-
Notifications
You must be signed in to change notification settings - Fork 6
API Authentication
Austin Gomez edited this page May 9, 2019
·
1 revision
For clients to authenticate, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
Unauthenticated responses that are denied permission will result in an HTTP 401 Unauthorized
response with an appropriate WWW-Authenticate
header. For example:
WWW-Authenticate: Token
The curl command line tool may be useful for testing token authenticated APIs. For example:
curl -X GET http://127.0.0.1:8000/api/v1/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'
Authorization tokens are issued and returned when a user registers. A registered user can also retrieve their token with the following request:
Request:
POST
api-token-auth/
Parameters:
Name | Type | Description |
---|---|---|
username | string | The user's username |
password | string | The user's password |
Response:
{
"token" : "9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b"
}