One of the DRF out-of-the-box capabilities is authentication; it supports broad categories of authentication schemes, from basic authentication, token authentication, session authentication, remote user authentication, to OAuth Authentication. It also supports custom authentication schemes if we wish to implement one. DRF runs the authentication scheme at the start of the view, that is, before any other code is allowed to proceed. DRF determines the incoming requests privileges from the permission and throttling policies, and then decides whether the incoming request can be allowed or disallowed with the matched credentials.