How Can I Disable Authentication in Django REST Framework

authentication django-rest-framework

You can give empty defaults for the permission and authentication classes in your settings.

REST_FRAMEWORK = {
    # other settings...

    'DEFAULT_AUTHENTICATION_CLASSES': [],
    'DEFAULT_PERMISSION_CLASSES': [],
}

You can also disable authentication for particular class or method, just keep blank the decorators for the particular method. 

from rest_framework.decorators import authentication_classes, permission_classes

@api_view(['POST'])    
@authentication_classes([])
@permission_classes([])
def items(request):
   return Response({"message":"Hello world!"})

if you want to disable authentication for a certain class based view, then you can use,

class PublicEndPoint(APIView):
    authentication_classes = [] #disables authentication
    permission_classes = [] #disables permission
    
    def get(self, request):
        pass

This is useful when you want to make only specific endpoints available public.


You can also apply it on one specific endpoint by applying it on class or method. Just need to apply django rest framework AllowAny permission to the specific method or class.

views.py

from rest_framework.permissions import AllowAny

from .serializers import CategorySerializer
from catalogue.models import Category   

@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
    serializer_class = serializers.CategorySerializer
    queryset = Category.objects.all()

You can achieve the same result by using an empty list or tuple for the permissions setting, but you may find it useful to specify this class because it makes the intention explicit.


To enable authentication globally add this to your django settings file:

'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.IsAuthenticated',
),

then add the following decorators to your methods to enable unauthenticated access to it

from rest_framework.decorators import authentication_classes, permission_classes

@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def register(request):
  try:
    username = request.data['username']
    email = request.data['email']
    password = request.data['password']
    User.objects.create_user(username=username, email=email, password=password)
    return Response({ 'result': 'ok' })
  except Exception as e:
    raise APIException(e)

Related

Reading Excel file using node.js
.Net vs Java Garbage Collector
Stripping off the seconds in datetime python
How to crop(cut) text files based on starting and ending line-numbers in cygwin?
SQLite Query in non case sensitive alphabetical order [duplicate]
How can I throw a general exception in Java?
Apply CSS rules to a nested class inside a div
PHP remove commas from numeric strings
What constitutes a fold for types other than list?
Meaning of "n:m" and "1:n" in database design
How to get all Windows service names starting with a common word?
Element must be declared error for tag shape