6👍
Throttling, as provided by DRF, is very different to Authentication, which is the focus of Django Axes.
In DRF you can allow access to your resource (say a database) for a defined amount of times (i.e. 100 database lookups) in a given period (lets say a day), so they are throttled to that amount/period, here 100/day. In some use-cases the user need not even identify themselves necessarily to avail of your service, there is no authentication involved -here you look at the IP of the users system as a key to throttle the users activity. Yes you can run throttling in conjunction with authentication in DRF, but one does not require the other.
Whereas in Axes you are primarily concerned with having the user prove his identity (authentication) through the login process. You can also instruct Axes to deny a repeat-failing user the opportunity to authenticate, i.e. if you fail to login correctly for 10 attempts you are now banned from logging in for the next 5 minutes. So typically a non authenticated user will never avail of your service and a repeat authenticate-failing attempts will result in that IP being denied the opportunity to authenticate for an extended time period. The emphasis with Axes tends to be on determining why a user failed to authenticate and by which means they gained access to the system. For example from the Axes reports, you can determine how many users logged in that day using the link emailed to them from the registration page. Or which users logged in using facebook, and also how many users failed to login (IP, username or email for example).
Furthermore, DRF is in effect an add-on to "regular django", and thus it´s throttling and authentication are tailored to the API service that it performs. Your users using an API are in general not likely to authenticate manually to the API but rather using some token (JWT,csrf) . Django Axes is also an add-on to regular django and typically services the needs of a typical web site with authenticating users. You can use both services, DRF and Axes on the one django platform, they work well together and do not clash.
0👍
As far as I know, those libraries you mentioned all do the same thing (with a few differences between them). You can choose the one which best suits your needs.
If you are using DRF, then you don’t need an aditional library (axes, ratelimit, etc.) because DRF already has the throttling functionality build in.
- [Django]-How to avoid django "clashes with related m2m field" error?
- [Django]-How do I specify order of fields in Django form?
- [Django]-Using Django with MySQL for storing and looking up Large DNA Microarray Results