book

Django REST APIs Demystified: Simplifying API Development with Django

Name: Django REST APIs Demystified: Simplifying API Development with Django
Author: Ganeshkumar Patil
ISBN: 9798868818509

by Ganeshkumar Patil

October 2025

Intermediate to advanced

479 pages

8h 53m

English

Apress

Read now

Unlock full access

Django REST APIs Demystified
Introduction
Who This Book Is ForHow This Book Is StructuredWhat You Need to Know Before You Begin
Acknowledgments
Table of Contents
About the Author
About the Technical Reviewer
1. Introduction to APIs
Private APIPublic APIPartner APIRESTful APIs (Representational State Transfer)SOAP APIs (Simple Object Access Protocol)GraphQL APIsJSON-RPC and XML-RPC APIsWebSocket APIsgRPC APIs
2. REST API Concepts
Web APIsEndpointHTTP MethodsGET MethodPOST MethodPUT MethodPATCH MethodDELETE MethodOther MethodsHTTP RequestHTTP ResponseRequest Parameters
3. Project Configuration
EnvironmentProject OverviewProject Setup
4. Django REST Framework
Serialization and DeserializationViewsets and SerializersAuthentication and PermissionsURL Routing and View DispatchingRequest/Response HandlingPagination and FilteringContent NegotiationTesting and DocumentationWhy Django REST Framework

