0% found this document useful (0 votes)

533 views117 pages

Django Rest API

1. The document discusses Django Rest Framework which provides a powerful and flexible toolkit for building web APIs with Django. 2. It explains key concepts related to APIs and web services including REST, RESTful APIs, HTTP verbs, and differences between SOAP and RESTful web services. 3. Django Rest Framework uses Django facilities like models, views, templates, and ORM to build web APIs in a concise manner.

Uploaded by

Rohini Karale

Available Formats

Download as PDF, TXT or read online on Scribd

Download as pdf or txt

0% found this document useful (0 votes)

533 views117 pages

Django Rest API

Uploaded by

Rohini Karale

Available Formats

Download as PDF, TXT or read online on Scribd

Download as pdf or txt

You are on page 1/ 117

DJango Rest Framework:

1. Most of the people dont know this exciting technology

2. It is compulsory required technology. Django application with out REST API is like a
human being without hands and legs.
3. It is very very easy technology
4. It is very very small technology.

1) API
2) Web API/Web Service
3) REST
4) REST API
5) DJango Rest Framework

API:
API  Application Programming Interface
The main objective of API is two applications can communicate with each other. API
allows external agent to communicate (integrate and exchange information) with our
application.

In Simple way: 'Methods of communication between software components'

Eg1: By using API a java application can communicate with python application.
Bookmyshow application can communicate with Payment gateway application to
complete our booking.

Eg2: Authentication with Facebook

Note: Interface of communication between the user and application is nothing but API.
The user can be Human user, an android app or desktop application etc

Web API/Web Service:

The interface of communication between the user and application over the web by using
HTTP is nothing but Web API.

REST: Representational State Transfer:

Representational State Transfer(REST) is an architectural style.
It defines several Rules/Guide Lines to develop Web APIs/Web Services

By using REST, we can develop web APIs very easily in concise way.
Hence REST is the most popular Architecture to develop Web Services.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
1  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
RESTFul API:
The API which is developed by using REST Architecture is nothing but RESTFul API. i.e
interface between the user and application where API implements REST Architecture.

Note: REST is basically an architecture where as RESTFul API is an API that implements
REST.

DJango Rest Framework:

Django REST framework is a powerful and flexible toolkit for building Web APIs.
It is the most commonly used framework in Python World to build WEB APIs.
This framework internally uses all Django facilities like models, views, templates, ORM etc
website: https://www.django-rest-framework.org/

Current Version of DJango Rest Framework: 3.9

It requires:
Python (2.7, 3.4, 3.5, 3.6, 3.7)
Django (1.11, 2.0, 2.1)
Application Application
Java .Net

Python API Python

.Net Java

Java App  API  .NET App

By using Web Services, Any application in the world can communicates with any other
application irrespective of language (like Java, Python, .Net etc) and platform (like
windows,Linux,MAC etc).
The applications can communicate by using HTTP Protocol as the common language.
The Message Format is XML or JSON.

API: Can be used to access functionality of any application.

It may be stand alone application/web application/enterprise application

Web API/Web Service:

Can be used to access functionality of web application by using HTTP

REST: It is an architecture, which provides several guidelines to develop web APIs very
easily and effectively.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
2  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
RESTful API: The Web API which implements REST principles is called RESTful API.

Django REST Framework:

It provides toolkit to develop RESTful APIs for django based applications very easily.

The main objective of web APIs is interoperability. ie different applications can

communicate with each other irrespective of develop language and platform.

The common communication language is: HTTP

The common message format is: XML/JSON

Note: The most common data representation in web API is Java Script Object Notation
(JSON). It is a collection of key-value pairs just like python dictionaries.

{'eno':100,'ename':'durga','esal':1000,'eaddr':'hyd'}

The main advantage of JSON over XML is, it is Machine Friendly and Human Friendly Form.

HTTP Verbs:
HTTP Verbs represent the type of operation what we required.
Based on requirement we have to use the corresponding HTTP verb.

The following are various HTTP Verbs

1) GET  To get one/more existing resources

2) POST  To create a new resource
3) PUT  To update an existing resource like update all fields of employee
4) PATCH  To perform partial updation of an existing resource like updating only salary
of employee
5) DELETE  To delete an existing resource.

Note: These are only important HTTP Verbs. The following are not that much important
verbs.

 OPTIONS
 HEAD
 CONNECT
 TRACE
 LOCK
 MOVE
 PROFIND
etc

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
3  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
HTTP Verbs vs Database CRUD Operations:
C (CREATE)  POST
R (RETRIEVE/READ)  GET
U (UPDATE)  PUT/PATCH
D (DELETE)  DELETE

How to install Atom IDE:

Download installer from: atom.io

How to configure Atom for Python:

1) Python AutoCompletion:
File->Settings->Install->in the searchbox just type python-->autocomplete-python

2) django:
File  Settings  Install  In the searchbox just type djanngo  atom-django

How to install Django Rest Framework:

1) pip install djangorestframework
2) pip install markdown # To provide support for browsable api
3) pip install django-filter # Filtering support

Types of Web Services:

There are 2 types of web services
1) SOAP Based WebServices
2) RESTful WebServices

1) SOAP Based Web Services:

 SOAP: Simple Object Access Protocol.
 SOAP is an XML based protocol for accessing web services.
 To describe SOAP based web services we have to use a special language: WSDL
(Web Service Description Language).
 SOAP based web services are more secured. We can consume by using RPC Method
calls. These web services can provide support for multiple protocols like HTTP, SMTP,
FTP etc

Limitations:
1) SOAP Based web services will always provide data only in XML format. Parsing of this
XML data is very slow, which creates performance problems.
2) Transfter of XML data over network requires more bandwidth.
3) Implementing SOAP Based Web Services is very difficult.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
4  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Note: Because of heavy weight, less performance and more bandwidth requirements,
SOAP based web services are not commonly used these days.

2) RESTful Web Services:

 REST stands for Representational State Transfer. It means that each unique URL is a
represention of some object. We can get contents of this object by using HTTP GET, we
can modify by using PUT/PATCH and we can delete by using DELETE.
 We can create by using POST.
 Most of the times RESTful web service will provide data in the form of JSON, parsing is
not difficult. Hence this type of web services are faster when compared with SOAP
based Web Services.
 Transfer of JSON Data over the network requires less bandwidth.

Limitations:
1) It is less secured.
2) It provide support only for the protocols which can provide URI, mostly HTTP.

Note: Because of ligth weight, high performance, less bandwidth requirements, easy
development, human understandable message format, this type of web services are most
commonly used type of web services.

Differences between SOAP and REST

SOAP REST
1) XML Based Message Protocol. 1) An Architecture Syle but not protocol.
2) Uses WSDL for communication between 2) Uses xml/json to send and receive data.
consumer and provider.
3) Invokes services by using RPC Method 3) Invokes services by simply URL Path.
calls.
4) Does not return human readable result.
4) Returns readable results like plain xml or
JSON.
5) These are heavy weight. 5) These are light weight.
6) These require more bandwidth. 6) These require less bandwidth.
7) Can provide support for multiple 7) Can provide support only for protocols
protocols like HTTP,SMTP,FTP etc. that provide URI, mostly HTTP.
8) Performance is Low. 8) Perforamnce is High.
9) More Secured. 9) Less Secured.

Note: Most of the Google web services are SOAP Based.

Yahoo  RESTful
eBay and Amazon using both SOAP and Restful

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
5  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Web Service Provider vs WebService Consumer:
 The application which is providing web services is called Web Service Provider.
 The application which is consuming web data through web services, is called Web
service consumer.

Eg: Bookmyshow app <--> Payment Gateway app

To complete our booking, bookmyshow application will communicates with payment
gateway application. Hence payment gateway applications acts as webservice provider
and bookmyshow application acts as web service consumer.

