I'm working on a store site, where every user is going to be anonymous (well, until it's time to pay at least), and I'm trying to use Django REST Framework to serve the product API, but it keeps complaining about:
"detail": "Authentication credentials were not provided."
I found some settings related to authentication, but I couldn't find anything like ENABLE_AUTHENTICATION = True. How do I simply disable authentication, and let any visitor to the site access the API?
You can give empty defaults for the permission and authentication classes in your settings.
REST_FRAMEWORK = {
# other settings...
'DEFAULT_AUTHENTICATION_CLASSES': [],
'DEFAULT_PERMISSION_CLASSES': [],
}
You can also disable authentication for particular class or method, just keep blank the decorators for the particular method.
from rest_framework.decorators import authentication_classes, permission_classes
@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def items(request):
return Response({"message":"Hello world!"})
If using APIView you can create a permission for the view, example below:
urls.py
url(r'^my-endpoint', views.MyEndpoint.as_view())
permissions.py
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
views.py
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
You can also apply it on one specific endpoint by applying it on class or method. Just need to apply django rest framework AllowAny permission to the specific method or class.
views.py
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
You can achieve the same result by using an empty list or tuple for the permissions setting, but you may find it useful to specify this class because it makes the intention explicit.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贪生不怕死 的文章《How Can I Disable Authentication in Django REST Fr》','https://www.manongdao.com/article-212605.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}