# Authentication

> Authentication


- skip_showdoc: true
- skip_exec: true



## Choose Authentication Methods

DRF supports various authentication methods out of the box. You can choose one or more depending on your project's requirements:

- Session Authentication: Similar to Django's default authentication, it uses Django's session framework and CSRF protection.

- Token Authentication: Provides a token-based authentication mechanism where clients include an API token in the request headers.

- Basic Authentication: Uses HTTP Basic Authentication where the username and password are sent as Base64-encoded strings in the request headers.

- Token Authentication: Uses a token-based authentication where clients include an API token in the request headers.

## Configure Settings

```python
# settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',  # Use session authentication
        'rest_framework.authentication.TokenAuthentication',    # Use token authentication
        # Add other authentication classes as needed
    ],
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',  # Ensure authenticated users have access
    ],
}
```

## Implement Authentication

### Session Authentication

> For session authentication, ensure you have 'rest_framework.authentication.SessionAuthentication' in your DEFAULT_AUTHENTICATION_CLASSES. This relies on Django's session framework and requires users to log in via the web interface or obtain a session cookie through a login view.

### Token Authentication

For token authentication:

- Generate Tokens: Use Django's Token model to generate tokens for users. You can create tokens manually via Django admin or automatically when a user is created.

- Include Token in Requests: Clients must include the token in the Authorization header of API requests:

```sh
Authorization: Token <your_token_key>
```

DRF provides a built-in view (ObtainAuthToken) to obtain tokens via POST requests to /api/token/.

## Set Up Views and Permissions

### Views

> Define views using DRF's APIView, ViewSet, or @api_view decorator, and apply authentication requirements:

```python
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticated

class ExampleView(APIView):
    permission_classes = [IsAuthenticated]  # Requires authenticated access

    def get(self, request):
        content = {'message': 'Hello, World!'}
        return Response(content)
```