1

I currently have a Django web app, and am now creating an iOS app that needs to hook into the same database. So, I am creating an python API from my Django app. I don't know how to handle authentication from the iOS app to this Python API...? I want to just put Django's @login_required decorator on each of my API views (as I do for the web app part) but am not sure how to do that since the iOS client isn't sending over a User object. What should I do?

I have tried making my own decorator that looks for a username and password in the client's request, but I think that's probably very dumb on my part as I don't now how to keep the username/password secret and that username/password data is then visible in the URL. Any ideas/help would be greatly appreciated!

Improve this question

1 Answer 1

Reset to default
1

There is nothing wrong or hacky with rolling your own API views and using a basic authentication decorator, but it might be worth investing a little bit of time (perhaps 2-3 hours of tinkering) to learn Django REST Framework.

Django REST Framework is one of the better Python packages in existence (right up there with Requests) and has a huge community, so if you get stuck, StackOverflow will be by your side. It offers authentication (i.e., prove who you are / login) and authorization (i.e., specific access permission controls). But, I highly recommend doing the full tutorial.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I initially looked into DRF but thought it might be overkill for what I need. I'll look into it again- thank you for your advice! At the moment, though, authentication is my only roadblock so I would like to see if I can work that out with what I have, since all other parts are working! I'm just not sure how the client passes the "User object" data to the server so I can use the decorator...
I'm going through the DRF tutorial, but, in the meantime, I would also like to see if I can get some auth going on my current API...can you suggest how I go about basic HTTP auth? I have a decorator on every view that needs a username and password from each request. How do I send that data in a safe way (right now, I just have it in the request body)?? @orokusaki
@steph it doesn't matter how you send it (headers or body), as long as your sending it via HTTPS. If you're using insecure HTTP, you'll be doomed either way. If you Google search for "Django basic auth", you'll find a tutorial on the Django website, as well as a number of tutorials elsewhere on the web.
oooh ok, thank you so much!! So something like https://example.com/api/?username=myname&password=mypswd is ok? @orokusaki
@steph GET would be the least preferred way to provide a password, because the URL will remain in your browser history and can also be shared directly. You want to use POST to provide the params. Slow down and take some time to read some docs on the subject. Google is your friend here. It's all Martian now, but it'll be clear as day after a couple hours of reading, and it'll be well worth it.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.