Django View Function to send HTML Response:

def employee_data_view(request):
employee_data={'eno':100,'ename':'Sunny Leone','esal':1000,'eaddr':'Hyderabad'}
resp='<h1>Employee No:{}<br>Employee Name:{}<br>Employee Salary:{}<br>Employee
Address:{}</h1>'.format(employee_data['eno'],employee_data['ename'],employee_data[
'esal'],employee_data['eaddr'])
return HttpResponse(resp)

Django View Function to send HTTPResponse with JSON Data:

To handle json data, python provides inbuilt module: json
This module contains dumps() function to convert python dictionary to json
object.(serialization)

def employee_data_jsonview(request):
employee_data={'eno':100,'ename':'Sunny Leone','esal':1000,'eaddr':'Hyderabad'}
json_data=json.dumps(employee_data)
return HttpResponse(json_data,content_type='application/json')

Note: This way of sending JSON response is very old. Newer versions of Django dprovided
a special class JsonResponse.

Django View Function to send JsonResponse directly:

The main advantage of JsonResponse class is it will accept python dict object directly. It is
the most convinient way to provide json response.
from djando.http import JsonResponse
def employee_data_jsondirectview(request):
employee_data={'eno':100,'ename':'Sunny Leone','esal':1000,'eaddr':'Hyderabad'}
return JsonResponse(employee_data)

Python Application to communicate with Django Application:

From python if we want to send http request we should go for requests module.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
6  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
test.py:

1) import requests
2) BASE_URL='http://127.0.0.1:8000/'
3) ENDPOINT='api'
4) r=requests.get(BASE_URL+ENDPOINT)
5) data=r.json()
6) print('Employee Number:',data['eno'])
7) print('Employee Name:',data['ename'])
8) print('Employee Salary:',data['esal'])
9) print('Employee Address:',data['eaddr'])

Note: In the above case, python application communicates with django application to get
employee data. For this common language used is: Http and common message format
used is JSON.

HTTPie Module:
We can use this module to send http request from commond prompt.
We can install as follows

pip install httpie

We can http request as follows

1) C:\Users\LENOVO>http http://127.0.0.1:8000
2) HTTP/1.0 200 OK
3) Content-Length: 72
4) Content-Type: application/json
5) Date: Thu, 13 Dec 2018 10:17:54 GMT
6) Server: WSGIServer/0.2 CPython/3.6.5
7) X-Frame-Options: SAMEORIGIN
8)
9) {
10) "eaddr": "Hyderabad",
11) "ename": "Sunny Leone",
12) "eno": 100,
13) "esal": 1000
14) }

Class Based View(CBV) to send JSON Response:

Every class based view in django should extends View class.It present in the following
package.

django.views.generic

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
7  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Within the class we have to provide http methods like get(),post() etc
Whenever we are sending the request, the corresponding method will be executed.

1) from django.views.generic import View

2) class JsonCBV(View):
3) def get(self,request,*args,**kwargs):
4) employee_data={'eno':100,'ename':'Sunny Leone','esal':1000,'eaddr':'Hyderabad'}
5) return JsonResponse(employee_data)

urls.py
url(r'^cbv1/', views.JsonCBV.as_view()),

*args vs **kwargs:
*args  Variable Length Arguments
f1(*args)  We can call this function by passing any number of arguments.
Internally this variable-length argument will be converted into tuple.

1) def sum(*args):
2) total=0
3) for x in args:
4) total=total+x
5) print('The Sum:',total)
6)
7) sum()
8) sum(10)
9) sum(10,20)
10) sum(10,20,30,40)

Output:
The Sum: 0
The Sum: 10
The Sum: 30
The Sum: 100

**kwargs  Variable Length Keyword Arguments.

f1(**kwargs)  We can call this function by passing any number of keyword arguments.
All these keyword arguments will be converted into dictionary.

1) def f1(**x):
2) print(x)
3)
4) f1(name='durga',rollno=101,marks=80,gf1='sunny')

Output: {'name': 'durga', 'rollno': 101, 'marks': 80, 'gf1': 'sunny'}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
8  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Mixin(Mixed In):
 Mixins are special type of inheritance in Python.
 It is limited version of Multiple inheritance.
 In multiple inheritance, we can create object for parent class and parent class can
extend other classes. But in Mixins, for the parent class we cannot create object and it
should be direct child class of object.i.e parent class cannot extend any other classes.
 In Multiple inheritance, parent class can contain instance variables.But in Mixins,
parent class cannot contain instance variable but can contain class level static
variables.
 Hence the main purpose of parent class in Mixins is to provide functions to the child
classes.

Differences between Mixins and Multiple Inheritance

Mixins Multiple Inheritance
1) Parent class instantiation is not possible 1) Parent class instantitation is possible.
2) It contains only instance methods but 2) It contains both instance methods and
not instance variables. variables.
3) The methods are useful only for child 3) The methods are useful for both Parent
classes. and child classes.
4) Parent class should be direct child class 4) Parent class can extend any class need
of object. not be object.

Note:
1) Mixins are reusable classes in django.
2) Mixins are available only in languages which provide support for multiple inheritance
like Python,Ruby,Scala etc
3) Mixins are not applicable for Java and C#, because these languages won't support
multiple inheritance.

Writing CBV by using Mixin class:

mixins.py:

1) from django.http import JsonResponse

2) class JsonResponseMixin(object):
3) def render_to_json_response(self,context,**kwargs):
4) return JsonResponse(context,**kwargs)

CBV:

1) from testapp.mixins import JsonResponseMixin

2) class JsonCBV2(JsonResponseMixin,View):
3) def get(self,request,*args,**kwargs):
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
9  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
4) employee_data={'eno':100,'ename':'Sunny Leone','esal':1000,'eaddr':'Hyderabad'}
5) return self.render_to_json_response(employee_data)

Performing database CRUD operations by using web api without

REST Framework:

models.py

1) from django.db import models

2)
3) # Create your models here.
4) class Employee(models.Model):
5) eno=models.IntegerField()
6) ename=models.CharField(max_length=64)
7) esal=models.FloatField()
8) eaddr=models.CharField(max_length=64)

admin.py

1) from django.contrib import admin

2) from testapp.models import Employee
3) # Register your models here.
4) class EmployeeAdmin(admin.ModelAdmin):
5) list_display=['id','eno','ename','esal','eaddr']
6)
7) admin.site.register(Employee,EmployeeAdmin)

views.py

1) from django.shortcuts import render

2) from django.views.generic import View
3) from testapp.models import Employee
4) import json
5) from django.http import HttpResponse
6) # Create your views here.
7) class EmployeeCRUDCBV(View):
8) def get(self,request,*args,**kwargs):
9) emp=Employee.objects.get(id=2)
10) data={
11) 'eno':emp.eno,
12) 'ename':emp.ename,
13) 'esal':emp.esal,
14) 'eaddr':emp.eaddr,
15) }

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
10  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
16) json_data=json.dumps(data)
17) return HttpResponse(json_data,content_type='application/json')

Without Hardcoding id Value

1) def get(self,request,id,*args,**kwargs):
2) emp=Employee.objects.get(id=id)
3) ....

urls.py
url(r'^api/(?P<id>\d+)/$', views.EmployeeCRUDCBV.as_view()),

test.py

1) import requests
2) BASE_URL='http://127.0.0.1:8000/'
3) ENDPOINT='api/'
4) n=input('Enter required id:')
5) r=requests.get(BASE_URL+ENDPOINT+n+'/')
6) data=r.json()
7) print(data)

Serialization:
The process of converting object from one form to another form is called serialization.

Eg: converting python dictionary object to json

json_data = json.dumps(data)

Serialization by using django.core.serializers Module:

djando provides inbuilt module serializers to perform serialization very easily.This module
contains serialize() function for this activity.

1) def get(self,request,id,*args,**kwargs):
2) emp=Employee.objects.get(id=id)
3) json_data=serialize('json',[emp,],fields=('eno','ename'))
4) return HttpResponse(json_data,content_type='application/json')

If we are not specifying fields attribute, then all fields will be included in json data. For
security reasons, if we don't want to provide access to some fields then this fields
attribute is very helpful.

