Basic Authentication is a simple authentication mechanism in Django Rest Framework that authenticates incoming HTTP requests by checking the provided credentials, such as a username and password, encoded in base64.
To use Basic Authentication in Django Rest Framework, you can add the following to your settings.py file:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.BasicAuthentication',
]
}
With this configuration, all incoming requests to your API will be authenticated using Basic Authentication. If a request doesn’t provide a valid username and password, the request will be rejected with a 401 Unauthorized status code.
You can also use Basic Authentication on a per-view basis by specifying the authentication class in the view:
from rest_framework import generics
from rest_framework.authentication import BasicAuthentication
class MyView(generics.ListAPIView):
authentication_classes = [BasicAuthentication]
...
In this example, only the MyView class will use BasicAuthentication for authentication. Other views in your API will not be affected by this setting.
A simple project to demonstrate Basic authentication in DRF:
1. Create a new Django project and install Django Rest Framework:
$ django-admin startproject authentication_project
$ cd authentication_project
$ pip install djangorestframework
2. Add the rest_framework to the INSTALLED_APPS list in authentication_project/settings.py:
INSTALLED_APPS = [ ... 'rest_framework',]
3. Create a new Django app for your API:
$ python manage.py startapp api
4. Create a serializer for your model in api/serializers.py:
from django.contrib.auth.models import User
from rest_framework import serializers
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'email')
5. Create views for your API in api/views.py:
from django.contrib.auth.models import User
from rest_framework import generics
from .serializers import UserSerializer
class UserList(generics.ListCreateAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
class UserDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
6. Add the URL patterns for your views in authentication_project/urls.py:
from django.urls import path, include
from api.views import UserList, UserDetail
urlpatterns = [
path('users/', UserList.as_view(), name='user-list'),
path('users/<int:pk>/', UserDetail.as_view(), name='user-detail'),
]
7. Add the authentication classes to your settings.py file:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.BasicAuthentication',
]
}
8. Run the migrations
$ python manage.py migrate
9. Create a superuser:
$ python manage.py createsuperuser
10. Start the development server:
$ python manage.py runserver
You should now be able to access the API at http://localhost:8000/users/. Enable Basic Authentication to require a valid username and password for accessing the API.
Github link
