Skip to content

Mopsan/djangorestframework-api-key

BranchesTags
ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

239 Commits

.github/ISSUE_TEMPLATE

.github/ISSUE_TEMPLATE

ย 
ย 

ci

ci

ย 
ย 

docs

docs

ย 
ย 

scripts

scripts

ย 
ย 

src/rest_framework_api_key

src/rest_framework_api_key

ย 
ย 

test_project

test_project

ย 
ย 

tests

tests

ย 
ย 

.gitignore

.gitignore

ย 
ย 

CHANGELOG.md

CHANGELOG.md

ย 
ย 

CONTRIBUTING.md

CONTRIBUTING.md

ย 
ย 

LICENSE

LICENSE

ย 
ย 

MANIFEST.in

MANIFEST.in

ย 
ย 

README.md

README.md

ย 
ย 

mkdocs.yml

mkdocs.yml

ย 
ย 

requirements.txt

requirements.txt

ย 
ย 

setup.cfg

setup.cfg

ย 
ย 

setup.py

setup.py

ย 
ย 

Repository files navigation

Django REST Framework API Key

API key permissions for the Django REST Framework.

python versions django versions drf versions

Introduction

Django REST Framework API Key is a library for allowing server-side clients to safely use your API. These clients are typically third-party backends and services (i.e. machines) which do not have a user account but still need to interact with your API in a secure way.

Features

  • โœŒ๏ธ Simple to use: create, view and revoke API keys via the admin site, or use built-in helpers to create API keys programmatically.
  • ๐Ÿ”’ As secure as possible: API keys are treated with the same level of care than user passwords. They are hashed using the default password hasher before being stored in the database, and only visible at creation.
  • ๐ŸŽจ Customizable: satisfy specific business requirements by building your own customized API key models, permission classes and admin panels.

Should I use API keys?

There are important security aspects you need to consider before switching to an API key access control scheme. We've listed some of these in Security caveats, including serving your API over HTTPS.

Besides, see Why and when to use API keys for hints on whether API keys can fit your use case.

API keys are ideal in the following situations:

  • Blocking anonymous traffic.
  • Implementing API key-based throttling. (Note that Django REST Framework already has may built-in utilities for this use case.)
  • Identifying usage patterns by logging request information along with the API key.

They can also present enough security for authorizing internal services, such as your API server and an internal frontend application.

Please note that this package is NOT meant for authentication. You should NOT use this package to identify individual users, either directly or indirectly.

If you need server-to-server authentication, you may want to consider OAuth instead. Libraries such as django-oauth-toolkit can help.

Quickstart

Install with pip:

pip install "djangorestframework-api-key==2.*"

Note: It is highly recommended to pin your dependency to the latest major version (as depicted above), as breaking changes may and will happen between major releases.

Add the app to your INSTALLED_APPS:

# settings.py

INSTALLED_APPS = [
  # ...
  "rest_framework",
  "rest_framework_api_key",
]

Run the included migrations:

python manage.py migrate

To learn how to configure permissions and manage API keys, head to the Documentation.

Changelog

See CHANGELOG.md.

Contributing

See CONTRIBUTING.md.

License

MIT

About

๐Ÿ” API key permissions for Django REST Framework

florimondmanca.github.io/djangorestframework-api-key/

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

19 tags

Packages

No packages published

Languages

  • Python 93.3%
  • Shell 6.7%