Skip to content

5monkeys/django-formapi

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 8 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
formapi
 
 
.gitignore
 
 
.pre-commit-config.yaml
 
 
.travis.yml
 
 
AUTHORS
 
 
LICENSE
 
 
MANIFEST.in
 
 
Makefile
 
 
README.rst
 
 
conftest.py
 
 
pytest.ini
 
 
run_tests.py
 
 
setup.cfg
 
 
setup.py
 
 
django-formapi Version compatibility Installation Usage Authentication Documentation

README.rst

django-formapi

Create JSON API:s with HMAC authentication and Django form-validation.

https://travis-ci.com/5monkeys/django-formapi.svg?branch=master https://coveralls.io/repos/github/5monkeys/django-formapi/badge.svg?branch=master

Version compatibility

See Travis-CI page for actual test results: https://travis-ci.com/5monkeys/django-formapi

Django 3.6
3.2 Yes

Installation

Install django-formapi in your python environment

$ pip install django-formapi

Add formapi to your INSTALLED_APPS setting.

INSTALLED_APPS = (
    ...,
    "formapi",
)

Add formapi.urls to your urls.py.

urlpatterns = [
    ...,
    url(r"^api/", include("formapi.urls")),
]

Usage

Go ahead and create a calls.py.

class DivisionCall(calls.APICall):
    """
    Returns the quotient of two integers
    """

    dividend = forms.FloatField()
    divisor = forms.FloatField()

    def action(self, test):
        dividend = self.cleaned_data.get("dividend")
        divisor = self.cleaned_data.get("divisor")
        return dividend / divisor


API.register(DivisionCall, "math", "divide", version="v1.0.0")

Just create a class like your regular Django Forms but inheriting from APICall. Define the fields that your API-call should receive. The action method is called when your fields have been validated and what is returned will be JSON-encoded as a response to the API-caller. The API.register call takes your APICall-class as first argument, the second argument is the namespace the API-call should reside in, the third argument is the name of your call and the fourth the version. This will result in an url in the form of api/[version]/[namespace]/[call_name]/ so we would get /api/v1.0.0/math/divide/.

A valid call with the parameters {'dividend': 5, 'divisor': 2} would result in this response:

{"errors": {}, "data": 5, "success": true}

An invalid call with the parameters {'dividend': "five", 'divisor': 2} would result in this response:

{"errors": {"dividend": ["Enter a number."]}, "data": false, "success": false}

Authentication

By default APICalls have HMAC-authentication turned on. Disable it by setting signed_requests = False on your APICall.

If not disabled users of the API will have to sign their calls. To do this they need a secret generate, create a APIKey through the django admin interface. On save a personal secret and key will be generated for the API-user.

To build a call signature for the DivisonCall create a querystring of the calls parameters sorted by the keys dividend=5&divisor=2. Create a HMAC using SHA1 hash function. Example in python:

import hmac
from hashlib import sha1

hmac_sign = hmac.new(secret, urllib2.quote("dividend=5&divisor=2"), sha1).hexdigest()

A signed request against DivisionCall would have the parameters {'dividend': 5, 'divisor': 2, 'key': generated_key, 'sign': hmac_sign}

Documentation

Visit /api/discover for a brief documentation of the registered API-calls.

About

Django API creation with signed requests utilizing forms for validation.

Resources

Readme

License

MIT license
Activity

Stars

34 stars

Watchers

5 watching

Forks

15 forks
Report repository

Releases 1

0.1.0 Latest
Jan 31, 2014

Packages

No packages published

Contributors 5

Languages