# 1. Introduction to Token Authentication

Token Authentication is a stateless, secure method for authenticating users in APIs. Instead of sending username/password on every request, the client sends a token.

Django REST Framework provides a built-in system using `rest_framework.authtoken`.

# 2. How to Generate Token

### Step-by-Step Setup:
```
python manage.py drf_create_token <username>
```

### Install DRF and authtoken:
```bash
pip install djangorestframework
```

### Update `settings.py`:
```python
INSTALLED_APPS = [
    ...
    'rest_framework',
    'rest_framework.authtoken',
]
```

### Run migration:
```bash
python manage.py migrate
```

# 3. Generate Token using Admin Application

### In `admin.py`:
```python
from rest_framework.authtoken.models import Token
from django.contrib import admin

admin.site.register(Token)
```

### Run:
```bash
python manage.py createsuperuser
```

Log into `/admin`, go to **Tokens**, and manually add or view tokens for users.

# 4. Generate Token using Command Line

### Run:
```bash
python manage.py shell
```
```python
from django.contrib.auth.models import User
from rest_framework.authtoken.models import Token

user = User.objects.get(username='your_username')
token, created = Token.objects.get_or_create(user=user)
print(token.key)
```

# 5. Generate Token via API Endpoint (Client Request)

### In `urls.py`:
```python
from rest_framework.authtoken.views import obtain_auth_token

urlpatterns = [
    ...
    path('api-token-auth/', obtain_auth_token),
]
```

### Client sends POST request:
```bash
http POST http://127.0.0.1:8000/api-token-auth/ username=admin password=admin123
```
### Response:
```json
{
  "token": "abc123tokenkey"
}
```

# 6. Generate Token using Signals (Auto-create on User Registration)

### In `signals.py`:
```python
from django.conf import settings
from django.db.models.signals import post_save
from django.dispatch import receiver
from rest_framework.authtoken.models import Token

@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
    if created:
        Token.objects.create(user=instance)
```

### In `apps.py`:
```python
def ready(self):
    import your_app.signals
```

# 7. Permission Classes

### Restrict access to authenticated users:
```python
from rest_framework.permissions import IsAuthenticated
from rest_framework.views import APIView
from rest_framework.response import Response

class ProtectedView(APIView):
    permission_classes = [IsAuthenticated]

    def get(self, request):
        return Response({'message': 'Hello, Authenticated User!'})
```

# 8. httpie (API Testing CLI)

### Install:
```bash
pip install httpie
```

### Test API:
```bash
http POST http://127.0.0.1:8000/api-token-auth/ username=admin password=admin123
http GET http://127.0.0.1:8000/protected-endpoint/ "Authorization: Token your_token"
```

# 9. How to Use Token Authentication (Client Side)

### On each request after login:

Add token in header:
```
Authorization: Token your_token
```

### Example with Python requests:
```python
import requests

headers = {
    'Authorization': 'Token your_token_here'
}
response = requests.get('http://127.0.0.1:8000/protected-endpoint/', headers=headers)
print(response.json())
```

# Summary

| Feature                | Tool Used                    |
|------------------------|------------------------------|
| Token Creation (manual)| Django Admin / Shell         |
| Token Creation (auto)  | Signals                      |
| Token Retrieval (client)| `api-token-auth/` endpoint  |
| Token Usage            | Authorization header         |
| Test Tokens            | httpie / curl / Postman      |
| Permission Check       | IsAuthenticated in views     |

# Extra Examples

```bash
http GET http://127.0.0.1:8000/studentapi/

http GET http://127.0.0.1:8000/studentapi/ 'Authorization:Token nsknjknakbxs121m12nl3n'

http -f POST http://127.0.0.1:8000/studentapi/ name="Subhan" age=100 email="my-email@gmail.com" 'Authorization:Token nsknjknakbxs121m12nl3n'
```