One of the biggest drawbacks related to Django and Django REST Framework is that each HTTP request is blocking. Thus, whenever the Django server receives an HTTP request, it doesn't start working on any other HTTP requests in the incoming queue until the server sends the response for the first HTTP request it received.
However, one of the greatest advantages of RESTful Web Services is that they are stateless, that is, they shouldn't keep a client state on any server. Our API is a good example of a stateless RESTful Web Service. Thus, we can make the API run on as many servers as necessary to achieve our scalability goals. Obviously, we must take into account that we can easily transform the database server in our scalability bottleneck.
Tip
Nowadays, we have a huge number of cloud-based alternatives to deploy a RESTful web service that uses Django and Django REST Framework and make it extremely scalable. Just to mention a few examples, we have Heroku, PythonAnywhere, Google App Engine, OpenShift, AWS Elastic Beanstalk, and Windows Azure.
Each platform includes detailed instructions to deploy our application. All of them will require us to generate the requirements.txt file that lists the application dependencies together with their versions. This way, the platforms will be able to install all the necessary dependencies listed in the file.
Run the following pip freeze, to generate the requirements.txt file:
pip freeze > requirements.txt
The following lines show the contents of a sample generated requirements.txt file. However, bear in mind that many packages increase their version number quickly and you might see different versions in your configuration:
coverage==4.1 Django==1.9.7 django-braces==1.9.0 django-crispy-forms==1.6.0 django-filter==0.13.0 django-nose==1.4.4 django-oauth-toolkit==0.10.0 djangorestframework==3.3.3 nose==1.3.7 oauthlib==1.0.3 psycopg2==2.6.2 six==1.10.0
We always have to make sure that we profile the API and the database before we deploy our first version of the RESTful Web Service. It is very important to make sure that the generated queries run properly on the underlying database and that the most popular queries do not end up in sequential scans. It is usually necessary to add the appropriate indexes to the tables in the database.
We have been using basic HTTP authentication. In case we decide to use this authentication or other mechanisms, we must make sure that the API runs under HTTPS in production environments. In addition, we must make sure that we change the following line in the settings.py file:
DEBUG = True
We must always turn off the debug mode in production, and therefore, we must replace the previous line with the following one:
DEBUG = False