Note: Here exclude attribute is not allowed

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
11  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
To get all Records:

1) class EmployeeListCBV(View):
2) def get(self,request,*args,**kwargs):
3) qs=Employee.objects.all()
4) json_data=serialize('json',qs)
5) return HttpResponse(json_data,content_type='application/json')

urls.py
url(r'^api/$', views.EmployeeListCBV.as_view()),

test.py

1) import requests
2) BASE_URL='http://127.0.0.1:8000/'
3) ENDPOINT='api/'
4) r=requests.get(BASE_URL+ENDPOINT)
5) data=r.json()
6) print(data)

Note: In the output we are getting some extra meta information also.

[{'model': 'testapp.employee', 'pk': 1, 'fields': {'eno': 100, 'ename': 'Sunny', 'esal': 1000.0,
'eaddr': 'Mumbai'}}, {'model': 'testapp.employee', 'pk': 2, 'fields': {'eno': 200, 'ename':
'Bunny', 'esal': 2000.0, 'eaddr
': 'Hyderabad'}}, {'model': 'testapp.employee', 'pk': 3, 'fields': {'eno': 300, 'ename':
'Chinny', 'esal': 3000.0, 'eaddr': 'Hyderabad'}}, {'model': 'testapp.employee', 'pk': 4,
'fields': {'eno': 400, 'ename': 'Vinny', '
esal': 4000.0, 'eaddr': 'Bangalore'}}]

How to get only Original Database Data:

1) class EmployeeListCBV(View):
2) def get(self,request,*args,**kwargs):
3) qs=Employee.objects.all()
4) json_data=serialize('json',qs)
5) pdict=json.loads(json_data)
6) final_list=[]
7) for obj in pdict:
8) final_list.append(obj['fields'])
9) json_data=json.dumps(final_list)
10) return HttpResponse(json_data,content_type='application/json')

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
12  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Output:
[{'eno': 100, 'ename': 'Sunny', 'esal': 1000.0, 'eaddr': 'Mumbai'}, {'eno': 200, 'ename':
'Bunny', 'esal': 2000.0, 'eaddr': 'Hyderabad'}, {'eno': 300, 'ename': 'Chinny', 'esal': 3000.0,
'eaddr': 'Hyderabad'}, {'eno': 400, 'ename': 'Vinny', 'esal': 4000.0, 'eaddr': 'Bangalore'}]

Seperate serialization Code into SerializeMixin:

mixins.py

1) from django.core.serializers import serialize

views.py

1) class EmployeeListCBV(SerializeMixin,View):
2) def get(self,request,*args,**kwargs):
3) qs=Employee.objects.all()
4) json_data=self.serialize(qs)
5) return HttpResponse(json_data,content_type='application/json')

We can also use mixin to get a particular record data as follows

1) class EmployeeCRUDCBV(SerializeMixin,View):
2) def get(self,request,id,*args,**kwargs):
3) emp=Employee.objects.get(id=id)
4) json_data=self.serialize([emp,])
5) return HttpResponse(json_data,content_type='application/json')

Output: [{'eno': 200, 'ename': 'Bunny', 'esal': 2000.0, 'eaddr': 'Hyderabad'}]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
13  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Error Handling in the API:
It is not recommended to display our django error information directly to the partner
applications.Hence it is highly recommened to perform error handling.

1) class EmployeeCRUDCBV(SerializeMixin,View):
2) def get(self,request,id,*args,**kwargs):
3) try:
4) emp=Employee.objects.get(id=id)
5) except Employee.DoesNotExist:
6) json_data=json.dumps({'msg':'Specified Record Not Found'})
7) else:
8) json_data=self.serialize([emp,])
9) return HttpResponse(json_data,content_type='application/json')

Status Codes:
Status code represents the status of HttpResponse. The following are various possible
status codes.

1XX  Informational
2XX  Successful
3XX  Redirection
4XX  Client Error
5XX  Server Error

How to add Status Code to HttpResponse explicitly:

By using status attribute

Eg: HttpResponse(json_data,content_type='application/json',status=403)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
14  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
How to render HttpResponse By using Mixin:

1) from django.http import HttpResponse

2) class HttpResponseMixin(object):
3) def render_to_http_response(self,data,status=200):
4) return HttpResponse(data,content_type='application/json',status=status)

views.py:

1) class EmployeeCRUDCBV(SerializeMixin,HttpResponseMixin,View):
2) def get(self,request,id,*args,**kwargs):
3) try:
4) emp=Employee.objects.get(id=id)
5) except Employee.DoesNotExist:
6) json_data=json.dumps({'msg':'Specified Record Not Available'})
7) return self.render_to_http_response(json_data,404)
8) else:
9) json_data=self.serialize([emp,])
10) return self.render_to_http_response(json_data)

How to use dumpdata Option:

We can dump our database data either to the console or to the file by using dumpdata
option. This option provides support for json and xml formats. The default format is json.
We can write this data to files also.

Commands:
1) py manage.py dumpdata testapp.Employee
Print data to the console in json format without identation
2) py manage.py dumpdata testapp.Employee --indent 4
Print data to the console in json format with identation
3) py manage.py dumpdata testapp.Employee >emp.json --indent 4
Write data to emp.json file instead of displaying to the console
4) py manage.py dumpdata testapp.Employee --format json >emp.json --indent 4
We are specifying format as json explicitly
5) py manage.py dumpdata testapp.Employee --format xml --indent 4
Print data to the console in xml format with identation
6) py manage.py dumpdata testapp.Employee --format xml > emp.xml --indent 4
Write data to emp.xml file instead of displaying to the console

Note: dumpdata option provides support only for 3 formats

1) json(default)
2) XML
3) YAML (YAML Ain't Markup Language)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
15  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
YAML is a human readable data serialization language, which is supported by multiple
languages.

How to Create Resource from partner application by using API

(POST Request):

test.py(Partner Application)

1) import json
2) import requests
3) BASE_URL='http://127.0.0.1:8000/'
4) ENDPOINT='api/'
5) def create_resource():
6) new_emp={
7) 'eno':600,
8) 'ename':'Shiva',
9) 'esal':6000,
10) 'eaddr':'Chennai',
11) }
12) r=requests.post(BASE_URL+ENDPOINT,data=json.dumps(new_emp))
13) print(r.status_code)
14) print(r.text)
15) print(r.json())
16) create_resource()

Note: For POST Requests, compulsory CSRF verification should be done.If it fails our
request will be aborted.

Error:
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>

How to disable CSRF Verification:

 Just for our testing purposes we can disable CSRF verification, but not recommended
in production environment.
 We can disable CSRF verification at Function level, class level or at project level

1) To disable at Function/Method Level:

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def my_view(request):
body

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
16  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
This approach is helpful for Function Based Views(FBVs)

2) To disable at class level:

If we disable at class level then it is applicable for all methods present inside that class.
This approach is helpful for class based views(CBVs).

Code:
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator

@method_decorator(csrf_exempt,name='dispatch')
class EmployeeListCBV(SerializeMixin,View):

3) To disable at Project globally:

Inside settings.py file comment the following middleware
'django.middleware.csrf.CsrfViewMiddleware'

post() Method Logic:

 Inside post method we can access data sent by partner application by using
request.body.
 First we have to check whether this data is json or not.

