1π
To open up the API on non-authenticated users, you need to give it an empty list on authentication_classes:
from rest_framework.decorators import api_view, authentication_classes, permission_classes
@api_view(['GET'])
@authentication_classes([]) # Add this
@permission_classes([]) # Maybe add this too
def getProducts(request):
query = request.query_params.get('keyword')
if query is None:
query = ''
products = Product.objects.filter(
name__icontains=query)
serializer = ProductSerializer(products, many=True)
return Response(serializer.data)
2π
This thread is 1 year old but I was facing the same problem and I cannot have unauthorized access to my backend.
The issue with the configuration/usage is here:
'AUTH_HEADER_TYPES': ('JWT',),
When using this configuration, the Authorization header must be set with "JWT" instead of "Bearer".
For example, change:
"Authorization: Bearer <JWT token>"
to:
"Authorization: JWT <JWT token>"
Another option is to modify the settings file to the following configuration and use the regular Bearer Authorization header:
'AUTH_HEADER_TYPES': ('Bearer',),
I recommend the last option, as it is the most standard one.
1π
Did you add tokens in your headers?. if you have added then the access token must have expired so you can get a new access token from the refresh token
Add token in headers like Bearer token.
- [Django]-"Error while running '$ python manage.py collectstatic βnoinput'" after changing database on django
- [Django]-Fixture not found pytest
- [Django]-Error in db with modeltranslation in django