HomeDjango in 5 DaysDay 4
Day 4 of 5
⏱ ~60 minutes
Django in 5 Days — Day 4

REST API with Django REST Framework

Add an API layer to your Django app. Serializers convert models to JSON, ViewSets provide CRUD endpoints, and TokenAuth secures them.

Installing DRF

Terminal
pip install djangorestframework
# Add to INSTALLED_APPS: 'rest_framework'
blog/serializers.py
from rest_framework import serializers
from .models import Post

class PostSerializer(serializers.ModelSerializer):
    author_name = serializers.CharField(source='author.username', read_only=True)

    class Meta:
        model = Post
        fields = ['id', 'title', 'slug', 'body', 'author_name', 'created_at', 'published']
        read_only_fields = ['slug', 'created_at']
blog/views.py — ViewSet
from rest_framework import viewsets, permissions
from .models import Post
from .serializers import PostSerializer

class PostViewSet(viewsets.ModelViewSet):
    queryset = Post.objects.filter(published=True)
    serializer_class = PostSerializer
    permission_classes = [permissions.IsAuthenticatedOrReadOnly]

    def perform_create(self, serializer):
        serializer.save(author=self.request.user)
blog/urls.py — Router
from rest_framework.routers import DefaultRouter
from . import views

router = DefaultRouter()
router.register('posts', views.PostViewSet)

urlpatterns = router.urls
# Registers: GET /posts/, POST /posts/, GET /posts/{id}/, PUT, PATCH, DELETE
Token Authentication
# settings.py
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
    ]
}

INSTALLED_APPS += ['rest_framework.authtoken']
# python manage.py migrate
# POST /api-token-auth/ with username/password → returns token
# Client sends: Authorization: Token
📝 Day 4 Exercise
Build a REST API for Your Blog
  1. A
  2. d
  3. d
  5. D
  6. R
  7. F
  8. .
  10. C
  11. r
  12. e
  13. a
  14. t
  15. e
  17. a
  19. P
  20. o
  21. s
  22. t
  23. S
  24. e
  25. r
  26. i
  27. a
  28. l
  29. i
  30. z
  31. e
  32. r
  34. w
  35. i
  36. t
  37. h
  39. a
  40. l
  41. l
  43. f
  44. i
  45. e
  46. l
  47. d
  48. s
  49. .
  51. R
  52. e
  53. g
  54. i
  55. s
  56. t
  57. e
  58. r
  60. a
  62. P
  63. o
  64. s
  65. t
  66. V
  67. i
  68. e
  69. w
  70. S
  71. e
  72. t
  74. w
  75. i
  76. t
  77. h
  79. t
  80. h
  81. e
  83. r
  84. o
  85. u
  86. t
  87. e
  88. r
  89. .
  91. T
  92. e
  93. s
  94. t
  96. a
  97. l
  98. l
  100. e
  101. n
  102. d
  103. p
  104. o
  105. i
  106. n
  107. t
  108. s
  110. w
  111. i
  112. t
  113. h
  115. c
  116. u
  117. r
  118. l
  120. o
  121. r
  123. P
  124. o
  125. s
  126. t
  127. m
  128. a
  129. n
  130. .
  132. A
  133. d
  134. d
  136. t
  137. o
  138. k
  139. e
  140. n
  142. a
  143. u
  144. t
  145. h
  147. a
  148. n
  149. d
  151. v
  152. e
  153. r
  154. i
  155. f
  156. y
  158. u
  159. n
  160. a
  161. u
  162. t
  163. h
  164. e
  165. n
  166. t
  167. i
  168. c
  169. a
  170. t
  171. e
  172. d
  174. u
  175. s
  176. e
  177. r
  178. s
  180. c
  181. a
  182. n
  183. '
  184. t
  186. P
  187. O
  188. S
  189. T
  190. .

Day 4 Summary

  • Serializers convert model instances to JSON (and back). ModelSerializer auto-generates fields from the model.
  • ModelViewSet provides all 5 CRUD endpoints (list, create, retrieve, update, destroy) with minimal code.
  • Routers auto-register URL patterns for ViewSets. One line replaces five URL patterns.
  • IsAuthenticatedOrReadOnly = public reads, auth required for writes. The right default for most APIs.
← Previous
Day 3: Templates
Next →
Day 5: Deploy to Production
Finished this lesson?