RESTFUL web services consumed by web and native mobile apps with authentication in python using django framework

Asked 18/8, 2012 at 1:52 Answered 23/12, 2014 at 11:6

python django rest tastypie django-piston

I have to write RESTFUL web-services with authentication in python using django framework which will be consumed by web based clients and mobile native apps (Android and IOS).

the simple example would be that user will log in using email and password, he fetches the api key and stores it on the mobile device and then use this api key for consuming further api's instead of giving user credentials again and again.

I am thinking of using TASTYPIE or Django piston for writing RESTFUL services but please suggest otherwise if you know any better solution.

But my main focus is on the authentication part. Should I use OAuth for implementing authentication or a simple Basic authentication over ssl with api-key in response would be enough.

Porphyry answered 18/8, 2012 at 1:52 Comment(1)

Always design for simplicity, it's always easy to add complexity upon simplicity - while it's always hard to add simplicity upon complexity. I opt for the second option, using already existing functionality in the HTTPS protocol, or a third option, standard https client based authentication? – Branum 18/8, 2012 at 14:36

You can write RESTful web service with the python standard library, third party libraries are not absolutely necessary.

You should read more about what defines a RESTful service, and start implementing it yourself.

For what it's worth, I use cherrypy as a light framework in a few projects. It's simple and easy to use. The website even has a section about how to implement REST in your application.

Etruria answered 18/8, 2012 at 2:12 Comment(1)

Do you have any experience in writing RESTFUL API which require AUTH and consumed by mobile native apps. Writing RESTFUL service might not be the problem but I have searched for the authentication part and there is not much help available. Thanks for your help. – Porphyry 18/8, 2012 at 13:36

I've done it with the api key exchange, like you said and used SSL. Worked fine. There are some caveats to make https requests work right on Android.

private static HttpClient newHttpClient() {
    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
    trustStore.load(null, null);

    SSLSocketFactory sf = new EasySSLSocketFactory(trustStore);
    sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    registry.register(new Scheme("https", sf, 443));

    ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
    return new DefaultHttpClient(ccm, params);
}

Devland answered 27/2, 2013 at 0:53 Comment(0)

I've used OAUTH2, which is simpler to implement than OAUTH, but needs SSL to actually make it secure.

Since I've used DJANGO REST Framework, you can find the setup, here.

Stagy answered 23/12, 2014 at 11:6 Comment(0)

Recommended topics

Hot tags