Token Authentication in Django Rest Framework is a type of authentication mechanism used to authenticate and authorize requests made by clients to the server. It works by generating a unique token for each authenticated user and sending it along with every subsequent request made by the user.

This token serves as a credential to identify the user and grant them access to resources or services that require authentication.


To configure Token Authentication in Django Rest Framework, add ‘rest_framework.authentication.TokenAuthentication’ to the DEFAULT_AUTHENTICATION_CLASSES list in Once you have done this, Django will automatically handle the generation and management of tokens. Token Authentication is built-in and easily configurable in Django Rest Framework.

To use Token Authentication, the user must first log in and authenticate themselves. Once authenticated, the server generates a unique token and sends it back to the client. The client then includes this token in the Authorization header of all subsequent requests.

The server receives the token, verifies it, and grants the client access to the requested resource or service if the token is valid. Token Authentication is commonly used in RESTful APIs to protect endpoints that require authentication, such as updating user data or making purchases.

Token Authentication is a preferred choice among users compared to other authentication methods, such as session-based authentication. This is because it is stateless and doesn’t require the server to store user sessions. As a result, it becomes easier to scale the application. In addition, tokens can have an expiration time that ensures the user will need to log in again after a specific period. This provides additional security to the application.

A Simple project on token authentication in Django:

  1. Create a new Django project using the command django-admin startproject myproject.
  2. Create a new app using the command python startapp myapp.
  3. To configure authentication in Django, start by adding ‘rest_framework’ and ‘myapp’ to the INSTALLED_APPS list in the file. Then, add ‘rest_framework.authentication.TokenAuthentication’ to the DEFAULT_AUTHENTICATION_CLASSES list.Create a new model User in with username, password, and email fields.
  4. Create a serializer UserSerializer in with username, password, and email fields.
  5. Create a view UserViewSet in with methods create and list.
  6. In, create a new URL pattern for UserViewSet and set the authentication classes to use Token Authentication.
  7. Run the migrations using the command python makemigrations and python migrate.
  8. To start the server, first, use the command “python runserver”.

Here is the sample code for

from django.db import models

class User(models.Model):
    username = models.CharField(max_length=50)
    password = models.CharField(max_length=50)
    email = models.EmailField()

    def __str__(self):
        return self.username

Here is the sample code for

from rest_framework import serializers
from .models import User

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ('id', 'username', 'password', 'email')
        extra_kwargs = {'password': {'write_only': True}}

Here is the sample code for

from rest_framework import viewsets
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticated
from .models import User
from .serializers import UserSerializer

class UserViewSet(viewsets.ModelViewSet):
    serializer_class = UserSerializer
    queryset = User.objects.all()
    permission_classes = [IsAuthenticated]

    def create(self, request, *args, **kwargs):
        serializer = UserSerializer(
        if serializer.is_valid():
            return Response(, status=201)
        return Response(serializer.errors, status=400)

Here is the sample code for

from django.urls import path, include
from rest_framework import routers
from .views import UserViewSet

router = routers.DefaultRouter()
router.register('users', UserViewSet)

urlpatterns = [
    path('', include(router.urls)),

Great! With that complete, you can now test the project by making requests to the users endpoint using a tool such as Postman. In addition, it’s important to include the token in the Authorization header of your requests. You will ensure that you properly authenticate and authorize your requests. Furthermore, be sure to review the API documentation for any other requirements or limitations on the requests you can make.