Discussion:
Authentication for Anonymous users
Musharaf Baig
2018-04-19 19:43:57 UTC
Permalink
I *do not* have register/login mechanism for the users.

I need two types of authentication:

1.

To make it available I would like to let the user use it for free with a
limited number of call s or time

- for example after the API is called 50 times, I would like that the token
expires. An alternative solution is that the token should expire in 2
days.

2) An authentication with a key that does not expire at all.

Is it possible? Need suggestions. Thanks
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jani Tiainen
2018-04-20 10:36:40 UTC
Permalink
Hi,

1) How you control that user (without login) has expire his/her number/time
on your site?

2) Have users (internal, even you don't have registration or login) that
you assign permanent token and use it as an auth. Django Rest Framework
supports it out of the box.
Post by Musharaf Baig
I *do not* have register/login mechanism for the users.
1.
To make it available I would like to let the user use it for free with
a limited number of call s or time
- for example after the API is called 50 times, I would like that the
token expires. An alternative solution is that the token should expire in
2 days.
2) An authentication with a key that does not expire at all.
Is it possible? Need suggestions. Thanks
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen

- Well planned is half done, and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Musharaf Baig
2018-04-20 12:23:06 UTC
Permalink
Can we make authentication on User-Agent coming in request?
Post by Jani Tiainen
Hi,
1) How you control that user (without login) has expire his/her
number/time on your site?
2) Have users (internal, even you don't have registration or login) that
you assign permanent token and use it as an auth. Django Rest Framework
supports it out of the box.
Post by Musharaf Baig
I *do not* have register/login mechanism for the users.
1.
To make it available I would like to let the user use it for free
with a limited number of call s or time
- for example after the API is called 50 times, I would like that the
token expires. An alternative solution is that the token should expire in
2 days.
2) An authentication with a key that does not expire at all.
Is it possible? Need suggestions. Thanks
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an
.
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen
- Well planned is half done, and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jani Tiainen
2018-04-20 12:30:05 UTC
Permalink
Hi,

Sure you could but use would be that? It's just a string describing user
agent. And it may be a lie.

You do have a few options here:

Simplest is that you really don't care about "anonymous" access or it's
usage limits. You may impose some throttling to avoid hammering of your
service.

Another option is to use a long term session to store number of accesses
and don't care about people who reset their sessions.

Finally you can make people to login with some "simple" authorization
mechanism like social site logins.
Post by Musharaf Baig
Can we make authentication on User-Agent coming in request?
Post by Jani Tiainen
Hi,
1) How you control that user (without login) has expire his/her
number/time on your site?
2) Have users (internal, even you don't have registration or login) that
you assign permanent token and use it as an auth. Django Rest Framework
supports it out of the box.
Post by Musharaf Baig
I *do not* have register/login mechanism for the users.
1.
To make it available I would like to let the user use it for free
with a limited number of call s or time
- for example after the API is called 50 times, I would like that the
token expires. An alternative solution is that the token should expire in
2 days.
2) An authentication with a key that does not expire at all.
Is it possible? Need suggestions. Thanks
--
You received this message because you are subscribed to the Google
Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen
- Well planned is half done, and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen

- Well planned is half done, and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Musharaf Baig
2018-04-20 12:31:23 UTC
Permalink
Hi Jani.

Thanks a lot !


Best wishes,

— Mirza Musharaf Baig
— Linkedin: https://www.linkedin.com/in/musharafbaig715
Post by Jani Tiainen
Hi,
Sure you could but use would be that? It's just a string describing user
agent. And it may be a lie.
Simplest is that you really don't care about "anonymous" access or it's
usage limits. You may impose some throttling to avoid hammering of your
service.
Another option is to use a long term session to store number of accesses
and don't care about people who reset their sessions.
Finally you can make people to login with some "simple" authorization
mechanism like social site logins.
Post by Musharaf Baig
Can we make authentication on User-Agent coming in request?
Post by Jani Tiainen
Hi,
1) How you control that user (without login) has expire his/her
number/time on your site?
2) Have users (internal, even you don't have registration or login) that
you assign permanent token and use it as an auth. Django Rest Framework
supports it out of the box.
Post by Musharaf Baig
I *do not* have register/login mechanism for the users.
1.
To make it available I would like to let the user use it for free
with a limited number of call s or time
- for example after the API is called 50 times, I would like that the
token expires. An alternative solution is that the token should expire in
2 days.
2) An authentication with a key that does not expire at all.
Is it possible? Need suggestions. Thanks
--
You received this message because you are subscribed to the Google
Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen
- Well planned is half done, and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen
- Well planned is half done, and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...