Django REST Framework provides a powerful toolkit for building robust and scalable APIs using Django. It simplifies the process of creating RESTful services by offering built-in support for serialization, authentication, permissions, and request handling.
This framework helps developers create clean, secure, and maintainable APIs efficiently.
Why Django REST Framework?
Django REST Framework builds on Django's rock-solid foundations, adding API-specific superpowers that make backend development efficient and enjoyable.
It transforms your Django models into fully-featured APIs with minimal code, following industry best practices like RESTful principles and JSON:API standards.
Key Advantages Over Plain Django Views
DRF isn't just a library—it's a full toolkit designed for API-first development. Here's what sets it apart:
1. Rapid Prototyping: Turn models into APIs in minutes using generics and viewsets.
2. Built-in Authentication: Supports token auth, JWT, OAuth—perfect for secure SPAs.
3. Serialization Magic: Handles complex data relationships effortlessly.
4. Browsable API: Auto-generates interactive docs for testing without Postman.
This table highlights why DRF is the go-to for 80%+ of Python API projects (per Stack Overflow surveys)
Setting Up Your DRF Project
Getting started takes just minutes, but sets the foundation for scalable APIs that integrate seamlessly with your frontend JavaScript apps.
Follow these steps to bootstrap a DRF project from your existing Django knowledge.
Step-by-Step Installation and Configuration
1. Install DRF: Run pip install djangorestframework in your virtual environment.
2. Add to Installed Apps: In settings.py, include 'rest_framework' in INSTALLED_APPS.
3. Configure Defaults: Add DRF to REST_FRAMEWORK settings for pagination, auth, and throttling:
REST_FRAMEWORK = {
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
'PAGE_SIZE': 10,
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
]
}4. Create a Superuser: python manage.py createsuperuser for admin access.
5. Run Migrations: python manage.py migrate and start the server.
Pro Tip: For frontend integration, set DEFAULT_RENDERER_CLASSES to prioritize JSON over HTML.
Building Your First API Endpoint
Now, let's create a practical Task Management API—think Trello backend—that your JavaScript frontend can consume via fetch().
This example uses a simple model but scales to complex apps with nested relationships.
1. Define Models and Serializers
Start with a Task model in models.py:
from django.db import models
class Task(models.Model):
title = models.CharField(max_length=200)
completed = models.BooleanField(default=False)
created_at = models.DateTimeField(auto_now_add=True)Create serializers.py:
from rest_framework import serializers
from .models import Task
class TaskSerializer(serializers.ModelSerializer):
class Meta:
model = Task
fields = '__all__'2. Wire Up ViewSets for CRUD
In views.py, use DRF's ViewSet for automatic list/create/retrieve/update/delete:
from rest_framework import viewsets
from .models import Task
from .serializers import TaskSerializer
class TaskViewSet(viewsets.ModelViewSet):
queryset = Task.objects.all()
serializer_class = TaskSerializer3. URL Routing Magic
In urls.py, one line handles all CRUD routes:
from rest_framework.routers import DefaultRouter
from .views import TaskViewSet
router = DefaultRouter()
router.register(r'tasks', TaskViewSet)
urlpatterns = router.urlsResult: Instant API at /tasks/ with full CRUD—test it at http://127.0.0.1:8000/tasks/.
Your JavaScript frontend can now fetch('/api/tasks/') for real-time data!
Authentication and Permissions
Secure APIs are non-negotiable. DRF makes JWT + role-based access straightforward.
Implementing Token Authentication
Install djangorestframework-simplejwt: pip install djangorestframework-simplejwt.
Add to REST_FRAMEWORK settings:
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_simplejwt.authentication.JWTAuthentication',
]3. Protect views: Add permission_classes = [IsAuthenticated] to your ViewSet.
Practical Example: Frontend login flow:
// Login and get token
const response = await fetch('/api/token/', {
method: 'POST',
body: JSON.stringify({username, password})
});
const {access} = await response.json();
// Use token for protected requests
fetch('/api/tasks/', {
headers: {Authorization: `Bearer ${access}`}
});Custom Permissions for Fine-Grained Control
IsOwnerOrReadOnly: Users edit only their own tasks.
IsAdminUser: Admins manage everything.
from rest_framework.permissions import IsAuthenticated, IsAdminUser
class TaskViewSet(viewsets.ModelViewSet):
permission_classes = [IsAuthenticated, IsOwnerOrReadOnly]Advanced Features for Production APIs
Scale beyond basics with throttling, caching, and filtering—essential for real apps.
Pagination, Filtering, and Search
DRF's filtering backend turns your API into a search powerhouse:
1. Install django-filter: pip install django-filter.
2. Enable in settings and views.
User Experience Boost
Example Response:
{
"count": 150,
"next": "/api/tasks/?page=2",
"results": [{"id":1, "title":"Learn DRF", "completed":false}]
}Testing and Documentation
Professional APIs include automated tests and OpenAPI docs.
1. DRF Spectacular: Auto-generates Swagger UI docs.
2. APITestCase: Test endpoints like self.client.get('/tasks/').
Best Practice: Aim for 80%+ test coverage on serializers and views.
Class Sessions
Sales Campaign
We have a sales campaign on our promoted courses and products. You can purchase 1 products at a discounted price up to 15% discount.