Browsing the API with authentication credentials

Open a web browser and enter http://localhost:8000/. Replace localhost by the IP of the computer that is running the Django development server in case you use another computer or device to run the browser. The browsable API will compose and send a GET request to / and will display the results of its execution, that is, the Api Root. You will notice that there is a Log in hyperlink in the upper-right corner.

Click Log in and the browser will display the Django REST Framework login page. Enter kevin in username, kevinpassword in password, and click Log In. Remember to replace kevin with the name you used for the user and kevinpassword with the password you configured for this user. Now, you will be logged in as kevin and all the requests you compose and send through the browsable API will use this user. You will be redirected again to the Api Root and you will notice the Log In hyperlink is replaced with the username (kevin) and a drop-down menu that allows you to Log Out. The following screenshot shows the Api Root after we are logged in as kevin.

Click or tap on the URL on the right-hand side of users. In case you are browsing in localhost, the URL will be http://localhost:8000/users/. The Browsable API will render the web page for the Users List. The following lines show the JSON body with the first lines and the last lines with the results for the GET request to localhost:8000/users/.

The games array includes the URL and the name for each game that the user owns because the UserGameSerializer class is serializing the content for each game:

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
    "count": 2,
    "next": null,
    "previous": null,
    "results": [
        {
            "url": "http://localhost:8000/users/1/",
            "pk": 1,
            "username": "superuser",
            "games": [
                {
                    "url": "http://localhost:8000/games/10/",
                    "name": "A Dark Room"
                },
                {
                    "url": "http://localhost:8000/games/11/",
                    "name": "Bastion"
                },
        ...
            ]
        },
        {
            "url": "http://localhost:8000/users/3/",
            "pk": 3,
            "username": "kevin",
            "games": []
        }
    ]
}

Click or tap on one of the URLs for the games listed as owned by the superuser user. The Browsable API will render the web page for the Game Detail. Click or tap on OPTIONS and the DELETE button will appear. Click or tap on DELETE. The web browser will display a confirmation dialog box. Click or tap on DELETE. We will receive a 403 Forbidden status code in the response header and a detail message indicating that we do not have permission to perform the action in the JSON body.

The owner for the game we want to delete is superuser and the authentication credentials for this request use a different user, specifically, kevin. Thus, the operation is rejected by the has_object_permission method in the IsOwnerOrReadOnly class. The following screenshot shows a sample response:

Browsing the API with authentication credentials

Tip

We can also take advantage of other authentication plugins that Django REST Framework provides us. You can read more about all the possibilities that the framework provides us for authentication at http://www.django-rest-framework.org/api-guide/authentication/

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.120.57