8π
Your api need CSRF token, you have to add CSRF token to the request(and postman):
data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }
You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.
26π
If using token based authentication with DRF donβt forget to set it in settings.py. Otherwise youβll get a CSRF error
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
]
}
- Disable caching for a view or url in django
- You cannot add messages without installing django.contrib.messages.middleware.MessageMiddleware
14π
I was facing the same problem with Postman. I was asked to include a CSRF on every request after getting a token for the first time so I realized that I had Session and Token authentication methods enabled so I commented out the SessionAuthentication line (of course, you could remove it as well)
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
# 'rest_framework.authentication.SessionAuthentication',
]
After that, I was able to request a token by using only my credentials without including any CSRF code:
I think that the fact of having those two auth classes activated was causing Django to muddle up somehow.
- Django: Faking a field in the admin interface?
- Django collectstatic no such file or directory
- Accessing Django OneToOneField in templates?
- Libmysqlclient.18.dylib image not found when using MySQL from Django on OS X
- Django easy-thumbnails vs sorl-thumbnail differences
6π
For me the solution was to add the X-CSRFToken
header in Postman (gotten from initial login response in browser)
- Django form with fields from two different models
- Django docker β could not translate host name "db" to address: nodename nor servname provided, or not known
- Django form.is_valid() always false
- How should multiple Django apps communicate with each other?
1π
In settings.py file
INSTALLED_APPS = [
...
...
...
...
'rest_framework.authtoken',
...
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
}
in project urls.py
from rest_framework.authtoken import views
urlpatterns = [
....
path('api-token-auth/',views.obtain_auth_token,name='api-token-auth')
]
Open terminal as
$ pip3 install httpie
$ python3 manage.py createsuperuser # if not created
$ http POST http://localhost:8000/api-token-auth/ username="username" password = "password" # You will get token key (Just copy it) ex:a243re43fdeg7r4rfgedwe89320
You token key will be also automatically saved in your databases
Go to postman header (like in example)
Ex: screenshot from postman ,where and how to paste accessed toke
Then insert you token key.
- Django form dropdown list of stored models
- Store browser tab specific data
- How do I get the actual object id in a Django admin page (inside formfield_for_foreignkey)?
- Saving a Pandas DataFrame to a Django Model
- Admin inline with no ForeignKey relation
- How can I create a case-insensitive database index in Django?
- Django admin enable sorting for calculated fields
0π
You can either use csrfmiddlewaretoken: csrf_token
, in your json data where csrf_token is a valid token, but in a situation where including it you are unable to provide a correct token, comment or remove SessionAuthentication
as below.
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
# 'rest_framework.authentication.SessionAuthentication',
]
- Accessing form fields as properties in a django view
- How to run a Django celery task every 6am and 6pm daily?
- How to test django caching?
- How show personalized error with get_object_or_404
0π
-
Create an endpoint which return html page.
Endpoint β /get_token
Details β The html page will have only 1 line of code i.e.{{ csrf_token}}
. Request that url from postman. In response you will see the token -
For new post method endpoint, add the header with name X-CSRFToken and value as csrf_token. Send the json data according to requirement.