Consume API – Token Based Authentication

In the previous post we used an API end point to display data that was available on our website. It was pretty straight forward in-terms of  having endpoint parsing the data and displaying. But in reality we can have certain challenges, one of the is authentication. In this post we will discuss how to use the token based  authentication in django.

I will be discussing

So lets begin.

What is token based authentication

Authentication is validating the identity. It’s basically a process where you provide some sort of identification, it can be username password or a token, one-time-password etc. With token based authentication the user can stay logged in without using the cookies, and yes tokens are secure in-terms of replaying user credentials. But everything comes with their own pros and cons. Cookie based auth is more like a packet that resides on your browser, which tells the website that you are already authenticated. This authentication is stateful [ The record is kept by both- your browser and the server]. Token based is similar to this only difference being it’s stateless [Everything that you do comes with a unique token that the server verifies every time.]

Working of token based auth

tokrn.png

Advantages

  1. Efficient: Fact being they are stateless, they require no space for storage.
  2.  Multi- server platform: Token based auth supports that too, so if you are authenticated in one server, user need not be authenticated on the second server.
  3. Flexible: Can used across multiple servers, they also provide authentication on different apps.

Implementation

In my F1 best website I have made some changes, I have added the auth module now when I load my portfolio app no data gets loaded here and I get an message saying:

Django version 1.11.13, using settings 'f1driver.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CTRL-BREAK.
{u'detail': u'Authentication credentials were not provided.'}
<type 'dict'>

notauth.png

So now we need to create a token and send it along in the header to the requested url. First lets lets create a token.

python manage.py drf_create_token jonnie

token 260ca1350d14050b295fcb928cd52c69e1cf8657

jonnie  is a racer and a user in F1 database whose endpoint we are consuming. If you don’t have any users, first create one, to do that:

python manage.py createsuperuser
Username (leave blank to use ‘dimple’):jonnie
Email address: jonnie.theracer@f1.com
Password:
Password (again):
Superuser created successfully.

Now the token generated you need to pass that token along with the api endpoint, so that the server know you. And how to do that:

def home(request):
    url = 'http://192.168.1.103:8000/driver/'
    headers = {'Authorization': 'token 260ca1350d14050b295fcb928cd52c69e1cf8657'}
    response = requests.get(url,headers=headers)
    laps = response.json()
    return render(request,'home.html',{'laps':laps})

Data at this endpoint looks something like this. We had two tables one for the Laps and other for driver information, in the serializer class of the driver  I added the laps property, Looks like nested Json:

Untitled.png

 

Now run the server again : python manage.py runserver check your local host. And ta-da you see all the data loaded in your wesite.

Untitled2

 

Hope this was informative and helps you. Stay connected

Github links : F1DRIVER    |  FORMULA1 RACE

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s