How to Check Data is json OR not?

utils.py:

1) import json
2) def is_json(data):
3) try:
4) real_data=json.loads(data)
5) valid=True
6) except ValueError:
7) valid=False
8) return valid

views.py:

1) from testapp.utils import is_json

2) ...
3) @method_decorator(csrf_exempt,name='dispatch')
4) class EmployeeListCBV(HttpResponseMixin,SerializeMixin,View):
5)
6) def post(self,request,*args,**kwargs):

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
17  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
7) data=request.body
8) if not is_json(data):
9) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
10) json_data=json.dumps({'msg':'post method'})
11) return self.render_to_http_response(json_data)

Creating Model Based Form to hold Employee Data:

forms.py

1) from django import forms

2) from testapp.models import Employee
3) class EmployeeForm(forms.ModelForm):
4) class Meta:
5) model=Employee
6) fields='__all__'

To validate emp Salary:

1) from django import forms

2) from testapp.models import Employee
3) class EmployeeForm(forms.ModelForm):
4) #validations
5) def clean_esal(self):
6) inputsal=self.cleaned_data['esal']
7) if inputsal < 5000:
8) raise forms.ValidationError('The minimum salary should be 5000')
9) return inputsal
10)
11) class Meta:
12) model=Employee
13) fields='__all__'

views.py

1) from django.views.decorators.csrf import csrf_exempt

2) from django.utils.decorators import method_decorator
3) from testapp.utils import is_json
4) from testapp.forms import EmployeeForm
5)
6) @method_decorator(csrf_exempt,name='dispatch')
7) class EmployeeListCBV(HttpResponseMixin,SerializeMixin,View):
8) def get(self,request,*args,**kwargs):

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
18  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
9) qs=Employee.objects.all()
10) json_data=self.serialize(qs)
11) return HttpResponse(json_data,content_type='application/json')
12) def post(self,request,*args,**kwargs):
13) data=request.body
14) if not is_json(data):
15) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
16) empdata=json.loads(request.body)
17) form=EmployeeForm(empdata)
18) if form.is_valid():
19) obj = form.save(commit=True)
20) return self.render_to_http_response(json.dumps({'msg':'resource created su
ccessfully'}))
21) if form.errors:
22) json_data=json.dumps(form.errors)
23) return self.render_to_http_response(json_data,status=400)

Performing Update Operation (put() Method):

Partner Application(test.py)

1) import requests
2) import json
3) BASE_URL='http://127.0.0.1:8000/'
4) ENDPOINT='api/'
5) def update_resource():
6) new_data={
7) eaddr:'Ameerpet',
8) }
9) r=requests.put(BASE_URL+ENDPOINT+'8/',data=json.dumps(new_data))
10) print(r.status_code)
11) # print(r.text)
12) print(r.json())
13) update_resource()

views.py

1) @method_decorator(csrf_exempt,name='dispatch')
2) class EmployeeCRUDCBV(SerializeMixin,HttpResponseMixin,View):
3) def get_object_by_id(self,id):
4) try:
5) emp=Employee.objects.get(id=id)
6) except Employee.DoesNotExist:

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
19  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
7) emp=None
8) return emp
9) def put(self,request,id,*args,**kwargs):
10) obj=self.get_object_by_id(id)
11) if obj is None:
12) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form updataion'})
13) return self.render_to_http_response(json_data,status=404)
14) data=request.body
15) if not is_json(data):
16) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
17) new_data=json.loads(data)
18) old_data={
19) 'eno':obj.eno,
20) 'ename':obj.ename,
21) 'esal':obj.esal,
22) 'eaddr':obj.eaddr,
23) }
24) for k,v in new_data.items():
25) old_data[k]=v
26) form=EmployeeForm(old_data,instance=obj)
27) if form.is_valid():
28) form.save(commit=True)
29) json_data=json.dumps({'msg':'Updated successfully'})
30) return self.render_to_http_response(json_data,status=201)
31) if form.errors:
32) json_data=json.dumps(form.errors)
33) return self.render_to_http_response(json_data,status=400)

Note:
1) form = EmployeeForm(old_data)
form.save(commit=True)
The above code will create a new record

2) form = EmployeeForm(old_data,instance=obj)
form.save(commit=True)
The above code will perform updations to existing object instead of creating new object.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
20  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Performing Delete Operation:
partner application(test.py)

1) import requests
2) import json
3) BASE_URL='http://127.0.0.1:8000/'
4) ENDPOINT='api/'
5) def delete_resource():
6) r=requests.delete(BASE_URL+ENDPOINT+'9/')
7) print(r.status_code)
8) # print(r.text)
9) print(r.json())
10) delete_resource()

views.py

1) def delete(self,request,id,*args,**kwargs):
2) obj=self.get_object_by_id(id)
3) if obj is None:
4) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form deletion'})
5) return self.render_to_http_response(json_data,status=404)
6) status,deleted_item=obj.delete()
7) if status==1:
8) json_data=json.dumps({'msg':'Resource Deleted successfully'})
9) return self.render_to_http_response(json_data,status=201)
10) json_data=json.dumps({'msg':'unable to delete ...plz try again'})
11) return self.render_to_http_response(json_data,status=500)

Note:
1) obj.delete() returns a tuple with 2 values.
2) The first value represents the status of the delete. If the deletion is success then its
value will be 1.
3) The secord value represents the deleted object.

Problem with Our Own Web API Framework:

The following are endpoints for CRUD operations in the above application
1) To get a particular resource: api/id/
2) To get all resources : api/
3) To create(post) a resource: api/
4) To update a resource: api/id
5) To delete a resource: api/id

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
21  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
According industry standard, in all rest api frameworks, endpoint should be same for all
CRUD operations. In our application we are violating this rule.

***For all CRUD operations, ENDPOINT should be same

Rewriting Total Application to satisfy Single ENDPOINT Rule:

Partner Application to send get() Request:
1) We may pass or may not pass id value.
2) If we are not passing id, then we have to get all records.
3) If we are passing id, then we have to get only that particular record.

views.py

1) class EmployeeCRUDCBV(HttpResponseMixin,SerializeMixin,View):
2) def get_object_by_id(self,id):
3) try:
4) emp=Employee.objects.get(id=id)
5) except Employee.DoesNotExist:
6) emp=None
7) return emp
8) def get(self,request,*args,**kwargs):
9) data=request.body
10) if not is_json(data):
11) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
12) data=json.loads(request.body)
13) id=data.get('id',None)
14) if id is not None:
15) obj=self.get_object_by_id(id)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
22  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
16) if obj is None:
17) return self.render_to_http_response(json.dumps({'msg':'No Matched Record
Found with Specified Id'}),status=404)
18) json_data=self.serialize([obj,])
19) return self.render_to_http_response(json_data)
20) qs=Employee.objects.all()
21) json_data=self.serialize(qs)
22) return self.render_to_http_response(json_data)

To Create a Resource (post() Method):

Same code of the previous post() method

test.py

1) def create_resource():
2) new_emp={
3) 'eno':2000,
4) 'ename':'Katrina',
5) 'esal':20000,
6) 'eaddr':'Mumbai',
7) }
8) r=requests.post(BASE_URL+ENDPOINT,data=json.dumps(new_emp))
9) print(r.status_code)
10) # print(r.text)
11) print(r.json())
12) create_resource()

views.py

1) def post(self,request,*args,**kwargs):
2) data=request.body
3) if not is_json(data):
4) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
5) empdata=json.loads(request.body)
6) form=EmployeeForm(empdata)
7) if form.is_valid():
8) obj = form.save(commit=True)
9) return self.render_to_http_response(json.dumps({'msg':'resource created su
ccessfully'}))
10) if form.errors:
11) json_data=json.dumps(form.errors)
12) return self.render_to_http_response(json_data,status=400)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
23  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Update Resource (put Method):
test.py

1) def update_resource(id):
2) new_data={
3) 'id':id,
4) 'eno':7777,
5) 'ename':'Kareena',
6) 'eaddr':'Lanka',
7) 'esal':15000
8) }
9) r=requests.put(BASE_URL+ENDPOINT,data=json.dumps(new_data))
10) print(r.status_code)
11) # print(r.text)
12) print(r.json())
13) update_resource(14)

views.py

1) def put(self,request,*args,**kwargs):
2) data=request.body
3) if not is_json(data):
4) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
5) data=json.loads(request.body)
6) id=data.get('id',None)
7) if id is None:
8) return self.render_to_http_response(json.dumps({'msg':'To perform updatio
n id is mandatory,you should provide'}),status=400)
9) obj=self.get_object_by_id(id)
10) if obj is None:
11) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form updataion'})
12) return self.render_to_http_response(json_data,status=404)
13) new_data=data
14) old_data={
15) 'eno':obj.eno,
16) 'ename':obj.ename,
17) 'esal':obj.esal,
18) 'eaddr':obj.eaddr,
19) }
20) # for k,v in new_data.items():
21) # old_data[k]=v