5. Postman
Why Use Postman?
6. Serializers and Views
Using Serializer FieldsPreparing for This ChapterCreate a SerializerViewsClass-Based ViewsFunction-Based ViewsImplement Class-Based View for the ProjectSerializer Advanced ConceptsNested SerializerRelational FieldsPrimaryKeyRelatedFieldStringRelatedFieldHyperlinkedRelatedFieldHyperlinkedIdentityFieldDifference Between HyperlinkedRelatedField and HyperlinkedIdentityFieldSlugRelatedFieldCreate a New ObjectSerializer ValidationField-Level ValidationObject-Level ValidationGet a Single ObjectUpdate an ObjectDelete an ObjectStatus CodeHTTP_100_CONTINUEHTTP_101_SWITCHING_PROTOCOLSHTTP_200_OKHTTP_201_CREATEDHTTP_202_ACCEPTEDHTTP_203_NON_AUTHORITATIVE_INFORMATIONHTTP_204_NO_CONTENTHTTP_205_RESET_CONTENTHTTP_206_PARTIAL_CONTENTHTTP_300_MULTIPLE_CHOICESHTTP_301_MOVED_PERMANENTLYHTTP_302_FOUNDHTTP_303_SEE_OTHERHTTP_304_NOT_MODIFIEDHTTP_305_USE_PROXYHTTP_306_RESERVEDHTTP_307_TEMPORARY_REDIRECTHTTP_308_PERMANENT_REDIRECTHTTP_400_BAD_REQUESTHTTP_401_UNAUTHORIZEDHTTP_402_PAYMENT_REQUIREDHTTP_403_FORBIDDENHTTP_404_NOT_FOUNDHTTP_405_METHOD_NOT_ALLOWEDHTTP_406_NOT_ACCEPTABLEHTTP_407_PROXY_AUTHENTICATION_REQUIREDHTTP_408_REQUEST_TIMEOUTHTTP_409_CONFLICTHTTP_410_GONEHTTP_411_LENGTH_REQUIREDHTTP_412_PRECONDITION_FAILEDHTTP_413_REQUEST_ENTITY_TOO_LARGEHTTP_414_REQUEST_URI_TOO_LONGHTTP_415_UNSUPPORTED_MEDIA_TYPEHTTP_416_REQUESTED_RANGE_NOT_SATISFIABLEHTTP_417_EXPECTATION_FAILEDHTTP_422_UNPROCESSABLE_ENTITYHTTP_423_LOCKEDHTTP_424_FAILED_DEPENDENCYHTTP_426_UPGRADE_REQUIREDHTTP_428_PRECONDITION_REQUIREDHTTP_429_TOO_MANY_REQUESTSHTTP_431_REQUEST_HEADER_FIELDS_TOO_LARGEHTTP_451_UNAVAILABLE_FOR_LEGAL_REASONSHTTP_500_INTERNAL_SERVER_ERRORHTTP_501_NOT_IMPLEMENTEDHTTP_502_BAD_GATEWAYHTTP_503_SERVICE_UNAVAILABLEHTTP_504_GATEWAY_TIMEOUTHTTP_505_HTTP_VERSION_NOT_SUPPORTEDHTTP_506_VARIANT_ALSO_NEGOTIATESHTTP_507_INSUFFICIENT_STORAGEHTTP_508_LOOP_DETECTEDHTTP_510_NOT_EXTENDEDHTTP_511_NETWORK_AUTHENTICATION_REQUIREDModelSerializerSpecifying Which Fields to IncludeSpecifying Nested SerializationSpecifying Fields ExplicitlySpecifying Read-Only FieldsAdditional Keyword ArgumentsCustomizing Field MappingsThe field_class and field_kwargs APIHyperlinkedModelSerializerListSerializerBaseSerializerAdvanced Serializer UsageSerializer ContextSource KeywordSerializers Initial DataGeneric ViewsGenericAPIViewAttributesMethodsOther MethodsMixinsUse of MixinsListModelMixinCreateModelMixinRetrieveModelMixinUpdateModelMixinDestroyModelMixinSave and Deletion HooksConcrete View ClassesCreateAPIViewListAPIViewRetrieveAPIViewDestroyAPIViewUpdateAPIViewListCreateAPIViewRetrieveUpdateAPIViewRetrieveDestroyAPIViewRetrieveUpdateDestroyAPIViewCustomizing the Generic ViewsCreating Custom MixinsCreating Custom Base Classes
7. ViewsSets and Routers
Preparing for This ChapterViewSetGenericViewSetModelViewSetReadOnlyModelViewSetRoutersRouting for Extra ActionsRouting Additional HTTP Methods for Extra ActionsCustom Routers
8. Validators
Validation in REST FrameworkUniqueValidatorUniqueTogetherValidatorUnique Date/Month/Year ValidatorWriting Custom ValidatorsPreparing for This Chapter
9. Authentication
How Authentication Is DeterminedSetting the Authentication SchemeUnauthorized and Forbidden ResponsesPreparing for This ChapterAPI ReferenceBasicAuthenticationTokenAuthenticationGenerating TokensBy Using SignalsBy Exposing an API EndpointWith Django AdminUsing the Django manage.py CommandSessionAuthenticationRemoteUserAuthenticationCustom AuthenticationWhen to Use Custom AuthenticationBenefits of Custom Authentication
10. Permissions
Default User PermissionsPermissions Without App Label (Global Permissions)Permissions with App Label (Model-Specific Permissions)How Permissions Are DeterminedView-Level Permission ChecksObject-Level Permission Checks (Optional)Permission Evaluation Key PointsPreparing for This ChapterSetting the Permission PolicyBuilt-In ClassesAllowAnyIsAuthenticatedIsAuthenticatedOrReadOnlyIsAdminUserDjangoModelPermissionsDjangoModelPermissionsOrAnonReadOnlyDjangoObjectPermissionsInstalling django-guardianUsing DjangoObjectPermissionsCustom PermissionsAccess Restriction Methods
11. Caching
