I\'m using postman to check json response from my django-rest-framework.
When my first try to post id, email, password through POST method to my django on AWS(amazon web
For me the solution was to add the X-CSRFToken
header in Postman (gotten from initial login response in browser)
see https://stackoverflow.com/a/26639895/8133649
Just in case it may be useful for somebody, I was facing the same problem with Postman. I was asked to include a CSRF on every request after getting a token for the first time so I realized that I had Session and Token authentication methods enabled so I commented out the SessionAuthentication line (of course, you could remove it as well)
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
# 'rest_framework.authentication.SessionAuthentication',
]
After that, I was able to request a token by using only my credentials without including any CSRF code:
I think that the fact of having those two auth classes activated was causing Django to muddle up somehow.
Your api need CSRF token, you have to add CSRF token to the request(and postman):
data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }
You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.
You can either use csrfmiddlewaretoken: csrf_token
, in your json data where csrf_token is a valid token, but in a situation where including it you are unable to provide a correct token, comment or remove SessionAuthentication
as below.
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
# 'rest_framework.authentication.SessionAuthentication',
]
In settings.py file
INSTALLED_APPS = [
...
...
...
...
'rest_framework.authtoken',
...
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
}
in project urls.py
from rest_framework.authtoken import views
urlpatterns = [
....
path('api-token-auth/',views.obtain_auth_token,name='api-token-auth')
]
Open terminal as
$ pip3 install httpie
$ python3 manage.py createsuperuser # if not created
$ http POST http://localhost:8000/api-token-auth/ username="username" password = "password" # You will get token key (Just copy it) ex:a243re43fdeg7r4rfgedwe89320
You token key will be also automatically saved in your databases
Go to postman header (like in example) Ex: screenshot from postman ,where and how to paste accessed toke Then insert you token key.
reference to get token key from this video
i changed request method from post to patch and i could login