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
24  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
22) old_data.update(new_data)
23) form=EmployeeForm(old_data,instance=obj)
24) if form.is_valid():
25) form.save(commit=True)
26) json_data=json.dumps({'msg':'Updated successfully'})
27) return self.render_to_http_response(json_data,status=201)
28) if form.errors:
29) json_data=json.dumps(form.errors)
30) return self.render_to_http_response(json_data,status=400)

To Delete a Resource (delete Method):

test.py

1) def delete_resource(id):
2) data={
3) 'id':id,
4) }
5) r=requests.delete(BASE_URL+ENDPOINT,data=json.dumps(data))
6) print(r.status_code)
7) # print(r.text)
8) print(r.json())
9) delete_resource(13)

views.py

1) def delete(self,request,*args,**kwargs):
2) data=request.body
3) if not is_json(data):
4) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
5) data=json.loads(request.body)
6) id=data.get('id',None)
7) if id is None:
8) return self.render_to_http_response(json.dumps({'msg':'To perform delete,
id is mandatory,you should provide'}),status=400)
9) obj=self.get_object_by_id(id)
10) if obj is None:
11) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form delete operation'})
12) return self.render_to_http_response(json_data,status=404)
13) status,deleted_item=obj.delete()
14) if status==1:
15) json_data=json.dumps({'msg':'Resource Deleted successfully'})

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
25  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
16) return self.render_to_http_response(json_data,status=201)
17) json_data=json.dumps({'msg':'unable to delete ...plz try again'})
18) return self.render_to_http_response(json_data,status=500)

bit ly link : https://bit.ly/2R8HDeV

Complete Application with Single ENDPOINT for all CRUD Operations:

models.py

1) from django.db import models

admin.py

1) from django.contrib import admin

forms.py

1) from django import forms

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
26  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
mixins.py

1) from django.core.serializers import serialize

2) import json
3) class SerializeMixin(object):
4) def serialize(self,qs):
5) json_data=serialize('json',qs)
6) pdict=json.loads(json_data)
7) final_list=[]
8) for obj in pdict:
9) final_list.append(obj['fields'])
10) json_data=json.dumps(final_list)
11) return json_data
12)
13) from django.http import HttpResponse
14) class HttpResponseMixin(object):
15) def render_to_http_response(self,data,status=200):
16) return HttpResponse(data,content_type='application/json',status=status)

utils.py

1) import json
2) def is_json(data):
3) try:
4) real_data=json.loads(data)
5) valid=True
6) except ValueError:
7) valid=False
8) return valid

urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'âdmin/', admin.site.urls),
7) url(r'âpi/$', views.EmployeeCRUDCBV.as_view()),
8) # url(r'âpi/$', views.EmployeeListCBV.as_view()),
9) ]

views.py

1) from django.shortcuts import render

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
27  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
2) from django.views.generic import View
3) from testapp.models import Employee
4) import json
5) from django.http import HttpResponse
6) from django.core.serializers import serialize
7) from testapp.mixins import SerializeMixin,HttpResponseMixin
8) from django.views.decorators.csrf import csrf_exempt
9) from django.utils.decorators import method_decorator
10) from testapp.utils import is_json
11) from testapp.forms import EmployeeForm
12)
13) @method_decorator(csrf_exempt,name='dispatch')
14) class EmployeeCRUDCBV(HttpResponseMixin,SerializeMixin,View):
15) def get_object_by_id(self,id):
16) try:
17) emp=Employee.objects.get(id=id)
18) except Employee.DoesNotExist:
19) emp=None
20) return emp
21)
22) def get(self,request,*args,**kwargs):
23) data=request.body
24) if not is_json(data):
25) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
26) data=json.loads(request.body)
27) id=data.get('id',None)
28) if id is not None:
29) obj=self.get_object_by_id(id)
30) if obj is None:
31) return self.render_to_http_response(json.dumps({'msg':'No Matched Rec
ord Found with Specified Id'}),status=404)
32) json_data=self.serialize([obj,])
33) return self.render_to_http_response(json_data)
34) qs=Employee.objects.all()
35) json_data=self.serialize(qs)
36) return self.render_to_http_response(json_data)
37)
38) def post(self,request,*args,**kwargs):
39) data=request.body
40) if not is_json(data):
41) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
42) empdata=json.loads(request.body)
43) form=EmployeeForm(empdata)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
28  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
44) if form.is_valid():
45) obj = form.save(commit=True)
46) return self.render_to_http_response(json.dumps({'msg':'resource created su
ccessfully'}))
47) if form.errors:
48) json_data=json.dumps(form.errors)
49) return self.render_to_http_response(json_data,status=400)
50) def put(self,request,*args,**kwargs):
51) data=request.body
52) if not is_json(data):
53) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
54) data=json.loads(request.body)
55) id=data.get('id',None)
56) if id is None:
57) return self.render_to_http_response(json.dumps({'msg':'To perform updatio
n id is mandatory,you should provide'}),status=400)
58) obj=self.get_object_by_id(id)
59) if obj is None:
60) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form updataion'})
61) return self.render_to_http_response(json_data,status=404)
62)
63) new_data=data
64) old_data={
65) 'eno':obj.eno,
66) 'ename':obj.ename,
67) 'esal':obj.esal,
68) 'eaddr':obj.eaddr,
69) }
70) # for k,v in new_data.items():
71) # old_data[k]=v
72) old_data.update(new_data)
73) form=EmployeeForm(old_data,instance=obj)
74) if form.is_valid():
75) form.save(commit=True)
76) json_data=json.dumps({'msg':'Updated successfully'})
77) return self.render_to_http_response(json_data,status=201)
78) if form.errors:
79) json_data=json.dumps(form.errors)
80) return self.render_to_http_response(json_data,status=400)
81) def delete(self,request,*args,**kwargs):
82) data=request.body
83) if not is_json(data):

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
29  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
84) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
85) data=json.loads(request.body)
86) id=data.get('id',None)
87) if id is None:
88) return self.render_to_http_response(json.dumps({'msg':'To perform delete,
id is mandatory,you should provide'}),status=400)
89) obj=self.get_object_by_id(id)
90) if obj is None:
91) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form delete operation'})
92) return self.render_to_http_response(json_data,status=404)
93) status,deleted_item=obj.delete()
94) if status==1:
95) json_data=json.dumps({'msg':'Resource Deleted successfully'})
96) return self.render_to_http_response(json_data,status=201)
97) json_data=json.dumps({'msg':'unable to delete ...plz try again'})
98) return self.render_to_http_response(json_data,status=500)

test.py

1) import requests
2) import json
3) BASE_URL='http://127.0.0.1:8000/'
4) ENDPOINT='api/'
5) def get_resources(id=None):
6) data={}
7) if id is not None:
8) data={
9) 'id':id
10) }
11) resp=requests.get(BASE_URL+ENDPOINT,data=json.dumps(data))
12) print(resp.status_code)
13) print(resp.json())
14) def create_resource():
15) new_emp={
16) 'eno':2000,
17) 'ename':'Katrina',
18) 'esal':20000,
19) 'eaddr':'Mumbai',
20) }
21) r=requests.post(BASE_URL+ENDPOINT,data=json.dumps(new_emp))
22) print(r.status_code)
23) # print(r.text)
24) print(r.json())

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
30  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
25) create_resource()
26) def update_resource(id):
27) new_data={
28) 'id':id,
29) 'eno':7777,
30) 'ename':'Kareena',
31) 'eaddr':'Lanka',
32) 'esal':15000
33) }
34) r=requests.put(BASE_URL+ENDPOINT,data=json.dumps(new_data))
35) print(r.status_code)
36) # print(r.text)
37) print(r.json())
38) def delete_resource(id):
39) data={
40) 'id':id,
41) }
42) r=requests.delete(BASE_URL+ENDPOINT,data=json.dumps(data))
43) print(r.status_code)
44) # print(r.text)
45) print(r.json())

