Talking head
DjangoCon 2015

Why REST More and more of our web development is shifting to frontend web frameworks like Angular, Ember, and Backbone. And this is great! These frameworks can provide an amazing, responsive, beautiful experience to our users — and the only price we pay is having to write JavaScript. Well, having to write JavaScript and having to maintain a seriously robust, battle-hardened API for the frontend framework to talk to. State of REST Django REST Framework has clearly broken away with a ton of momentum, and with good reason. It's a solid framework, and the tools it provides right out of the box — serialization, validation, nested relationships — are splendid. It even provides basic authentication and authorization baked right in, which works great in the very simple cases. However, when you start encountering slightly more complicated API permission setups, things start to get messy. REST Security There's a big tectonic shift when trading in your traditional request-response-Django site for a frontend-framework-API-Django site. Your application logic used to reside almost entirely server-side, but now it's split — half server-side, half browser-side. And the trick with browser-side code is it runs in a completely untrusted environment. So we're faced with a much more complicated security situation to batten down. You need different authentication strategies: session auth, JWT token auth, API keys, signed URLs, and combinations thereof. You have different permission strategies: table-level, row-level, column-level, and combinations thereof. It gets real complicated. REST Easy I'll show how to use the tools at our disposal — Django groups and permissions, REST Frameworks's permission classes, third-party libraries — to cobble together a passable security setup for your API. You'll get plenty of code samples, detailing the kinds of setups we put together for our site and the custom tooling we built to do it. Next-Level REST We'll end by talking about how our tools can serve us better in the future. If Django is going to have a strong place in the future of the web, we need strong tooling for building APIs. This is how we'll get there.

Rated: Everyone
Viewed 322 times
Tags: There are no tags for this video.