Authentication for Anonymous users

25 views
Skip to first unread message

Musharaf Baig

unread,
Apr 19, 2018, 3:43:57 PM4/19/18
to Django REST framework

I do not have register/login mechanism for the users.

I need two types of authentication:

  1. To make it available I would like to let the user use it for free with a limited number of call s or time

- for example after the API is called 50 times, I would like that the token expires. An alternative solution is that  the token should expire in 2 days.

2) An authentication with a key that does not expire at all.

Is it possible? Need suggestions. Thanks


Jani Tiainen

unread,
Apr 20, 2018, 6:36:45 AM4/20/18
to django-res...@googlegroups.com
Hi,

1) How you control that user (without login) has expire his/her number/time on your site?

2) Have users (internal, even you don't have registration or login) that you assign permanent token and use it as an auth. Django Rest Framework supports it out of the box.

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Jani Tiainen

- Well planned is half done, and a half done has been sufficient before...

Musharaf Baig

unread,
Apr 20, 2018, 8:23:07 AM4/20/18
to Django REST framework
Can we make authentication on User-Agent coming in request?

Jani Tiainen

unread,
Apr 20, 2018, 8:30:09 AM4/20/18
to django-res...@googlegroups.com
Hi,

Sure you could but use would be that? It's just a string describing user agent. And it may be a lie.

You do have a few options here:

Simplest is that you really don't care about "anonymous" access or it's usage limits. You may impose some throttling to avoid hammering of your service.

Another option is to use a long term session to store number of accesses and don't care about people who reset their sessions.

Finally you can make people to login with some "simple" authorization mechanism like social site logins.


On Fri, Apr 20, 2018 at 3:23 PM, Musharaf Baig <musha...@gmail.com> wrote:
Can we make authentication on User-Agent coming in request?

On Friday, April 20, 2018 at 3:36:45 PM UTC+5, Jani Tiainen wrote:
Hi,

1) How you control that user (without login) has expire his/her number/time on your site?

2) Have users (internal, even you don't have registration or login) that you assign permanent token and use it as an auth. Django Rest Framework supports it out of the box.
On Thu, Apr 19, 2018 at 10:43 PM, Musharaf Baig <musha...@gmail.com> wrote:

I do not have register/login mechanism for the users.

I need two types of authentication:

  1. To make it available I would like to let the user use it for free with a limited number of call s or time

- for example after the API is called 50 times, I would like that the token expires. An alternative solution is that  the token should expire in 2 days.

2) An authentication with a key that does not expire at all.

Is it possible? Need suggestions. Thanks


--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscri...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
Jani Tiainen

- Well planned is half done, and a half done has been sufficient before...

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Musharaf Baig

unread,
Apr 20, 2018, 8:31:27 AM4/20/18
to django-res...@googlegroups.com
Hi Jani.

Thanks a lot !


Best wishes,

 — Mirza Musharaf Baig
Reply all
Reply to author
Forward
0 new messages