I'm trying to send a POST request through an endpoint with generic APIVIEW class. The response rendered through this post request needs to be paginated. The limit and offset parameters for pagination are passed in the same POST request body. How can same be implemented using the LimitOffsetPagination. I have seen seen various examples of pagination in GET requests but no luck on POST request.
Related
Am am currently using Postman to test the api results. I have been following the apostrophe headless docs, since am completely new to this. so what i need is to submit a post request in Postman to add a piece and its fields from REST api. I have got the bearer token and login was success. but when i insert a piece with body as JSON schema. am getting a error message.
May be the way am doing is wrong. so can one one help me in Making a post request to add piece and fields through POSTMAN atleast?
I did not understand the question quite right. You should add some of your inputs, error message, url, pics and etc. to clarify the problem.
However, if you need an example to how to use postman to make a POST request, it's like this:
Select the POST method and insert the API URL (The landing url for POST method not the view and etc.)
Go to headers Tab and add the Authorization token to header
Select the Body tab; Then raw type and finally JSON type. Now insert the Json body and click Send.
You can see the result of webservice call on the top of response window. If it returned 200, everything was OK.
I have set up a webhook to receive POST requests from the Active Campaign API in order to update my CRM data.
The problem is that Active Campaign doesn't send any token or credential information with the POST request, so I cannot be sure that the request is really coming from them.
Is there a way in Django to check where the request is coming from, in order to prevent anyone from sending POST data to this webhook?
Preface
I have a django project. I've wired it up so it serves a bunch of views for a bunch of models. Now I want to add an endpoint which just dumps a good fraction of the database out as json.
The way I would assume you do this is add a URL to a view class / method which returns a HTTPResponseObject full of json. Unfortunately, after quite a bit of googling, all I can find are references to Django REST framework. This is the sort of thing you would think Django would provide internally not as part of an external plugin library. But searching the django docs doesn't yield an immediate answer -- I don't think there are any docs about how to build an endpoint which just serves a bunch of json.
Questions:
Do I really need "Django REST framework" to serve json in django?
Did I overlook docs in Django for serving json?
What is the canonical way to serve json in a django project?
After more googling, I found what I was looking for in the Django docs:
JsonResponse
from django.http import JsonResponse
return JsonResponse({'foo':'bar'})
I think googling using the word "REST" was kind of a red herring which made the search space always direct my queries towards "Django REST framework" which is not what I wanted, though I do want to add a RESTful API.
You can write GET API using this method, but for POST method this will not work.
For Post method we need to use some REST Library.
POST Method will check for CSRF token in the cookies and where it fails to execute the request, as your django server will treat this request as forged.
You should go with Django Rest Framework but if you want to do it yourself then:
For POST request, if the client is sending you data as JSON, then you can use the json module to read the data from the request body.
import json
def add_new_user(self, request):
data = request.body.decode('utf8')
data = json.loads(data)
If plain name/value pair is sent, then use request.POST or request.GET
Use JsonResponse to send the response
After authentication, the server usually send a token to the client. The client then sends that token when sending a request to 'protected' api end-point. A custom header (like auth_token) is used to send the token.
In the server code, you need to do something like
request.META['HTTP_AUTH_TOKEN'] to get the token (see Custom HTTP Header in Django)
There are more things to consider like CSRF token or JWT.
See this site for a complete example https://jee-appy.blogspot.com/2018/02/make-rest-api-django.html. Be warned, it use old version of django.
I'm sending a POST request to Django view using isomorphic fetch.
body : "{"email":"admin#example.com","password":"11"}"
credentials : "same-origin"
headers :
Accept : "application/json"
Content-Type : "application/json"
X-CSRFToken : "mudIfipiyLUao2ZWwoEotFOUknYeVpZASNpQQ2IdadRVOe0a9n5tUqcKzwtrDuWX"
method : "POST"
When I send this request to DRF view, I can read the data using request.data. However when I send the same data to Django view, request.POST is empty.
What could be the reason?
It appears that isomorphic fetch is probably not playing a critical role in why request.POST is empty but rather that request.POST only seems to be populated by form data, not JSON data. This is supported by this quote from the Django REST Framework docs:
It (request.data) supports REST framework's flexible request parsing, rather than just supporting form data
Also, note the advice from Malcom Tredinnick:
If you're doing REST-based web service stuff ... you should ignore request.POST
This is in reference to the fact that DRF handles a lot of stuff behind the scenes for you such as serializing things and assigning to different variables and by inter-operating with the pure Django equivalents you may get weird results.
I used Django Tastypie to build my api and i'm thinking in the correct way to create a login form so the user can login in the application, right now what I do is send a GET request with username/password he submited in the form as filtering options, but i'm pretty sure thats not secure at all. How can i do the same using POST request?
When i open the console with firebug:
GET URL/app/api/v1/user/?email=USER&password=PASS
Api-Auth and Content-Type are on the header.
#leosilvano
Don't handle user authentication and authorization using angular js not that its impossible but just that its not too secure and implementing also take some effort when Django's provides something which far easy than this.
I happen to be using django + angularjs + tastypie (REST API ). If you like take a look at my way of implementation.
Include your index.html of the angularJs in your templates ( Django Templates ) and place your directives, controllers, js, css and etc in the static folder ( Django Static ). Make your API calls after the auth processes. This will work seamlessly and you will run into less issues as well.
Reasons:
user_auth models becomes so handy while registering and logging in using templates and you don't need to sweat trying to write your own authentication which i'm sure you have to do when you go with Angular Js login auth implementation.
Use of decorators like for a view lets say "profile" if you need to check if the user is logged in all you need to do it something like the following
#login_required(login_url='/login/')
def profile(request):
return render_to_response('profile.html')
Passing password through "GET" is bad .. and passing auth values through "POST" and getting it via JSON .. is also not a good idea. Because you will be susceptible to middle-man attacks ..
Remember you have to take measures for CORS requests when using Angularjs for login since anyone can view the json response and they will be able to reproduce the same structure. Implementing Perm-Mixins and Groups is way more easier when using Django templates.
Handling exceptions like 404 or if you want to handle only post requests and thereby take user to a custom page ( actions like redirect ) becomes difficult. I am aware of SPA's but still if there happens to be redirection .. in my case i needed to redirect to another site. Following shows how simple it can be achieved including http statuses.
if request.method != 'POST':
return HttpResponseNotFound(render_to_response('404.html', { 'message' : 'Only POST Requests are allowed for authentication process.', 'baseurl' :request.build_absolute_uri('/').rstrip('/')}))
Solution:
Use Angular Js and REST (Tastypie) interaction to happen after you login. Use Django template for login authorization. Make use of the django modules .. it saves a lot of time.
If you still want to login using REST API .. by send post to django .. please take a look at the following post
How can I login to django using tastypie
You can POST data using the $http module
Just do:
$http.post(url, data)
Always send authentication data through https or your password will be sent in clear text.