Customize permissions to your APIs like a PRO

Grant access to endpoints using Django Rest Framework

It’s very common in web applications that we have to develop modules that must be accessible only for certain users. This permission’s management can be as simple as letting the correct user access their profile, or more complex like creating a back office that the administrators of the platform will use to view, add, change or delete data.

In this article we will go through some tips and tricks we can use to master the art of limiting the access to our application’s resources.

There are some ideas that I will skip to keep this post short, like the basis of Django or what an API is, so maybe you will have to google some concepts throughout the article.

Previous comments

First of all, I would like to mention some thoughts and tools that I find pretty handy at the time of building an API.

Responses’ status codes

I think that using the correct status code, based in the standard list, when returning a response after an API call is such a valuable and smart thing to do, but frequently this good practice is underestimated.

It’s a great way of communicating the client what’s going on in the backend, without giving…