Secret API key for accessing Django REST framework
Solution 1
Use the TokenAuthentication
class, as documented here.
You'll also want to setup appropriate permissions, probably using the IsAuthenticated class.
Edit: Apologies - re-reading you post it looks like you want a global secret key, not a per-user one. I'd suggest a custom permission class that checks for the request header and fails if it's not present/not correct.
Solution 2
There is a third party app now for this purpose called django-rest-framework-api-key.
Related videos on Youtube
Araz Abishov
Updated on September 16, 2022Comments
-
Araz Abishov over 1 year
My aim is to restrict access to API for client applications by specifying API Key. Various services allow you to access their API by means of secret Key, which you have to get in order to perfom requests.
Note: this is not related to user auth.
Is there any straightforward solution to do this in django rest framework? Or just to pass the key in request header and then manually handle it?
Regards
-
Silko over 7 yearsHave you managed to solve this? I wonder if you can share an example maybe? Thank you.
-
-
Araz Abishov over 9 yearsFirst of all, thank you very much for creating such wonderful tool like django-rest-framework :) It seems to be exactly what I was searching for. I will try to implement custom permission and come back with it here. Many thanks again :)
-
Chozabu almost 8 yearsI think @ArazAbishov is aiming to setup a system similar to FaceBooks API - an alternative/extension to user auth - so a "client" can create an application on his system, then send requests on the behalf of users, but still tied to their application, limited to the permissions that app is granted
-
Noopur Phalak almost 2 yearsAccording to their github page, it does only support python upto
3.5
. The latest versions like3.8
,3.9
and3.10
are not supported.