Django REST framework is a library on top of Django that makes it even easier to build APIs by reducing the amount of boilerplate you need to write. You can write code as simple as:
from snippets.models import Snippet from snippets.serializers import SnippetSerializer from rest_framework import generics class SnippetList(generics.ListCreateAPIView): queryset = Snippet.objects.all() serializer_class = SnippetSerializer class SnippetDetail(generics.RetrieveUpdateDestroyAPIView): queryset = Snippet.objects.all() serializer_class = SnippetSerializer
and automatically get paginated list APIs, full CRUD APIs, validation logic, serialization to multiple formats, database migrations for the underlying "Snippet", and more.
With PropelAuth's Django REST framework support, you can add a few additional lines of code:
auth = init_auth("YOUR_AUTH_URL", "YOUR_API_KEY") class SnippetList(generics.ListCreateAPIView): queryset = Snippet.objects.all() serializer_class = SnippetSerializer permission_classes = [auth.IsUserInOrg(minimum_required_role=UserRole.Admin)]
and this will automatically make sure that your APIs can only be reached by valid users that have at least an Admin role within their organization. By default, we look for an org_id query parameter, but you can configure that to check for path parameters or anything else you can find on the request.
PropelAuth hosts the rest of the authentication on your behalf, including organization management and RBAC, meaning your users can sign up, invite their coworkers, and manage roles within their organization. All you have to do is add our permissions to your views and the rest is taken care of for you.
You can see a full reference for our Django REST framework integration here or you can follow our getting started guide which includes how to configure additional features like SSO, magic links, and how to create a frontend to make requests to your backend.