Complete Application-2 with Single ENDPOINT for all CRUD Operations:

models.py

1) from django.db import models

2)
3) # Create your models here.
4) class Student(models.Model):
5) name=models.CharField(max_length=64)
6) rollno=models.IntegerField()
7) marks=models.IntegerField()
8) gf=models.CharField(max_length=64)
9) bf=models.CharField(max_length=64)

admin.py

1) from django.contrib import admin

2) from testapp.models import Student
3)
4) # Register your models here.
5) class StudentAdmin(admin.ModelAdmin):
6) list_display=['id','name','rollno','marks','gf','bf']
7)
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
31  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
8) admin.site.register(Student,StudentAdmin)

mixins.py

1) from django.http import HttpResponse

2) class HttpResponseMixin(object):
3) def render_to_http_response(self,data,status=200):
4) return HttpResponse(data,content_type='application/json',status=status)
5)
6) from django.core.serializers import serialize
7) import json
8) class SerializeMixin(object):
9) def serialize(self,qs):
10) json_data=serialize('json',qs)
11) pdict=json.loads(json_data)
12) final_list=[]
13) for obj in pdict:
14) final_list.append(obj['fields'])
15) json_data=json.dumps(final_list)
16) return json_data

utils.py

1) import json
2) def is_json(data):
3) try:
4) real_data=json.loads(data)
5) valid=True
6) except ValueError:
7) valid=False
8) return valid

forms.py

1) from testapp.models import Student

2) from django import forms
3) class StudentForm(forms.ModelForm):
4) def clean_marks(self):
5) inputmarks=self.cleaned_data['marks']
6) if inputmarks < 35:
7) raise forms.ValidationError('Marks should be >= 35')
8) return inputmarks
9) class Meta:
10) model=Student
11) fields='__all__'

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
32  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'^admin/', admin.site.urls),
7) url(r'^api/', views.StudentCRUDCBV.as_view()),
8) ]

views.py

1) from django.shortcuts import render

2) from django.views.generic import View
3) from testapp.utils import is_json
4) from testapp.mixins import HttpResponseMixin,SerializeMixin
5) import json
6) from testapp.models import Student
7) from testapp.forms import StudentForm
8) from django.views.decorators.csrf import csrf_exempt
9) from django.utils.decorators import method_decorator
10)
11) # Create your views here.
12) @method_decorator(csrf_exempt,name='dispatch')
13) class StudentCRUDCBV(SerializeMixin,HttpResponseMixin,View):
14) def get_object_by_id(self,id):
15) try:
16) s=Student.objects.get(id=id)
17) except Student.DoesNotExist:
18) s=None
19) return s
20)
21) def get(self,request,*args,**kwargs):
22) data=request.body
23) valid_json=is_json(data)
24) if not valid_json:
25) return self.render_to_http_response(json.dumps({'msg':'please send valid js
on only'}),status=400)
26) pdata=json.loads(data)
27) id=pdata.get('id',None)
28) if id is not None:
29) std=self.get_object_by_id(id)
30) if std is None:

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
33  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
31) return self.render_to_http_response(json.dumps({'msg':'No Matched Res
ource Found for the given id'}),status=400)
32) json_data=self.serialize([std,])
33) return self.render_to_http_response(json_data)
34) qs=Student.objects.all()
35) json_data=self.serialize(qs)
36) return self.render_to_http_response(json_data)
37) def post(self,request,*args,**kwargs):
38) data=request.body
39) valid_json=is_json(data)
40) if not valid_json:
41) return self.render_to_http_response(json.dumps({'msg':'please send valid js
on only'}),status=400)
42) std_data=json.loads(data)
43) form=StudentForm(std_data)
44) if form.is_valid():
45) form.save(commit=True)
46) return self.render_to_http_response(json.dumps({'msg':'Resource Created S
uccessfully'}))
47) if form.errors:
48) json_data=json.dumps(form.errors)
49) return self.render_to_http_response(json_data,status=400)
50) def put(self,request,*args,**kwargs):
51) data=request.body
52) valid_json=is_json(data)
53) if not valid_json:
54) return self.render_to_http_response(json.dumps({'msg':'please send valid js
on only'}),status=400)
55) provided_data=json.loads(data)
56) id=provided_data.get('id',None)
57) if id is None:
58) return self.render_to_http_response(json.dumps({'msg':'To perform updatio
n id is mandatory,plz provide id'}),status=400)
59) std=self.get_object_by_id(id)
60) original_data={
61) 'name':std.name,
62) 'rollno':std.rollno,
63) 'marks':std.marks,
64) 'gf':std.gf,
65) 'bf':std.bf
66) }
67) original_data.update(provided_data)
68) form=StudentForm(original_data,instance=std)
69) if form.is_valid():
70) form.save(commit=True)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
34  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
71) return self.render_to_http_response(json.dumps({'msg':'Resource Updated
Successfully'}))
72) if form.errors:
73) json_data=json.dumps(form.errors)
74) return self.render_to_http_response(json_data,status=400)
75)
76) def delete(self,request,*args,**kwargs):
77) data=request.body
78) if not is_json(data):
79) return self.render_to_http_response(json.dumps({'msg':'plz send valid json
data only'}),status=400)
80) data=json.loads(request.body)
81) id=data.get('id',None)
82) if id is None:
83) return self.render_to_http_response(json.dumps({'msg':'To perform delete,
id is mandatory,you should provide'}),status=400)
84) obj=self.get_object_by_id(id)
85) if obj is None:
86) json_data=json.dumps({'msg':'No matched record found, Not possible to per
form delete operation'})
87) return self.render_to_http_response(json_data,status=404)
88) status,deleted_item=obj.delete()
89) if status==1:
90) json_data=json.dumps({'msg':'Resource Deleted successfully'})
91) return self.render_to_http_response(json_data)
92) json_data=json.dumps({'msg':'unable to delete ...plz try again'})
93) return self.render_to_http_response(json_data,status=500)

test.py

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
35  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
16) new_std={
17) 'name':'Dhoni',
18) 'rollno':105,
19) 'marks':32,
20) 'gf':'Deepika',
21) 'bf':'Yuvraj'
22) }
23) r=requests.post(BASE_URL+ENDPOINT,data=json.dumps(new_std))
24) print(r.status_code)
25) # print(r.text)
26) print(r.json())
27) # create_resource()
28) def update_resource(id):
29) new_data={
30) 'id':id,
31) 'gf':'Sakshi',
32)
33) }
34) r=requests.put(BASE_URL+ENDPOINT,data=json.dumps(new_data))
35) print(r.status_code)
36) # print(r.text)
37) print(r.json())
38) # update_resource(5)
39) def delete_resource(id):
40) data={
41) 'id':id,
42) }
43) r=requests.delete(BASE_URL+ENDPOINT,data=json.dumps(data))
44) print(r.status_code)
45) # print(r.text)
46) print(r.json())
47) delete_resource(5)

Developing WEB APIs by using 3rd Party Django REST Framework:

There are several 3rd party frameworks are available to build Django REST APIs like

1) Tastify
2) Django REST Framework(DRF)
etc

But DRF is the most commonly used and easy to use framework ti build REST APIs for
Django Applications.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
36  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Speciality of DRF:
Some reasons you might want to use REST framework:
1) The Web browsable API is a huge usability win for your developers.
2) Authentication policies including packages for OAuth1a and OAuth2.
3) Serialization that supports both ORM and non-ORM data sources.
4) Customizable all the way down
5) Extensive documentation and great community support.
6) Used and trusted by internationally recognised companies including Mozilla, Red Hat,
Heroku, and Eventbrite.

How to install DRF:

django-rest-framework.org

Requirements:
REST framework requires the following:
Python (2.7, 3.4, 3.5, 3.6, 3.7)
Django (1.11, 2.0, 2.1)

Installation:
Step-1: Install DRF
pip install djangorestframework
pip install markdown # Markdown support for the browsable API.
pip install django-filter # Filtering support

Note: After installing all required softwares, it is highly recommended to save installed
software information inside a file, so that, it is helpful for production environment to
know version requirements.

pip freeze > requirements.txt

requirements.txt:
argon2-cffi==18.3.0
attrs==18.1.0
bcrypt==3.1.4
certifi==2018.11.29
.....