Preparing for This ChapterView-Level CachingHow View-Level Caching WorksApplying the @cache_page Decorator1) Class-Based View Example2) Function-Based View ExampleLow-Level Caching (Custom Caching in Views or Functions)Limitations and ConsiderationsCache InvalidationDRF Cache Mixinsvary_on_headersAdditional Notesvary_on_cookieAdditional Notes
12. Throttling
Why Use Throttling?Types of Throttling in DRFAnonRateThrottleKey Features of AnonRateThrottleExample ScenarioUserRateThrottleKey Features of UserRateThrottleExample ScenarioScopedRateThrottleHow ScopedRateThrottle WorksExample ExplanationUse CasesPractical BenefitsPreparing for This ChapterHow Throttling Is DeterminedHow Clients Are IdentifiedSetting Up the CacheCache Back End in DRFExample of Custom Throttle Class with Custom CacheConfiguring the Cache in settings.pySetting Up Throttling in DRFCustom ThrottlingExplanation of the MethodsA Note on ConcurrencyGuaranteeing the Number of RequestsExample of a More Robust Custom Throttle
13. Filtering, Searching, and Ordering
Preparing for This ChapterFiltering Against the Current UserFiltering Against the URLFiltering Against Query ParametersGeneric FilteringOverriding the Initial querysetAPI GuideDjangoFilterBackendHow DjangoFilterBackend WorksSearchFilterHow the SearchFilter WorksDefault Search BehaviorPrefixing Field Names to Modify Search BehaviorOverriding the Default Search ParameterDynamically Changing Search FieldsOrderingFilterHow OrderingFilter WorksSpecifying Which Fields May Be Ordered AgainstSpecifying a Default OrderingCustom Generic FilteringCustomizing the Interface
14. Pagination
Why Use Pagination?How Pagination Works in DRFPreparing for This ChapterDefault Pagination Classes in DRFPageNumberPaginationConfigure Global Pagination Settingsdjango_paginator_classpage_sizepage_query_parammax_page_sizelast_page_stringsTemplateLimitOffsetPaginationSetup: Enabling LimitOffsetPagination GloballyPer-View Configurationdefault_limitlimit_query_paramoffset_query_parammax_limitTemplateCursorPaginationDetails and LimitationsSet Up: Global ConfigurationSet Up: Per-View Configurationpage_sizecursor_query_paramOrderingTemplateCustom Pagination Styles
15. Versioning
Versioning with REST FrameworkConfiguring the Versioning SchemeGlobal ConfigurationPer-View ConfigurationCustomizing the Versioning ClassPreparing for This ChapterTypes of API VersioningURLPathVersioningNamespaceVersioningHow URLs Work with NamespaceVersioningNamespaceVersioning vs. URLPathVersioningQueryParameterVersioningAcceptHeaderVersioningHostNameVersioningCustom Versioning Schemes
16. Testing
Preparing for This ChapterAPIRequestFactoryFormat ArgumentPUT and PATCH with Form DataForcing AuthenticationCSRF ValidationAPIClientlogin()credentials(**kwargs)APIRequestFactory vs. APIClientUsing factory_boyMocking External DependenciesHow to Use PatchRequestsClientHeaders and AuthenticationCSRF HandlingWhen to UseCoreAPIClientHeaders and AuthenticationCSRF Tokens (Session Authentication)Dynamic DiscoveryComparison with RequestsClientWhen to Use
17. Documenting APIs
Preparing for This Chapterdrf-spectacularCustomization by Using @extend_schemadrf-yasg
Index

Content preview from Django REST APIs Demystified: Simplifying API Development with Django

G. PatilDjango REST APIs Demystifiedhttps://doi.org/10.1007/979-8-8688-1850-9_10

10. Permissions

Ganeshkumar Patil¹

In Django Rest Framework (DRF), permissions are a way to control access to views or APIs based on specific rules. Permissions definewho is allowed to perform certain actions (like viewing, editing, or deleting data) and are a key part of DRF’s security system. Permissions are checked after authentication, so the request must already include valid credentials. Permissions are applied to a view or a viewset to determine if a particular user (or request) has the right to interact with the resource. If the user doesn’t have the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Build REST APIs with Django REST Framework and Python

Publisher Resources

ISBN: 9798868818509Purchase Link Publisher Website

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Django REST APIs Demystified: Simplifying API Development with Django

by Ganeshkumar Patil

10. Permissions

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.