In this chapter, we learned the differences between authentication and permissions in Django, the Django REST framework, and RESTful Web Services. We analyzed the authentication classes included in the Django REST framework out of the box.

We followed the necessary steps to include security and permissions-related data to models. We worked with object-level permissions via customized permission classes and we saved information about users that make requests. We understood that there are three HTTP methods or verbs that are considered safe.

We configured permission policies for the class-based views that worked with the Drone model. Then, we created a superuser and another user for Django to compose and send authenticated requests and to understand how the permission policies we configured were working.

We used command-line tools and GUI tools to compose and send authenticated requests. Then, we browsed the secured RESTful Web Service with the browsable API feature. Finally, we worked with a simple token-based authentication provided by the Django REST framework to understand another way of authenticating requests.

Now that we have improved our RESTful Web Service with authentication and permission policies, it is time to combine these policies with throttling rules and versioning. We will cover these topics in the next chapter.