Step-2: Add 'rest_framework' to our INSTALLED_APPS settings.py file

INSTALLED_APPS = [
....
'rest_framework', # 3rd party application
]
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
37  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Step-3: Adding required urls inside urls.py:
If we are using the browsable API, to make required urls available,add the following to our
urls.py file

urlpatterns = [
...
url(r'^api-auth/', include('rest_framework.urls'))
]

Serializers:
DRF Serializers are responsible for the following activities

1) Serialization
2) Deserialization
3) Validation

Note: DRF Serializers will work very similar to Django Forms and ModelForm classes.

1) Serialization:
 The process of converting complex objects like Model objects and QuerySets to Python
native data types like dictionary etc,is called Serialization.
 The main advantage of converting to python native data types is we can
convert(render) very easily to JSON,XML etc

Defining Serializer Class:

models.py

1) from django.db import models

2) class Employee(models.Model):
3) eno=models.IntegerField()
4) ename=models.CharField(max_length=64)
5) esal=models.FloatField()
6) eaddr=models.CharField(max_length=64)

serializers.py

1) from rest_framework import serializers

2) class EmployeeSerializer(serializers.Serializer):
3) eno=serializers.IntegerField()
4) ename=serializers.CharField(max_length=64)
5) esal=serializers.FloatField()
6) eaddr=serializers.CharField(max_length=64)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
38  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Converting Employee Object to Python Native Data Type By using
EmployeeSerializer (Serialization Process):
>>> from testapp.models import Employee
>>> from testapp.serializers import EmployeeSerializer
>>> emp=Employee(eno=100,ename='Durga',esal=1000,eaddr='Hyd')
>>> eserializer=EmployeeSerializer(emp)
>>> eserializer.data
{'eno': 100, 'ename': 'Durga', 'esal': 1000.0, 'eaddr': 'Hyd'}

Just we converted Employee object to python native data type(dict)

Converting Python native data type to JSON:

>>> from rest_framework.renderers import JSONRenderer
>>> json_data=JSONRenderer().render(eserializer.data)
>>> json_data
b'{"eno":100,"ename":"Durga","esal":1000.0,"eaddr":"Hyd"}'

How to perform serialization for QuerySet:

>>> qs=Employee.objects.all()
>>> qs
<QuerySet [<Employee: Employee object>, <Employee: Employee object>]>
>>> eserializer=EmployeeSerializer(qs,many=True)
>>> eserializer.data
[OrderedDict([('eno', 100), ('ename', 'Durga'), ('esal', 1000.0), ('eaddr', 'Hyderabad')]),
OrderedDict([('eno', 200), ('ename', 'Bunny'), ('esal', 2000.0), ('eaddr', 'Mumbai')])]
>>> json_data=JSONRenderer().render(eserializer.data)
>>> json_data
b'[{"eno":100,"ename":"Durga","esal":1000.0,"eaddr":"Hyderabad"},{"eno":200,"ename
":"Bunny","esal":2000.0,"ead
dr":"Mumbai"}]'

Python Serialization Python

Complex Native
Json
Data Data
Types Types
Like dict

2) Deserialization:
 The process of converting python native data types complex data types like Model
objects is called deserialization.
 First we have to convert json_data to python native data type.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
39  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
1) import io
2) from rest_framework.parsers import JSONParser
3) stream=io.BytesIO(json_data)
4) data=JSONParser().parse(stream)

Now, we have to convert python native data type to database supported complex type
(deserialization)

1) serializer=EmployeeSerializer(data=data)
2) serializer.is_valid()
3) serializer.validated_data

Python Deserialization
Native Database
Json Supported
Data Data
Types Form

Use Case of Serialization and Deserialization:

 If the partner application sends get request,then we have to convert database specific
model objects or querysets to json form and we have to send that json data to the
partner application. For this serialization is required.
 If the partner application sends either post or put request with some json data, then
our django application has to convert that json data into database specific form. For
this deserialization is required.

get() Method Implementation by using Serializers:

models.py

1) from django.db import models

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
40  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
admin.py

1) from django.contrib import admin

2) from testapp.models import Employee
3)
4) # Register your models here.
5) admin.site.register(Employee)

serializers.py

1) from rest_framework import serializers

views.py

1) from django.shortcuts import render

2) from django.views.generic import View
3) import io
4) from rest_framework.parsers import JSONParser
5) from testapp.models import Employee
6) from testapp.serializers import EmployeeSerializer
7) from rest_framework.renderers import JSONRenderer
8) from django.http import HttpResponse
9)
10) # Create your views here.
11) class EmployeeCRUDCBV(View):
12) def get(self,request,*args,**kwargs):
13) json_data=request.body
14) stream=io.BytesIO(json_data)
15) data=JSONParser().parse(stream)
16) id=data.get('id',None)
17) if id is not None:
18) emp=Employee.objects.get(id=id)
19) serializer=EmployeeSerializer(emp)
20) json_data=JSONRenderer().render(serializer.data)
21) return HttpResponse(json_data,content_type='application/json')
22) qs=Employee.objects.all()
23) serializer=EmployeeSerializer(qs,many=True)
24) json_data=JSONRenderer().render(serializer.data)
25) return HttpResponse(json_data,content_type='application/json')

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
41  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
test.py

Create Opeation/POST Request by using Serializers:

To perform create operation, we have to override create() method in the serializer class.

1) from rest_framework import serializers

views.py(post method):

1) def post(self,request,*args,**kwargs):
2) json_data=request.body
3) stream=io.BytesIO(json_data)
4) data=JSONParser().parse(stream)
5) serializer=EmployeeSerializer(data=data)
6) if serializer.is_valid():
7) serializer.save()
8) msg={'msg':'Resource Created Succesfully'}
9) json_data=JSONRenderer().render(msg)
10) return HttpResponse(json_data,content_type='application/json')
11) json_data=JSONRenderer().render(serializer.errors)
12) return HttpResponse(json_data,content_type='application/json')

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
42  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Note:
1) To send post request csrf verification should be disabled
2) Before calling save() method,compulsory we should call is_valid() method, otherwise
we will get error.
AssertionError: You must call .is_valid() before calling .save()
3) After validation we can print validated data by using
serializer.validated_data variable
print(serializer.validated_data)

Update operation/put request by using Serializers:

To handle put requests, we have to override update() method in the serializer class.

1) from rest_framework import serializers

2) from testapp.models import Employee
3) class EmployeeSerializer(serializers.Serializer):
4) eno=serializers.IntegerField()
5) ename=serializers.CharField(max_length=64)
6) esal=serializers.FloatField()
7) eaddr=serializers.CharField(max_length=64)
8) def create(self,validated_data):
9) return Employee.objects.create(**validated_data)
10) def update(self,instance,validated_data):
11) instance.eno=validated_data.get('eno',instance.eno)
12) instance.ename=validated_data.get('ename',instance.ename)
13) instance.esal=validated_data.get('esal',instance.esal)
14) instance.eaddr=validated_data.get('eaddr',instance.eaddr)
15) instance.save()
16) return instance

views.py

1) def put(self,request,*args,**kwargs):
2) json_data=request.body
3) stream=io.BytesIO(json_data)
4) data=JSONParser().parse(stream)
5) id=data.get('id')
6) emp=Employee.objects.get(id=id)
7) #serializer=EmployeeSerializer(emp,data=data)
8) serializer=EmployeeSerializer(emp,data=data,partial=True)
9) if serializer.is_valid():
10) serializer.save()
11) msg={'msg':'Resource Updated Succesfully'}
12) json_data=JSONRenderer().render(msg)
13) return HttpResponse(json_data,content_type='application/json')

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
43  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
14) json_data=JSONRenderer().render(serializer.errors)
15) return HttpResponse(json_data,content_type='application/json')

Note: By default for update operation, we have to provide all fields. If any field is
missing, then we will get ValidationError.

