Open in app

Sign in

Write

Sign in

Token Authentication in Django Rest Framework?

Md Sadiqul Islam
2 min readMar 1, 2023

Token Authentication is a popular authentication scheme used in Django Rest Framework to secure API endpoints. It involves sending an access token with each request to authenticate the user. Here’s when, why, and how you should use Token Authentication in Django Rest Framework:

When to use Token Authentication in Django Rest Framework?

Token Authentication is commonly used when the application needs to authenticate a large number of users or when the API endpoints require more security than basic authentication. It is a good choice for applications that need to support multiple devices and users as it allows for persistent authentication across multiple sessions.

Why to use Token Authentication in Django Rest Framework?

Token Authentication offers several advantages over other authentication schemes, including:

  • Scalability: Tokens can be generated and revoked quickly and easily, making it easy to add or remove users from the system.
  • Security: Tokens are encrypted and provide an additional layer of security beyond basic authentication. They can also be configured to expire after a certain period of time, reducing the risk of unauthorized access.
  • Ease of use: Tokens can be used with a variety of HTTP clients, making it easy to integrate with existing systems.

How to use Token Authentication in Django Rest Framework?

To use Token Authentication in Django Rest Framework, you can follow these steps:

Step 1: Install the Django Rest Framework Token package

pip install djangorestframework-simplejwt

Step 2: Add TokenAuthentication to the list of authentication classes in settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        # Other authentication classes...
    ],
    # Other settings...
}

Step 3: Generate a token for each user

You can generate a token for each user by creating a new view that returns a token in response to a valid username and password. The rest_framework_simplejwt.views.TokenObtainPairView class provides a ready-to-use view that handles token generation for you:

from rest_framework_simplejwt.views import TokenObtainPairView

class MyTokenObtainPairView(TokenObtainPairView):
    serializer_class = MyTokenObtainPairSerializer

Step 4: Protect your API endpoints with the @api_view decorator

from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response

@api_view(['GET'])
@permission_classes([IsAuthenticated])
def my_api_view(request):
    # Your view code here...
    return Response({'message': 'Authenticated!'})

In this example, the @permission_classes([IsAuthenticated]) decorator protects the my_api_view function by requiring authentication before the function can be executed.

Finally, to send an authenticated request, the user needs to include the access token in the HTTP header:

Authorization: Bearer <access_token>

In summary, Token Authentication is a secure and scalable authentication scheme that can be used to protect API endpoints in Django Rest Framework. It offers several advantages over other authentication schemes and is easy to implement.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Token Authentication
Django Rest Framework
Authentication
Api Development

Md Sadiqul Islam
Md Sadiqul Islam

Written by Md Sadiqul Islam

21 Followers
4 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams