I would like to create a REST service with authentication for mobile devices. This is the first time that I will do something like this, so I would like to get some tips on how I will implement things.
To do this, I will need to create a registration form that will allow the user to register for the services. I do not see any problems here. I can just send the form data to the server and give it an answer.
If the form is correct, a new user object will be created and immediately logged in. An API key will also be created using:
from django.contrib.auth.models import User from django.db import models from tastypie.models import create_api_key models.signals.post_save.connect(create_api_key, sender=User)
The request returns HTTP-HTTP status and contains a redirect URL to retrieve the API key.
After this action, the application will request another URI (the URI received in the response 301 of the registration request) to access the API key (I will use Tastypie ApiKeyAuthentication ). The request will contain the session cookie received in the previous response to the request, this way of viewing will be protected, and I will be able to use the login_required handler for the user. The answer will be simple JSON with username and api key.
These values ββwill be stored somewhere in the application.
Any requests made will add the username and KEY API stored in the application, so further requests will be more secure.
Does this sound like a good role model? Are there any holes in the design?
source share