2👍
✅
Without the api_view decorator, it’s a regular Django view.
DRF embeds its own authentication and permission system as to avoid things such as requiring a CSRF even if you are posting data in JSON.
The counter part is that DRF extends the Django request in the APIView performing authentication, authorization, throttling and a few other things there. Note that the api_view decorator wraps an APIView around your function.
Therefore, with the decorator, you’ll have the DRF system active while without it simply won’t work.
Source:stackexchange.com