Secret API key for accessing Django REST framework


My aim is to restrict access to API for client applications by specifying API Key. Various services allow you to access their API by means of secret Key, which you have to get in order to perfom requests.

Note: this is not related to user auth.

Is there any straightforward solution to do this in django rest framework? Or just to pass the key in request header and then manually handle it?


Best Solution

Use the TokenAuthentication class, as documented here.

You'll also want to setup appropriate permissions, probably using the IsAuthenticated class.

Edit: Apologies - re-reading you post it looks like you want a global secret key, not a per-user one. I'd suggest a custom permission class that checks for the request header and fails if it's not present/not correct.

Related Question