2

I have a Django app that lets a user upload a file and does some processing on it, and I need to write an API for this app. The requirements are:

  • The API must accept file uploads (this is really the only thing the API will be responsible for)
  • User authentication must be supported, meaning each file uploaded must be associated with an existing Django user

I wrote the first part quite easily by just telling Django to listen for POST'ed data on a specific URL (which I hit by passing a file to curl), but that obviously won't give me user auth.

How can I add that in? Should I try something like tastypie since it's for building API's and has support for user auth, even though I will only barely scratch the surface of its functionality with this basic API? Or could I just get away with telling Django to accept a username and password in the POST along with the file? Is there a best practice for authenticating a user through an API built on top of Django?

Improve this question
2
  • Does the whole thing have to happen in one request or can it happen in two phases? Commented Aug 16, 2011 at 19:30
  • @koniiiik ideally one request, but if the LOE is much less for two phases, then I'd settle with that. What are you thinking? Commented Aug 16, 2011 at 19:34

3 Answers 3

Reset to default
2

My take on this would be to simply use the django.contrib.auth application and before handling the actual file data in the POST request just verify that the POST request also contains valid authentication info. You can do that by calling the authenticate function, see https://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth.authenticate

The above applies in case you want the whole process to happen in a single request. That, however, means that the whole file will be uploaded before checking the authentication info. If you can afford to split this into one auth request followed by a file upload, you can just create a view that will take care of the authentication and then protect your file upload view by the login_required decorator. This will require sessions...

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Unless it's overkill for your application, I would consider using OAuth for authentication to your API. There is a django module called oauth2app that lets you guard a URL behind oauth authentication.

Improve this answer

Comments

0

Auth

  • Add an authid for API. Such as url/uploadfile?file=1.txt&authid=xxx
  • The auth id can be got from another API with username & password auth.

Please refer to my code for file upload & API auth at git.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.