security/appsec) in Datadog.

## Troubleshooting{% #troubleshooting %}

If you encounter issues while setting up App and API Protection for your Python application, see the [Python App and API Protection troubleshooting guide](https://docs.datadoghq.com/security/application_security/setup/python/troubleshooting).

## Further Reading{% #further-reading %}

- [How App and API Protection Works](https://docs.datadoghq.com/security/application_security/how-it-works/)
- [OOTB App and API Protection Rules](https://docs.datadoghq.com/security/default_rules/?category=cat-application-security)
- [Troubleshooting App and API Protection](https://docs.datadoghq.com/security/application_security/troubleshooting)