We pretty much done with creating django, the final thing to add is to create an API. Because why not.

First some setup

In [None]:
pip install djangorestframework

Django rest framework work on a few level, you have a serializer which transform data from using models. Then views to output to json, and other format. Then url config.

First let's create a new app to make things clean

In [None]:
python manage.py startapp blog_api

I leave the installation of app in INSTALLED_APP as an exercise. While we are at this, add 'rest_framework' too. 

So let's start with serializer, create blog_api/serializers.py

In [None]:
from blog.models import BlogPost
from rest_framework import serializers


class BlogPostSerializer(serializers.Serializer):
    title = serializers.CharField()
    content = serializers.CharField()
    
    def create(self, validated_data):
        blog_post = BlogPost()
        blog_post.title = validated_data["title"]
        blog_post.content = validated_data["content"]
        
        blog_post.save()
        return blog_post
    
    def update(self, instance, validated_data):
        instance.title = validated_data.get("title", instance.title)
        instance.content = validated_data.get("content", instance.content)
        instance.save()
        
        return instance

Or you can do it like

In [None]:
from blog.models import BlogPost
from rest_framework import serializers


class BlogPostSerializer(serializers.ModelSerializer):
    class Meta:
        model = BlogPost
        fields = ['id', 'title', 'content']
        extra_kwargs = {'id': {'read_only': False, 'required': False}}

Now we create view in blog_api/views. You can do a usual view, then you need to do a lot of setup, like making sure data is outputted to json, parse request with jsonparser, make sure views are exempted from csrf validation etc. We are lazy, let's do an API views that do everything for us.

In [None]:
from blog.models import BlogPost
from blog_api.serializers import BlogPostSerializer
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from django.http import Http404


class BlogPostListView(APIView):
    def get(self, request, format=None):
        blog_post = BlogPost.objects.all()
        serializer = BlogPostSerializer(blog_post, many=True)
        return Response(serializer.data)
    
    def post(self, request, format=None):
        
        serializer = BlogPostSerializer(data=request.data)
        if serializer.is_valid():
            serializer.save()
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)


class BlogPostDetailView(APIView):
    
    def get_object(self, pk):
        try:
            return BlogPost.objects.get(pk=pk)
        except Snippet.DoesNotExist:
            raise Http404

    def get(self, request, pk, format=None):
        blog_post = self.get_object(pk)
        serializer = BlogPostSerializer(blog_post)
        return Response(serializer.data, status=status.HTTP_200_OK)

    def put(self, request, pk, format=None):
        blog_post = self.get_object(pk)
        serializer = BlogPostSerializer(blog_post, data=request.data)
        if serializer.is_valid():
            serializer.save()
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
    
    def delete(self, request, pk, format=None):
        blog_post = self.get_object(pk)
        blog_post.delete()
        return Response(satatus=status.HTTP_204_NO_CONTENT)
        
            

Now we need to create the urls. First create urls in blog_api/urls.py


In [None]:
from django.conf.urls import url
from rest_framework.urlpatterns import format_suffix_patterns
from blog_api.views import BlogPostListView
from blog_api.views import BlogPostDetailView

urlpatterns = [
    url(r'^blog/$', BlogPostListView.as_view(), name="blog-api-list-view"),
    url(r'^blog/(?P<pk>[0-9]+)/$', BlogPostDetailView.as_view(), name="blog-api-detail-view"),
]

urlpatterns = format_suffix_patterns(urlpatterns)

Then add to project_name/urls.py

In [None]:
from django.conf.urls import url
from django.conf.urls import include
from django.contrib import admin
from django.contrib.auth import views as auth_views


urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^accounts/', include('registration.backends.simple.urls')),
    url(r'^api/', include('blog_api.urls')),
    url(r"", include("blog.urls")),
]


To test this you need a client. I like advanced rest client, choose one. It make live easy

As usual if you operation is standard create, update, delete there is shortcut that we can use in blog_api/views.py

In [None]:
from blog.models import BlogPost
from blog_api.serializers import BlogPostSerializer
from rest_framework import generics



class BlogPostListView(generics.ListCreateAPIView):
    queryset = BlogPost.objects.all()
    serializer_class = BlogPostSerializer


class BlogPostDetailView(generics.RetrieveUpdateDestroyAPIView):
    queryset = BlogPost.objects.all()
    serializer_class = BlogPostSerializer


Let's setup user auth. I don't want to support username and password in API. It is a bad idea anyway. So I am jumping straight to api token

As usual there is setup, first add 'rest_framework.authtoken'. Then run 

In [None]:
python manage.py migrate

Now generate some token. Do it in python shell for now

In [None]:
from rest_framework.authtoken.models import Token
from django.contrib.auth.models import User

users = User.objects.all()
for user in users:
    token = Token.objects.create(user=user)
    


To ensure that user token are created everytime user is created. I need to introduce a thing called signal. A is something that send out when an action is done, not all action though. Action that will send a signal is database update, create, delete. Those will have signals, you can define your own too. But it is too complex in this course. For now lets create blog_api/signals/ directory

In [None]:
mkdir blog_api/signals/
echo "__author__='yourname'" > blog_api/signals/__init__.py

now create blog_api/signals/handlers.py

In [None]:
from rest_framework.authtoken.models import Token
from django.contrib.auth.models import user

@receiver(post_save, sender=User)
def create_auth_token(sender, instance=None, created=False, raw=False, **kwargs):
    if created and not raw:
        Token.objects.create(user=instance)

Add login views in project_name/urls.py

In [None]:
# .. something here
from rest_framework.authtoken import views



urlpatterns = [
    url(r'^api-token-auth/', views.obtain_auth_token),
    # ... something here
]


Add this toward the bottom for project_name/settings.py

In [None]:
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticatedOrReadOnly',
    ),

}



Now we set policy in views, technically you don't need it. But sometime you want to use some default views. so 

In [None]:
from blog.models import BlogPost
from blog_api.serializers import BlogPostSerializer
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from django.http import Http404
from rest_framework import generics
from rest_framework.permissions import IsAuthenticatedOrReadOnly


class BlogPostListView(generics.ListCreateAPIView):
    permission_classes = ( IsAuthenticatedOrReadOnly, )
    queryset = BlogPost.objects.all()
    serializer_class = BlogPostSerializer


class BlogPostDetailView(generics.RetrieveUpdateDestroyAPIView):
    permission_classes = ( IsAuthenticatedOrReadOnly, )
    queryset = BlogPost.objects.all()
    serializer_class = BlogPostSerializer


To authenticate yourself, you need to pass the authorized header, for example in curl

In [None]:
curl -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b" localhost:8000/api/blog/