Browsing the API with authentication credentials

Open a web browser and enter http://localhost:8000/. Replace localhost with the IP of the computer that is running the Django development server if you use another computer or device to run the browser. The Browsable API will compose and send a GET request to / and will display the results of its execution, that is, the API root. You will notice there is a Log in hyperlink at the upper-right corner.

Click Log in and the browser will display the Django REST Framework login page. Enter gaston-hillar in the username field, enter FG$gI^76q#yA3v in the password field, and click Log In. Now, you will be logged in as gaston-hillar and all the requests you compose and send through the Browsable API will use this user.

You will be redirected again to the api-root and you will notice the Log In hyperlink is replaced with the username (gaston-hillar) and a drop-down menu that allows you to log out. The following screenshot shows the api-root after we are logged in as gaston-hillar:

Click or tap on the URL displayed next to "users". If you are browsing in localhost, the URL will be http://localhost:8000/users/. The Browsable API will render the web page for the Users List. The following lines show the JSON body with the results for the GET request to localhost:8000/users/. The games array includes the URL and the name for each game that the user owns because the UserGameSerializer class is serializing the content for each game. The next lines show the first lines of the output:

    HTTP 200 OK
    Allow: GET, HEAD, OPTIONS
    Content-Type: application/json
    Vary: Accept
    
    {
        "count": 2,
        "next": null,
        "previous": null,
        "results": [
            {
                "url": "http://localhost:8000/users/1/",
                "id": 1,
                "username": "your_games_super_user",
                "games": [
                    {
                        "url": "http://localhost:8000/games/4/",
                        "name": "ARK: Survival Evolved"
                    },
                    {
                        "url": "http://localhost:8000/games/1/",
                        "name": "Battlefield V"
                    },
                    {
                        "url": "http://localhost:8000/games/3/",
                        "name": "Heavy Fire: Red Shadow"
                    },

Click or tap on one of the URLs for the games listed as owned by the your_games_super_user user, that is, the other user. The Browsable API will render the web page for game-detail. Click or tap OPTIONS and the DELETE button will appear. Click or tap DELETE. The web browser will display a confirmation dialog box. Click or tap Delete. We will receive a 403 Forbidden status code in the response header and a detailed message indicating that we do not have permission to perform the action in the JSON body. The owner for the game we want to delete is your_games_super_user and the authentication credentials for this request use a different user, specifically, gaston-hillar. Thus, the operation is rejected by the has_object_permission method in the IsOwnerOrReadOnly class. The following screenshot shows a sample response:

Django REST framework has many additional authentication plugins that can be useful for user security goals. In addition, there are third-party authentication packages. You can read more details about all the possibilities that the framework provides us for authentication at http://www.django-rest-framework.org/api-guide/authentication/.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.14.126.74