Auth & Permissions

Simple JWT Install

pip install djangorestframework-simplejwt

JWT Configuration

# settings.py
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
}

JWT URL Routing

from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView

urlpatterns = [
    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
]

Built-in Permissions

from rest_framework.permissions import IsAuthenticated, IsAdminUser, AllowAny

class PostViewSet(viewsets.ModelViewSet):
    permission_classes = [IsAuthenticated]

Custom Permission (IsOwner)

from rest_framework import permissions

class IsOwnerOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.author == request.user

Per-Action Permissions

class PostViewSet(viewsets.ModelViewSet):
    def get_permissions(self):
        if self.action == 'list':
            return [AllowAny()]
        return [IsAuthenticated()]

Throttling Config

# settings.py
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/day',
        'user': '1000/day'
    }
}