Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Api key and Django Rest Framework Auth Token

I'm already using build-in Django rest auth token and I plan to release an other api that will be called by an external integrations to call some action in my Django application. The issue is that I want to generate an other token for this external api call that must be separate from auth system (f.i. like Mandrill API Keys or Github Personal Access Token). Is it a good solution to generate api keys from Django rest framework authtoken Model ?

External api token:

  • must never expire (it could expire in a session auth system)
  • could be linked to user but not required (if linked to account)
  • could be revoked and reactivated

Do you have any experience with releasing api keys ?

Is it any best practice recommended by Django Rest Framework ?

Thank you ;)

like image 619
jsan Avatar asked Mar 21 '16 15:03

jsan


People also ask

How do you get auth tokens in Django?

Request an Auth Token in Django REST FrameworkThe Django REST Framework will provide an endpoint so that the user can request a Token for authentication with their password and username. It won't handle GET requests. It will inform you to use POST request with username and password. Try this command.

How do I create register and login API using Django Rest Framework and token authentication?

Login Logout API Authentication using Django Rest Framework We have already create a app with name accounts. Inside this app we will create our LoginView. Note – login(request, user) line in above code, will also create session based authentication with token based authentication. That's it.

How does token authentication work in Django Rest Framework?

Token authentication refers to exchanging username and password for a token that will be used in all subsequent requests so to identify the user on the server side.

How do I use authentication token in REST API?

Users of the REST API can authenticate by providing a user ID and password to the REST API login resource with the HTTP POST method. An LTPA token is generated that enables the user to authenticate future requests. This LTPA token has the prefix LtpaToken2 .


1 Answers

The djangorestframework-api-key library may be a better option currently.

From the docs:

Django REST Framework API Key is a powerful library for allowing server-side clients to safely use your API. These clients are typically third-party backends and services (i.e. machines) which do not have a user account but still need to interact with your API in a secure way.

It's a well-supported and simple-to-use way of releasing new API keys manually or programatically for Django REST Framework projects.

Simplest integration:

# settings.py

INSTALLED_APPS = [
  # ...
  "rest_framework",
  "rest_framework_api_key",
]
python manage.py migrate
# settings.py
REST_FRAMEWORK = {
    "DEFAULT_PERMISSION_CLASSES": [
        "rest_framework_api_key.permissions.HasAPIKey",
    ]
}

Then you can create new API keys through admin interface or programatically through the rest_framework_api_key.models.APIKey object.

Edit: Tokens can be revoked as well

like image 94
errolflynn Avatar answered Oct 09 '22 21:10

errolflynn