How to authenticate connected application with key? Django, Python

Question

I develop a web-service that through the web-API should be connected with third-party applications via pregenerated key. My solution is to use @csrf_exempt, but it seems to be very bad solution. How to authenticate connected application via key?

CSRF protection is unnecessary for an API. http://stackoverflow.com/questions/10741339/do-csrf-attack-worries-apply-to-apis — James Fenwick, Jan 22 '16 at 16:07

score 0 · Accepted Answer · answered Jan 22 '16 at 17:34

You can use permissions.

You need to add this to settings:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'app_name.path.MyPermissionClass',
    )
}

And then create you permission class. As described here.

from rest_framework import permissions

class MyPermissionClass(permissions.BasePermission):

    def has_permission(self, request, view):
        if request.META.get('HTTP_SECRET_KEY', None) == 'your key':
            return True
        else:
            return False

How to authenticate connected application with key? Django, Python

1 Answers1