- Notifications
You must be signed in to change notification settings - Fork106
🔐 API key permissions for Django REST Framework
License
florimondmanca/djangorestframework-api-key
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
API key permissions for theDjango REST Framework.
Django REST Framework API Key is a library for allowing server-side clients to safely use your API. These clients are typically third-party backends and services (i.e.machines) which do not have a user account but still need to interact with your API in a secure way.
- ✌️Simple to use: create, view and revoke API keys via the admin site, or use built-in helpers to create API keys programmatically.
- 🔒As secure as possible: API keys are treated with the same level of care as user passwords. They are only visible at creation and hashed before storing in the database.
- 🎨Customizable: satisfy specific business requirements by building your own customized API key models, permission classes and admin panels.
There are important security aspects you need to consider before switching to an API key access control scheme. We've listed some of these inSecurity caveats, including serving your API over HTTPS.
Besides, seeWhy and when to use API keys for hints on whether API keys can fit your use case.
API keys are ideal in the following situations:
- Blocking anonymous traffic.
- Implementing API key-basedthrottling. (Note that Django REST Framework already has may built-in utilities for this use case.)
- Identifying usage patterns by logging request information along with the API key.
They can also present enough security for authorizing internal services, such as your API server and an internal frontend application.
Please note that this package is NOT meant for authentication. You should NOT use this package to identify individual users, either directly or indirectly.
If you need server-to-server authentication, you may want to consider OAuth instead. Libraries such asdjango-oauth-toolkit can help.
Install withpip:
pip install"djangorestframework-api-key==3.*"Note: It is highly recommended topin your dependency to the latest major version (as depicted above), as breaking changes may and will happen between major releases.
Add the app to yourINSTALLED_APPS:
# settings.pyINSTALLED_APPS= [# ..."rest_framework","rest_framework_api_key",]
Run the included migrations:
python manage.py migrate
To learn how to configure permissions and manage API keys, head to theDocumentation.
SeeCHANGELOG.md.
SeeCONTRIBUTING.md.
MIT
About
🔐 API key permissions for Django REST Framework
Topics
Resources
License
Contributing
Security policy
Uh oh!
There was an error while loading.Please reload this page.