A REST API is needed to Connect a Django project to other clients. We will be using the our pre-exsisting Django Project eCommerce 2 to build our REST API off of.
Examples of other clients that might need your API:
-
Native Mobile Applications: - iOS - Andriod - Windows Mobile - Phonegap (with a mix of a javascript framework)
-
Desktop platforms: - Mac OS X - Windows - Linux
-
Front-end (client side) Frameworks: - Angular.js - Ember.js - Backbone.js
-
Whatever comes next
Package Docs: Django Rest Framework Quick Installation:
-
pip install djangorestframework
-
Add
'rest_framework'
toINSTALLED_APPS
in your Django Settings. -
Run
django-admin migrate
JSON Web Tokens allow for Authentication in API-based requests. It allows authentication to be simple, secure, and in compliance.
Installation: pip install djangorestframework-jwt
Package Docs: Django REST framework JWT
Enabling CORS will allow your web application to connect to an external client or website. Learn more about CORS on Wikipedia.
Package Docs: Django CORS headers Quick Installation:
-
pip install django-cors-headers
-
Add
'corsheaders'
toINSTALLED_APPS
in your Django settings -
Add/Update the following to your Django Settings:
MIDDLEWARE_CLASSES = (
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
)
The
...
above represents other possible pre-existing MIDDLEWARE_CLASSES. You just need to ensure'corsheaders.middleware.CorsMiddleware',
is above'django.middleware.common.CommonMiddleware',
CORS_ORIGIN_WHITELIST = (
#'*', # for all domains; good for local testing.
'yourdomain.com' for your domain
)
CORS_ORIGIN_WHITELIST
is a list of origin hostnames that are authorized to make a cross-site HTTP request.
Also consider adding:
CORS_URLS_REGEX = r'^/api/.*$'
The
CORS_URLS_REGEX
configuration setting is a regular expression that will enable the URL pattern that matches the one you set in combination to yourCORS_ORIGIN_WHITELIST
so, in this case, we have enable onlyyourdomain.com/api/
for cross-origin requests.
Read more of many configuration options here including CORS_ALLOW_METHODS
for overriding the default HTTP methods allowed.