diff options
| author | Tom Christie | 2013-04-16 12:43:46 -0700 |
|---|---|---|
| committer | Tom Christie | 2013-04-16 12:43:46 -0700 |
| commit | eceae6480431038a2eb664861cb7787957ce05c9 (patch) | |
| tree | f3b3ed8c258b82b3dfb1939404f00f5fb16b7c1c /docs/api-guide/authentication.md | |
| parent | 56c039ce17fd06799945f2135f20afc972685338 (diff) | |
| parent | c7e000e46e831a254689faac44ea44ebafe3cd61 (diff) | |
| download | django-rest-framework-eceae6480431038a2eb664861cb7787957ce05c9.tar.bz2 | |
Merge pull request #792 from maspwr/writable-nested-modelserializer
Writable nested modelserializer (merge in master)
Diffstat (limited to 'docs/api-guide/authentication.md')
| -rwxr-xr-x[-rw-r--r--] | docs/api-guide/authentication.md | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index 541c6575..1f08f542 100644..100755 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -107,7 +107,7 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401 WWW-Authenticate: Basic realm="api" -**Note:** If you use `BasicAuthentication` in production you must ensure that your API is only available over `https` only. You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage. +**Note:** If you use `BasicAuthentication` in production you must ensure that your API is only available over `https`. You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage. ## TokenAuthentication @@ -119,6 +119,8 @@ To use the `TokenAuthentication` scheme, include `rest_framework.authtoken` in y ... 'rest_framework.authtoken' ) + +Make sure to run `manage.py syncdb` after changing your settings. You'll also need to create tokens for your users. @@ -140,9 +142,13 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401 WWW-Authenticate: Token +The `curl` command line tool may be useful for testing token authenticated APIs. For example: + + curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' + --- -**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https` only. +**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https`. --- @@ -253,7 +259,7 @@ Finally, sync your database. --- -**Note:** If you use `OAuth2Authentication` in production you must ensure that your API is only available over `https` only. +**Note:** If you use `OAuth2Authentication` in production you must ensure that your API is only available over `https`. --- @@ -294,7 +300,7 @@ The only thing needed to make the `OAuth2Authentication` class work is to insert The command line to test the authentication looks like: - curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/?client_id=YOUR_CLIENT_ID\&client_secret=YOUR_CLIENT_SECRET + curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/ --- |