The types of available authentication include:

  • BasicAuthentication: This class provides an HTTP basic authentication against a username and a password.
  • SessionAuthentication: This class works with Django’s session framework for authentication.
  • TokenAuthentication: This class provides a simple token-based authentication. The request must include the token generated for a user as the value for the Authorization HTTP header key with the 'Token ' string as a prefix for the token.

We shouldn’t use an HTTP basic authentication or a simple token-based authentication over plain HTTP in a production environment.

Permissions use the authentication information included in the request.user and request.auth attributes to determine whether the request should be granted or denied access. Permissions allow us to control which types of users will be granted or denied access to the different features, methods, resources, or resource collections of our RESTful Web Service.

Install DRF:

Enter your virtualenv

cd project
. venv/bin/activate

Install DRF:

pip3 install install djangorestframework

Now in settings.py, add to INSTALLED_APPS:

INSTALLED_APPS = [
    ...
    'rest_framework',
    'rest_framework.authtoken',     # Token authentication 
]

Also add an object:

REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 10,
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (        
        'rest_framework.authentication.TokenAuthentication',       
    ),
    'DEFAULT_FILTER_BACKENDS': ( 
        'django_filters.rest_framework.DjangoFilterBackend', 
        'rest_framework.filters.OrderingFilter', 
        'rest_framework.filters.SearchFilter', 
        ), 
}

Apply any necessary migrations with:

./manage.py migrate

My models.py:

from django.db import models
from django.utils import timezone

# Create your models here.
class ShortLink(models.Model):
    id = models.AutoField(primary_key=True, unique=True)
    short_link = models.CharField(max_length=15, unique=True)
    long_link = models.CharField(max_length=500, unique=True)
    created_at = models.DateTimeField(default=timezone.now)
    modified_at = models.DateTimeField(default=timezone.now)
    owner = models.ForeignKey( 
        'auth.User',  
        related_name='shortlinks', 
        on_delete=models.CASCADE) 

    def __str__(self):
        return self.short_link

In urls.py:

from django.urls import include, path
from rest_framework import routers
from rest_framework.authtoken.views import obtain_auth_token
from . import views

router = routers.DefaultRouter()

urlpatterns = [
    path('', include(router.urls)),
    path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),
    path('api-token-auth/', obtain_auth_token, name='api_token_auth'),  
    ]

Add your Serializer to serializers.py:

from django.db import models
from rest_framework import serializers
from shorten.models import ShortLink

class ShortLinkSerializer(serializers.ModelSerializer):
    class Meta:
        model = ShortLink
        fields = [
            'id', 
            'short_link', 
            'long_link', 
            'created_at', 
            'modified_at',
        ]

Add your view to views.py:

from django.shortcuts import render
from rest_framework import viewsets
from shorten.models import ShortLink
from .serializers import ShortLinkSerializer

# Create your views here.
class ShortLinkViewSet(viewsets.ModelViewSet):
    queryset = ShortLink.objects.all()
    serializer_class = ShortLinkSerializer