0

I want to setup an e-commerce store with a Django Rest Framework on the backend and React JS on the frontend and I also want to build a mobile application for the store.

I want the api to be only accessible by my React Front End client and my Mobile app, but I want my customers to see the product list without signing up or logging in first.

Is there a way to authenticate the client (the application itself) just for one view and all for all other views the user has to authenticate?

Do I need to setup an API key? Can you guys help me with some examples please?

Allex Radu
  • 1,257
  • 13
  • 24

1 Answers1

1

you can define all of your views as "required permission" by default, in the settings.py file add:

REST_FRAMEWORK = {
    # check that token where provided and who is the user
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication'
    ),
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ]
}

in any other view that you want to be open for everyone use:

class SomeView(APIView):
    permission_classes = [permissions.AllowAny]

references:

https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication

Django Permission Required

Ido Cohen
  • 26
  • 1