Menu
My aim is to restrict access to API for client applications by specifying API Key. Various services allow you to access their API by means of secret Key, which you have to get in order to perfom requests.
Note: this is not related to user auth.
Is there any straightforward solution to do this in django rest framework? Or just to pass the key in request header and then manually handle it?
Regards
479
To obtain a new API Key and API Secret, log in to your SendSafely account and go to the Edit Profile page. From there you should see an API Access Keys section that allows you to manage your API Keys.
Django REST Framework API Key is a library for allowing server-side clients to safely use your API. These clients are typically third-party backends and services (i.e. machines) which do not have a user account but still need to interact with your API in a secure way.
Use the TokenAuthentication class, as documented here.
You'll also want to setup appropriate permissions, probably using the IsAuthenticated class.
Edit: Apologies - re-reading you post it looks like you want a global secret key, not a per-user one. I'd suggest a custom permission class that checks for the request header and fails if it's not present/not correct.
191
There is a third party app now for this purpose called django-rest-framework-api-key.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
