Key authentication for django. Can be used with django-piston easily.
Based on https://github.com/scoursen/django-apikey.
pip install django-apikey
Add 'apikey' to your settings.py:
INSTALLED_APPS = ( ... 'apikey', .... )
What is a Token and a Key? and which are the differences between them?
A Token is generated with:
Token.objects.create(user)
and it can be used to authenticate requests with Django-Piston as long as it remain active, which is configured in settings.py:
TOKEN_VALID_SECONDS = 3600
The header used to send the token is configured in settings.py with:
TOKEN_AUTH_HEADER = 'X-Auth-Token'
To ask for a token in a resource handler use it like this:
from apikey.auth import TokenAuthentication from piston.handler import BaseHandler from piston.resource import Resource from app.models import Item class ItemHandler(BaseHandler): allowed_methods = ('GET', ) fields = ('name', 'id') model = Item def read(self, request): return Item.objects.all() handler = Resource( handler=ItemHandler, authentication=TokenAuthentication())
The token remains active TOKEN_VALID_SECONDS after each request, and it should be created in a request authenticated with the username/email and password/key, or Basic, Digest.
ApiKey is basically a key used to authenticate the requests that replace an email/username and password in all the API request.
You can change the authorization header by setting the APIKEY_AUTHORIZATION_HEADER in settings.py:
APIKEY_AUTHORIZATION_HEADER = 'App-Authorization'
To add api authentication with piston write this in your handlers:
from apikey.auth import ApiKeyAuthentication from piston.handler import BaseHandler from piston.resource import Resource from app.models import Item class ItemHandler(BaseHandler): allowed_methods = ('GET', ) fields = ('name', 'id') model = Item def read(self, request): return Item.objects.all() handler = Resource( handler=ItemHandler, authentication=ApiKeyAuthentication())
This project is base on the one of Steve Coursen https://github.com/scoursen/django-apikey but with several simplifications, and adds.
This software is licensed under the New BSD License.