Now, let's follow the example I presented in the previous article where we create application that helps to manage the things we borrow to other people. Have a look at the DRF documentation to learn more about default permissions classes.ĭetermining permissions is based on request analysis and returning bool value (True / False). This description is too detailed for our purposes (it's worth returning to it after the end of this series of articles).Ĭlass MyViewSet (viewsets. Unfortunately, we can't use this mechanism in mobile applications where it's much more common to log in with a token: when running the application, we provide login details, the application connects to the API that generates the token, and the token is saved, so users don't have to remember the login and password - or have their device remember them and expose them to risk.ĭRF provides a token authentication mechanism, and you can read about it in the documentation. In the case of the former, all we need is a standard session support mechanism provided by Django and supported by the DRF by default. We can distinguish two dominant groups among REST API use cases: (1) single-page applications (SPA) that take advantage of the browser's capabilities, and (2) mobile applications.
#Django rest framework apiview how to#
This time, I'll show you how to log in to the API and how to regulate permissions.īe sure to catch up with the work we’ve completed in other parts of the series: In the previous article in this series, I showed you how to prepare an API that implements basic CRUD on objects quickly.
0 kommentar(er)
