Token Based Authentication for Django Rest Framework

Django is of the popular web development framework based on python having a large community and is used by many top websites presently. And Django Rest Framework, one of the most popular python package meant for Django to develop rest api’s and it made things really easier from authentication to responses each and everything. Some of the authentication which are used these days are :-

1. BasicAuthentication
2. TokenAuthentication
3. SessionAuthentication
4. RemoteUserAuthentication

And these are all provided by drf(django rest framework) and other than these like oauth, oauth2 based authentication are provided by the efforts of the community with help of other python packages. And they can be easily used in the production environment. So, let’s begin with our main target token based authentication in the Django.

We gonna follow these steps

1. Installing Django
2. Making the Django Project
3. Installing Django Rest Framework
4. Setup the Login Function and api route
5. Testing the Login api route
6. Using the Token to access authenticated Api

Installing Django

Make sure you have python 3, pip, virtualenv installed on you pc (Django 2.0 version have removed the support of python 2.x version).You can skip the steps till create-project if you already installed django installed on your system.

Create a project folder and run the command from terminal inside the folder

Virtualenv gives the virtual environment for python packages so that it won’t harm your global packages version

Then activate the virtualenv

You will see the (venv) written in the beginning of the command if it is activated. Now installing Django

Making the Django-project

Now we have installed the latest version of django in our virtualenv now make a project inside the same folder

A myproject folder is created having a manage.py file and myproject folder containing settings.py which containing all the settings of your project.

Installing Django-rest-framework

Now we would install django rest framework. Django rest framework is a library built over the django to make rest api’s. You make api’s using custom function using django but you will miss some security exception or some status or base issues.Django rest framework has already accounted these issues.So there is no worry before using. Moreover, it’s also contains the token based authentication which we gonna implement. Learning Django is easy and it helps you build web applications quickly.

Get more info about django-rest-framework at http://www.django-rest-framework.org/

Installing django rest framework

Update the settings.py file for the rest framework and token based authentication

we have added two things rest_framework and rest_framework.authtoken in the Installed apps

Please also the following configuration for the rest_framework in the settings.py file

The configuration is meant to change the default authentication and permission class of the rest framework. We are like very near to our end goal.

Setup the Login Function and api route

Now we write login function which returns the token associated with the user and make api route for the same using.

In the myproject folder create a views.py

Here we have created a login function which handled the POST request and get username and password as params and then authenticate them if they are correct then return the token if they are correct else return the not found response.

Now make api route for the same in the urls.py

map the /api/login route with our function.

Now, it’s time for testing the login api. But before that run migrations

Testing the Login api route

Before testing the login api route we have to make a user, you can make user either with the admin panel or using the command line, I am preferably going with the command line.

Now run the python app using runserver and let’s test the api using the postman. Postman is really great tool to test your rest api’s. You can download it here.

Let’s see how we test the api in postman

We are getting the auth token in the response, this token is used in the headers for calling the authenticated api’s. Let’s make a sample api which is authenticated and then try to access the api using the token. Add the following things in the views.py file

add the route for the same in the urls.py

Using the Token to access authenticated Api

Now we try to access the sample api without or with the token and see the response, first without token

We are blocked, now let’s do using the auth token

Yay, It works we are able to access the authenticated api.

So, you finally learned how to implement the token based authentication in the Django.

Please refer to https://github.com/ShubhamBansal1997/token-authentication-django to see the code. If you found any error please do mention in the comments.

Made with ❤

Tips Are Appreciated! 💰 😉

My Bitcoin address: bc1qysxlz0p9nlcyndeysqltdhelwpdhurglgxz96x

My Ethereum address: 0x42c98e296B27228d9ee84e519BEC8eE0d09cad30