Token Authentication in Django Rest Framework: a Guide

Authentication is a fundamental aspect of web applications, ensuring that only authorized users can access protected resources. In Django Rest Framework (DRF), Token Authentication is a popular method for securing RESTful APIs. In this blog post, we’ll explore Token Authentication in DRF, its benefits, and how to implement it in your Django project.

  1. Token Authentication: Provides stateless token-based authentication for secure API access.
  2. Session Authentication: Integrates with Django’s session-based authentication for web and API security.
  3. Basic Authentication: Uses username and password for simple API authentication.
  4. Remote User Authentication: Method of authenticating users in Django where user credentials are managed by a separate authentication system

What is Token Authentication?

Token Authentication is a stateless authentication mechanism that allows clients to authenticate with a server using a unique token.. Instead of sending credentials (such as a username and password) with each request, clients obtain a token upon initial authentication. This token is then sent with subsequent requests to access protected resources. Token Authentication is commonly used in RESTful APIs because it is scalable, secure, and doesn’t rely on sessions or cookies.

Implementing Token Authentication in Django Rest Framework:

Let’s walk through the steps to implement Token Authentication in a Django Rest Framework project.

Step 1: Install Django Rest Framework and Configure It

If you haven’t already, install DRF using pip:

pip install djangorestframework

Next, add ‘rest_framework.authtoken’ to your Django project’s settings:

    # ...

Step 2: Create a Serializer and ViewSet

Define a serializer to serialize your data and a ViewSet to handle CRUD operations. Here’s an example using a simple “Task” model:

from rest_framework import serializers, viewsets
from .models import Task

class TaskSerializer(serializers.ModelSerializer):
    class Meta:
        model = Task
        fields = '__all__'

class TaskViewSet(viewsets.ModelViewSet):
    queryset = Task.objects.all()
    serializer_class = TaskSerializer

Learn more on How to create CRUD Operations using Django Viewsets.

Step 3: Configure URLs

Create URL patterns for your API views, similar to the Basic Authentication example:

from django.urls import path, include
from rest_framework.routers import DefaultRouter

router = DefaultRouter()
router.register(r'tasks', TaskViewSet)

urlpatterns = [
    path('', include(router.urls)),

Step 4: Enable Token Authentication

In your project’s settings, specify Token Authentication as the default authentication class:


Step 5: Create Tokens for Users

To use Token Authentication, users must have tokens associated with their accounts. You can create tokens manually for each user or use the built-in Token model to generate tokens automatically upon user creation.

For manual token creation, you can use the following code in your views or custom management commands:

from rest_framework.authtoken.models import Token

user = User.objects.get(username='your_username')
token, created = Token.objects.get_or_create(user=user)

For example, create a superuser using – python3 createsuperuser

Now to go Django Shellpython shell. and input as above commands with your password and username.

Step 6: Migrate and Run Server

Run migrations to create the necessary database tables:

python makemigrations
python migrate

Now, start your Django development server:

python runserver

Testing Token Authentication:

To test Token Authentication, clients must include the token in the Authorization header of their HTTP requests. For example, using curl:

curl -X GET http://localhost:8000/tasks/ -H 'Authorization: Token your_token'

Replace 'your_token' with the actual token associated with the user.

Next: Now you can check our blog User Registration, Login, Logout API using Django Rest Framework


Token Authentication is a robust and widely-used method to secure your Django Rest Framework APIs. Its stateless nature makes it ideal for scalable applications. By following the steps outlined in this guide, you can easily implement Token Authentication in your DRF project, ensuring that your API endpoints remain secure while allowing authorized users to access protected resources..

Blogs You Might Like to Read!