florimondmanca/djangorestframework-api-key florimondmanca/djangorestframework-api-key

  • Stars
    star
    578
  • Rank 77,250 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
florimondmanca/djangorestframework-api-key
github

florimondmanca

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔐 API key permissions for Django REST Framework

Django REST Framework API Key

API key permissions for the Django REST Framework.

python versions django versions drf versions

Introduction

Django REST Framework API Key is a library for allowing server-side clients to safely use your API. These clients are typically third-party backends and services (i.e. machines) which do not have a user account but still need to interact with your API in a secure way.

Features

  • ✌️ Simple to use: create, view and revoke API keys via the admin site, or use built-in helpers to create API keys programmatically.
  • 🔒 As secure as possible: API keys are treated with the same level of care as user passwords. They are hashed using the default password hasher before being stored in the database, and only visible at creation.
  • 🎨 Customizable: satisfy specific business requirements by building your own customized API key models, permission classes and admin panels.

Should I use API keys?

There are important security aspects you need to consider before switching to an API key access control scheme. We've listed some of these in Security caveats, including serving your API over HTTPS.

Besides, see Why and when to use API keys for hints on whether API keys can fit your use case.

API keys are ideal in the following situations:

  • Blocking anonymous traffic.
  • Implementing API key-based throttling. (Note that Django REST Framework already has may built-in utilities for this use case.)
  • Identifying usage patterns by logging request information along with the API key.

They can also present enough security for authorizing internal services, such as your API server and an internal frontend application.

Please note that this package is NOT meant for authentication. You should NOT use this package to identify individual users, either directly or indirectly.

If you need server-to-server authentication, you may want to consider OAuth instead. Libraries such as django-oauth-toolkit can help.

Quickstart

Install with pip:

pip install "djangorestframework-api-key==2.*"

Note: It is highly recommended to pin your dependency to the latest major version (as depicted above), as breaking changes may and will happen between major releases.

Add the app to your INSTALLED_APPS:

# settings.py

INSTALLED_APPS = [
  # ...
  "rest_framework",
  "rest_framework_api_key",
]

Run the included migrations:

python manage.py migrate

To learn how to configure permissions and manage API keys, head to the Documentation.

Changelog

See CHANGELOG.md.

Contributing

See CONTRIBUTING.md.

License

MIT

More Repositories

1

awesome-asgi

A curated list of awesome ASGI servers, frameworks, apps, libraries, and other resources
Python
1,303
star
2

aiometer

A Python concurrency scheduling library, compatible with asyncio and trio.
Python
252
star
3

asgi-lifespan

Programmatic startup/shutdown of ASGI apps.
Python
157
star
4

msgpack-asgi

Drop-in MessagePack support for ASGI applications and frameworks
Python
137
star
5

arel

Lightweight browser hot reload for Python ASGI web apps
Python
116
star
6

kafka-fraud-detector

🚨 Simple, self-contained fraud detection system built with Apache Kafka and Python
Python
77
star
7

httpx-sse

Consume Server-Sent Event (SSE) messages with HTTPX
Python
46
star
8

asgi-htmx

HTMX integration for ASGI applications
Python
39
star
9

starlette-auth-toolkit

Authentication backends and helpers for Starlette-based ASGI apps and frameworks
Python
32
star
10

www

Code for https://florimond.dev
Python
30
star
11

ddtrace-asgi

Unofficial Datadog tracing integration for ASGI apps and frameworks
Python
30
star
12

proxyx

[No maintenance intended] Proof of concept lightweight HTTP/1.1 proxy service built with ASGI and HTTPX.
Python
29
star
13

asgi-sitemaps

Sitemap generation for Python ASGI web apps
Python
20
star
14

asgi-caches

Server-side HTTP caching for ASGI applications, inspired by Django's cache framework
Python
18
star
15

pyboids

A boids flocking behaviour algorithm implementation in Python and Pygame
Python
14
star
16

python-in-browser

🐍🛥🌟 Running Python in the browser with Batavia and Starlette
Python
12
star
17

dataclasses-properties

🐍🤝 Reconciling Python's dataclasses and properties
Python
11
star
18

ng-courses

Fetch and display a list of courses by implementing the Model-Adapter Pattern
TypeScript
10
star
19

httpxprof

A tool for profiling HTTPX using cProfile and SnakeViz
Python
9
star
20

all-my-repos

Apply changes across all my repos using https://github.com/asottile/all-repos.
Python
7
star
21

personal

🖥 Personal blog frontend app
TypeScript
7
star
22

cs-ir

Implementation of an Information Retrieval System (IRS)
Jupyter Notebook
5
star
23

limier

Smart conversion and validation toolkit powered by type annotations
Python
4
star
24

paperiano

Paper + Piano (+ Computer Vision + Deep Learning) = Paperiano
Jupyter Notebook
4
star
25

personal-vue

⛰ Vue remake of my personal blog frontend app. Built for learning purposes.
Vue
4
star
26

subscriptions-transport-ws-python

Pure Python, asynchronous, event-loop-agnostic implementation of the subscriptions-transport-ws protocol
Python
4
star
27

azure-pipelines-templates

Azure Pipelines templates for my repos
3
star
28

azp-python-example

Opinionated example Python package Azure Pipelines setup w/ TestPyPI publish on tags
Shell
2
star
29

roller-coaster-loops

Calculus applied to roller coaster physics
Python
2
star
30

datacenters-drought

Data visualization of datacenters location and water resources vs US West 2021 extreme droughts
Python
2
star
31

personal-api

⚡️ Personal blog API
Python
2
star
32

httpx-unixsocket-poc

POC third-party package for adding Unix Domain Socket support to HTTPX
Python
2
star
33

fetch-metadata-asgi

PoC ASGI middleware implementation of the Fetch Metadata specification
Python
2
star
34

pygame-assets

Lightweight asset management for Pygame
Python
2
star
35

ansible-learn

Learning Ansible by using it to configure a Nginx + Python + Uvicorn + Gunicorn + Supervisor deployment in a Vagrant VM.
Makefile
2
star
36

django-clean-media

Unused media files cleaning plugin for Django
Python
1
star
37

aragon

Rule-based streaming data cleansing application written in Python
Python
1
star
38

dots

Small game made with Love2D
Lua
1
star
39

pytest-unasync

Pytest plugin for async-to-sync test generation
Python
1
star
40

python-package-template

My opinionated cookiecutter template for Python packages.
Python
1
star
41

uptv

📺 TV show alerting web app
Python
1
star
42

solitaire-rs

A Rust terminal UI (TUI) implementation of Solitaire
Rust
1
star
43

ddtrace-examples

Playing around with Datadog APM
Python
1
star
44

simulations

Fun mathematical simulations, using Python
Python
1
star
45

realchat

A web-based real-time chat room application made with Go, Svelte, and SocketIO.
Svelte
1
star
46

tower-defense

A cool Python game about defending a tower. All your base are belong to us.
Python
1
star
47

bocadillo-ws-test

Debugging WebSocket connection closures with Bocadillo and Uvicorn
Python
1
star