I develop a web-service that through the web-API should be connected with third-party applications via pregenerated key. My solution is to use @csrf_exempt
, but it seems to be very bad solution. How to authenticate connected application via key?
You can use permissions .
You need to add this to settings:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'app_name.path.MyPermissionClass',
)
}
And then create you permission class. As described here .
from rest_framework import permissions
class MyPermissionClass(permissions.BasePermission):
def has_permission(self, request, view):
if request.META.get('HTTP_SECRET_KEY', None) == 'your key':
return True
else:
return False
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.