aboutsummaryrefslogtreecommitdiffstats
path: root/docs/api-guide
diff options
context:
space:
mode:
Diffstat (limited to 'docs/api-guide')
-rw-r--r--docs/api-guide/authentication.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index 3137b9d4..50d8c054 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -97,6 +97,22 @@ If successfully authenticated, `TokenAuthentication` provides the following cred
**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https` only.
+When using TokenAuthentication, it may be useful to add a login view for clients to retrieve the token.
+
+REST framework provides a built-in login view. To use it, add a pattern to include the token login view for clients as follows:
+
+ urlpatterns += patterns('',
+ url(r'^api-token-auth/', include('rest_framework.authtoken.urls',
+ namespace='rest_framework'))
+ )
+
+The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use. The only restriction is that the included urls must use the `'rest_framework'` namespace.
+
+The authtoken login view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using forms or JSON:
+
+ { 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }
+
+
## OAuthAuthentication
This policy uses the [OAuth 2.0][oauth] protocol to authenticate requests. OAuth is appropriate for server-server setups, such as when you want to allow a third-party service to access your API on a user's behalf.
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-06 08:54:28 +0000