A simple blog-style REST API built with Django REST Framework and JWT auth.
Users can register, get a token, and create posts.
Only the author of a post can update or delete it.
- JWT auth (access / refresh tokens)
- Register new users via API (
/api/register/) - Login to get JWT (
/api/token/) - Refresh token (
/api/token/refresh/) - CRUD for posts (
/api/posts/) - Only the owner can edit/delete their post
- Read-only access (GET) allowed without auth
- Admin panel at
/admin/
Register
POST /api/register/
{
"username": "testuser",
"password": "Testpass123!"
}
POST /api/token/
{
"username": "testuser",
"password": "Testpass123!"
}
{
"refresh": "<refresh_token>",
"access": "<access_token>"
}
POST /api/token/refresh/
{
"refresh": "<refresh_token>"
}
GET /api/posts/
POST /api/posts/
{
"title": "My first post",
"body": "Hello API world"
}
Tech stack
Python 3.11
Django 5
Django REST Framework
djangorestframework-simplejwt (JWT auth)
SQLite (local dev DB)
config/
settings.py # REST_FRAMEWORK, JWT auth, installed apps
urls.py # routes /api/
posts/
models.py # Post model
serializers.py # PostSerializer
permissions.py # IsOwnerOrReadOnly
views.py # PostViewSet + register_user
urls.py # /api/posts/, /api/token/, /api/register/
manage.py # Django entry point
db.sqlite3 # local DB (dev)
RUN LOCALLY
python -m venv venv
venv\Scripts\activate
pip install -r requirements.txt
python manage.py migrate
python manage.py createsuperuser
python manage.py runserver
Then:
API browser: http://127.0.0.1:8000/api/
Admin: http://127.0.0.1:8000/admin/