We have a use case where the django backend api endpoint has to take a [[ids], [ids], [ids]] as the GET endpoint input, any idea how to handle this in Django rest framework?
Related
I need to build a frontend django application that will need to authenticate users via the other internal API built using DRF/Djoser (backend API).
The backend API (DRF) allows Session and Token Authentication at the moment. It is built using Django REST Framework/Djoser auth package and has all the common auth endpoints like login, logout, token, etc.
My task is to build a frontend app that will authenticate users via the backend API and let the users to do common CRUD operations (I guess by calling the endpoints on the backend API). I am not clear about how to handle the auth - via Django views or via AJAX calls to the backend API endpoints. Does it need to be SessionAuth or TokenAuth? The more I research this topic, the more I get confused :)
Any help/direction is much appreciated.
IS there any way to disable DJANGO ALLOWED_HOST check on particular API URL,
We want to allow API requests from list of websites(HOSTS), but there is RFID reader machine which will also be writing data on our DJANGO server using REST API and we want to make only that particular REST API URL public and other REST APIs should be allowed as ALLOWED_HOST check of DJANGO.
I've deployed a Django API powered with Django Rest Framework with some open endpoints and some Authenticated endpoints using Token authentication.
Which is the best way to protect the entry API allowing only to send request from the app frontend team?
I was thinking to use an Nginx basic auth, but then the Authorization header is duplicated, so Token auth is not working.
You could filter the access in your API by filtering the IP address in case that the frontend team uses a static one (e.g. ALLOWED HOSTS).
Moreover, you could add the users of the frontend team in a specific group or provided the same role and filter the access by implementing a reusable custom DRF permission.
An other option could be the usage of a custom HTTP header or an API key (e.g. X-API-KEY header).
I have an Angular app that consume API client side. Since it's bad practice to do so (I don't want to expose my API credentials), I decided to split into backend/ frontend before myapp get to big.
I succeed to implement my Angular into a Django REST framework app and everything is working fine.
But now I need to change my API logic and have DRF consume the external API
I had:
Angular <---API---> ext data
Now I have:
Django/ Angular <---API---> ext data
What I need:
Angular <---API---> Django <---API---> ext data
But I am very confused about how to accomplish it. I have experience with setting up API endpoints in DRF, but only for data from models within DRF. I know as well how to consume API in Django.
But how can I chain two API calls?
Do I have to create a model to store the queries and then the response?
Do I need to write serializers even if the returned data is json all the way?
How my frontend will now that the data from the external API is available?
What I need is someone to explain me what is the pattern for this task.
Say you have a FBV mapped to an URL in django like this:
url: /api/animals/<str:key>
#add_decorators_as_needed
def animals_view(request, key=None):
data = requests.get(f'{API_URL}/{key}?api_key={API_KEY}') # grab data from ext provider
json_data = ... # convert to json or do other manipulations
return json_data # return data to the frontend
Then in the frontend, your Angular app, you can execute a get request to this /api/animals/cow url of your django app and retrieve the data for a cow from the external provider without exposing your API_KEY.
So the flow would be like this:
Angular requests data from Django, Django gets that data from the external provider, does some data processing if required and then returns that data to Angular. You do not have to store anything in the database (but you can of course do it or for example log things, it's optional).
I will roughly describe the problem:
I have a React.js application, which authenticates using IDAM and receives a token. I can use this token to make requests to the backend API. Everything is fine regarding the interaction React.js <-> API.
Now I need to redirect to a Django application from the React.js application. I already have the authentication token, and I want to pass it to the Django application. I was thinking about putting the authentication header when doing window.open to open the Django url, but I realize that it is not possible to put headers with window.open.
How can I pass the authentication headers when opening a new url?
NOTE
The API and the Django application are not related (they are different applications).
The API is a REST API (implementation irrelevant), used by the React.js frontend to request data.
The Django application is "normal" Django application (no DRF), unrelated to both the API and the React.js frontend
I recommend using REST API or Graphql, then consume the APIs from React. The POST, GET, DELETE, etc methods must send X-Token header with the http call. The backend must verify the token, if token is valid, and role has the required privileges, then your backend serves the API.