I think oauth solves this problem well. What do you see wrong with it? Malcolm
Sent from my iPhone, please excuse any typos On 14 Jun 2011, at 16:35, Stuart MacKay <[email protected]> wrote: > Neznez, > > The authentication problem is one that has never really been solved to any > general level of satisfaction for REST APIs, since the connection should be > stateless. For HTTP authentication there is either HTTPS + Basic or Digest. > HTTPS + Basic considered to be the easiest to implement and the most secure > but running a server with SSL is not the most trivial of tasks and there are > issues for clients and the problems of managing certificates, etc. etc. > > For a Java based REST API I used the scheme used by Amazon web services where > the request is signed using a secret key and then authenticated on the server > which worked rather well and was resistant against lots of different types of > attack. You can find out more at > http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html. > However I am not sure what level of support you can find in django. > > Stuart > >> Hi all, I'm newbie in Django, and I started to build my own API. I >> know that there is Piston or Django REST framework, but I want to >> learn API from scratch. What I want to know is, how to make my HTTP >> Response (View) is perform authentication before can be accessed, or >> we can make it have to throw username and password to access the HTTP >> Response? >> >> My code is very simple, like this one: >> def test_api_view(request, whatever): >> # >> # do things >> # >> return HttpResponse(serializers.serialize("json", mydictionary), >> mimetype='application/json') >> >> Thank you. >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
