Django Tastypie: How to Authenticate with API Key
Add the username and api_key parameters to your GET variables. Make sure that you have the
curl http://localhost:8000/api/v1/books/?username=issackelly\&api_key=123456789adfljafal
Make sure to follow the other instructions from teh docs when setting it up:
ApiKeyAuthentication
As an alternative to requiring sensitive data like a password, the ApiKeyAuthentication allows you to collect just username & a machine-generated api key. Tastypie ships with a special Model just for this purpose, so you'll need to ensure tastypie is in INSTALLED_APPS.
Tastypie includes a signal function you can use to auto-create ApiKey objects. Hooking it up looks like:
from django.contrib.auth.models import User
from django.db import models
from tastypie.models import create_api_key
models.signals.post_save.connect(create_api_key, sender=User)
Related videos on Youtube
Jason Goldstein
Experienced Front End and Python/Django Developer, Product Leader and Engineering Manager.
Updated on June 04, 2022Comments
-
Jason Goldstein almost 2 years
I'm making an internal API with TastyPie. I have
from tastypie.authentication import ApiKeyAuthentication class MyResource(ModelResource): Meta: authentication = ApiKeyAuthentication()
With Auth rules disabled, my API works great. With it on, I get a 401 (UNAUTHORIZED) response no matter what I try.
I'm sure this is one of those things that's really obvious once you've see it in action, but in the meantime, please advise how to to make the request (a GET).
-
Jason Goldstein over 12 yearsPerfect. It's always the little things. Thanks.
-
iJK almost 12 yearsYour model resource should also allow for filtering on the field username. readthedocs.org/docs/django-tastypie/en/latest/…
-
mab over 11 yearsAlso make sure, that the shell is not interpreting the & of ..&api_key.. as backgrounding the command. Surrounding the URL with "" or escaping & with \& helped for me.
-
megido over 11 yearswhere do I get the APIKey when sending the request to the server??
-
Dor about 10 yearsSo instead of sending the password, I'll be sending an API key, which allows MITM attackers to do the same things as a password would allow them?
-
Andre Gallo about 10 yearsTwo things @Dor. 1) Use SSL. 2) Presumably your API key has different access than your password. Potentially SSL + password access (BasicAuth) is good for many applications. Otherwise consider something like OAuth if third parties are writing applications.
-
Chesco Igual over 9 yearsIn this question you will see how to get the ApiKey: stackoverflow.com/questions/25552577/…
-
Radek over 7 yearsActually this: "curl localhost:8000/api/v1/books/?username=issackelly\&api_key=123456789adfljafal " did not work for me but when I removed the slash after "issackelly" the user "\" it started working.