DRF Simple API Key

Permissions

Using permission classes for API key authorization

Permissions or authorization in Django are used to make sure the entity making the request has the right to read/write the resource. By default, entity classes are set to django.contrib.auth.User. We also provide a permission class, which by default ensures that only active entities users have permission to read/write the resource.

class IsActiveEntity(BasePermission):
    """
    A base permission that only checks if the entity (by default, the Django user) is
    active or not.
    """

    message = "Entity is not active."

    def has_permission(self, request: HttpRequest, view: typing.Any) -> bool:

        return request.user.is_active

    def has_object_permission(
        self, request: HttpRequest, view: typing.Any, obj
    ) -> bool:

        return request.user.is_active

You can then call use this class in your view 👇

from drf_simple_apikey.permissions import IsActiveEntity

class YourViewSet(viewsets.ViewSet):
    ...
    authentication_classes = (APIKeyAuthentication, )
    permission_classes = (IsActiveEntity, )

Feel free to read the code of the permission class at https://github.com/koladev32/drf-simple-apikey/blob/main/drf_simple_apikey/permissions.py.

Authentication

Using the APIKeyAuthentication backend for API key authentication

Customizing API Key Model

How to create a custom API key model for your entity