Now, we can launch Django's development server to compose and send HTTP requests. Execute any of the following two commands based on your needs to access the API in other devices or computers connected to your LAN. Remember that we analyzed the difference between them in Chapter 1 , Developing RESTful APIs with Django.
python manage.py runserver python manage.py runserver 0.0.0.0:8000
After we run any of the previous commands, the development server will start listening at port 8000.
Now, we will compose and send an HTTP request to retrieve all the player's scores without authentication credentials six times:
http :8000/player-scores/
We can also use the features of the shell in macOS or Linux to run the previous command six times with just a single line. We can also run the command in a Cygwin terminal in Windows. We can execute the next line in a bash shell. However, we will see all the results one after the other and you will have to scroll to understand what happened with each execution:
for i in {1..6}; do http :8000/player-scores/; done;
The following is the equivalent curl command that we must execute six times:
curl -iX GET :8000/player-scores/
The following is the equivalent curl command that is executed six times with a single line in a bash shell in macOS or Linux, or a Cygwin terminal in Windows:
for i in {1..6}; do curl -iX GET :8000/player-scores/; done;
Django won't process the sixth request because AnonRateThrottle is configured as one of the default throttle classes and its throttle settings specify five requests per hour. Thus, we will receive a 429 Too many requests status code in the response header and a message indicating that the request was throttled and the time in which the server will be able to process an additional request. The Retry-After key in the response header provides the number of seconds that it is necessary to wait until the next request: 3189. The following lines show a sample response:
HTTP/1.0 429 Too Many Requests Allow: GET, POST, HEAD, OPTIONS Content-Type: application/json Date: Tue, 05 Jul 2016 03:37:50 GMT Retry-After: 3189 Server: WSGIServer/0.2 CPython/3.5.1 Vary: Accept, Cookie X-Frame-Options: SAMEORIGIN { "detail": "Request was throttled. Expected available in 3189 seconds." }
Now, we will compose and send an HTTP request to retrieve the player's scores with authentication credentials, that is, with the superuser name and his password. We will execute the same request six times. Remember to replace superuser with the name you used for the superuser and password with the password you configured for this user in Chapter 3
,
Improving and Adding Authentication to an API with Django:
http -a superuser:'password' :8000/player-scores/
We can also run the previous command six times with just a single line:
for i in {1..6}; do http -a superuser:'password' :8000/player-scores/; done;
The following is the equivalent curl command that we must execute six times:
curl --user superuser:'password' -iX GET :8000/player-scores/
The following is the equivalent curl command that is executed six times with a single line:
for i in {1..6}; do curl --user superuser:'password' -iX GET :8000/player-scores/; done;
Django will process the sixth request because we have composed and sent six authenticated requests with the same user, UserRateThrottle is configured as one of the default throttle classes and its throttle settings specify 20 requests per hour.
If we run the previous commands 15 times more, we will accumulate 21 requests and we will will receive a 429 Too many requests status code in the response header and a message indicating that the request was throttled and the time in which the server will be able to process an additional request after the last execution.
Now, we will compose and send an HTTP request to retrieve all the game categories thirty times without the authentication credentials:
http :8000/game-categories/
We can also run the previous command thirty times with just a single line:
for i in {1..30}; do http :8000/game-categories/; done;
The following is the equivalent curl command that we must execute thirty times:
curl -iX GET :8000/game-categories/
The following is the equivalent curl command that is executed thirty times with a single line:
for i in {1..30}; do curl -iX GET :8000/game-categories/; done;
Django will process the thirty requests because we have composed and sent 30 unauthenticated requests to a URL that is identified with the 'game-categories' throttle scope and uses the ScopedRateThrottle class for throttle permission control. The throttle settings for the throttle scope identified with 'game-categories' are configured with 30 requests per hour.
If we run the previous command once again, we will accumulate 31 requests and we will receive a 429 Too many requests status code in the response header and a message indicating that the request was throttled and the time in which the server will be able to process an additional request after the last execution.