If we don't want to provide all fields, then we have to use 'partial' attribute.

serializer = EmployeeSerializer(emp,data=data)
In this case we have to provide all fields for updation

serializer = EmployeeSerializer(emp,data=data,partial=True)
In this case we have to provide only required fields but not all.

Note: By using serializers, we can perform get(),post() and put() operations. There is role
of serializers in delete operation.

3) Validations by using Serializers:

We can implement validations by using the following 3 ways

1) Field Level Validations

2) Object Level Validations
3) By using validators

1) Field Level Validations

Syntax: validate_fieldname(self,value):

Eg: To check esal should be minimum 5000

1) class EmployeeSerializer(serializers.Serializer):
2) ....
3)
4) def validate_esal(self,value):
5) if value<5000:
6) raise serializers.ValidationError('Employee Salaray Should be Minimum 5000')
7) return value

2) Object Level Validations:

If we want to perform validations for multiple fields simultaneously then we should go
for object level validations.

Eg: If ename is 'Sunny' then salary should be minimum 60000

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
44  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
1) def validate(self,data):
2) ename=data.get('ename')
3) esal=data.get('esal')
4) if ename.lower()=='sunny':
5) if esal<60000:
6) raise serializers.ValidationError('Sunny Salary should be minimum 60K')
7) return data

Use Cases:
1) First entered pwd and re-entered pwd must be same.
2) First entered account number and re-entered account number must be same

These validations we can implement at object level.

3) Validations by using Validator Field:

1) def multiples_of_1000(value):
2) if value % 1000 != 0:
3) raise serializers.ValidationError('Salary should be multiples of 1000s')
4)
5) class EmployeeSerializer(serializers.Serializer):
6) ...
7) esal=serializers.FloatField(validators=[multiples_of_1000,])
8) ..

Note: If we implement all 3 types of validations then the order of priority is

1) validations by using validator

2) validations at field level
3) validations at object level

Complete Application for Serializers:

serializers.py

1) from rest_framework import serializers

2) from testapp.models import Employee
3)
4) def multiples_of_1000(value):
5) print('validations by using validator')
6) if value % 1000 != 0:
7) raise serializers.ValidationError('Salary should be multiples of 1000s')
8)
9) class EmployeeSerializer(serializers.Serializer):
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
45  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
10) eno=serializers.IntegerField()
11) ename=serializers.CharField(max_length=64)
12) esal=serializers.FloatField(validators=[multiples_of_1000,])
13) eaddr=serializers.CharField(max_length=64)
14)
15) def validate_esal(self,value):
16) print('validations at field level')
17) if value<5000:
18) raise serializers.ValidationError('Employee Salaray Should be Minimum 5000')
19) return value
20) def validate(self,data):
21) print('validations at object level')
22) ename=data.get('ename')
23) esal=data.get('esal')
24) if ename.lower()=='sunny':
25) if esal<60000:
26) raise serializers.ValidationError('Sunny Salary should be minimum 60K')
27) return data
28)
29) def create(self,validated_data):
30) return Employee.objects.create(**validated_data)
31) def update(self,instance,validated_data):
32) instance.eno=validated_data.get('eno',instance.eno)
33) instance.ename=validated_data.get('ename',instance.ename)
34) instance.esal=validated_data.get('esal',instance.esal)
35) instance.eaddr=validated_data.get('eaddr',instance.eaddr)
36) instance.save()
37) return instance

views.py

1) from django.shortcuts import render

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
46  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
15) json_data=request.body
16) stream=io.BytesIO(json_data)
17) data=JSONParser().parse(stream)
18) id=data.get('id',None)
19) if id is not None:
20) emp=Employee.objects.get(id=id)
21) serializer=EmployeeSerializer(emp)
22) json_data=JSONRenderer().render(serializer.data)
23) return HttpResponse(json_data,content_type='application/json')
24) qs=Employee.objects.all()
25) serializer=EmployeeSerializer(qs,many=True)
26) json_data=JSONRenderer().render(serializer.data)
27) return HttpResponse(json_data,content_type='application/json')
28) def post(self,request,*args,**kwargs):
29) json_data=request.body
30) stream=io.BytesIO(json_data)
31) data=JSONParser().parse(stream)
32) serializer=EmployeeSerializer(data=data)
33) if serializer.is_valid():
34) serializer.save()
35) msg={'msg':'Resource Created Succesfully'}
36) json_data=JSONRenderer().render(msg)
37) return HttpResponse(json_data,content_type='application/json')
38) json_data=JSONRenderer().render(serializer.errors)
39) return HttpResponse(json_data,content_type='application/json')
40) def put(self,request,*args,**kwargs):
41) json_data=request.body
42) stream=io.BytesIO(json_data)
43) data=JSONParser().parse(stream)
44) id=data.get('id')
45) emp=Employee.objects.get(id=id)
46) serializer=EmployeeSerializer(emp,data=data,partial=True)
47) if serializer.is_valid():
48) serializer.save()
49) msg={'msg':'Resource Updated Succesfully'}
50) json_data=JSONRenderer().render(msg)
51) return HttpResponse(json_data,content_type='application/json')
52) json_data=JSONRenderer().render(serializer.errors)
53) return HttpResponse(json_data,content_type='application/json')

test.py

1) import requests
2) import json
3) BASE_URL='http://127.0.0.1:8000/'

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
47  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
4) ENDPOINT='api/'
5) # def get_resources(id=None):
6) # data={}
7) # if id is not None:
8) # data={
9) # 'id':id
10) # }
11) # resp=requests.get(BASE_URL+ENDPOINT,data=json.dumps(data))
12) # print(resp.status_code)
13) # print(resp.json())
14) # get_resources()
15) # def create_resource():
16) # new_emp={
17) # 'eno':300,
18) # 'ename':'Kareena',
19) # 'esal':3000,
20) # 'eaddr':'Hyderabad',
21) # }
22) # r=requests.post(BASE_URL+ENDPOINT,data=json.dumps(new_emp))
23) # print(r.status_code)
24) # # print(r.text)
25) # print(r.json())
26) # create_resource()
27) def update_resource(id):
28) new_data={
29) 'id':id,
30) # 'eno':700,
31) 'ename':'Sunny123',
32) 'esal':15000,
33) # 'eaddr':'Hyd'
34)
35) }
36) r=requests.put(BASE_URL+ENDPOINT,data=json.dumps(new_data))
37) print(r.status_code)
38) # print(r.text)
39) print(r.json())
40) update_resource(3)
41) # def delete_resource(id):
42) # data={
43) # 'id':id,
44) # }
45) # r=requests.delete(BASE_URL+ENDPOINT,data=json.dumps(data))
46) # print(r.status_code)
47) # # print(r.text)
48) # print(r.json())

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
48  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
49) # delete_resource(5)

ModelSerializers:
 If our serializable objects are Django model objects, then it is highly recommended to
go for ModelSerializer.
 ModelSerializer class is exactly same as regular serializer classe except the following
differences

1) The fields will be considered automatically based on the model and we are not
required to specify explicitly.
2) It provides default implementation for create() and update() methods.

Note: ModelSerializer won't provide any extra functionality and it is just for typing
shortcut.

We can define ModelSerializer class as follows:

1) class EmployeeSerializer(serializers.ModelSerializer):
2) class Meta:
3) model=Employee
4) fields='__all__'

Here we are not required to specify fields and these will be considered automatically
based on Model class. We are not required to implement create() and update() methods,
because ModelSerializer class will provide these methods.

***Note: If we want to define validations for any field then that particular field we have
to declare explicitly.

1) def multiples_of_1000(value):
2) print('validations by using validator')
3) if value % 1000 != 0:
4) raise serializers.ValidationError('Salary should be multiples of 1000s')
5) class EmployeeSerializer(serializers.ModelSerializer):
6) esal=serializers.FloatField(validators=[multiples_of_1000,])
7) class Meta:
8) model=Employee
9) fields='__all__'

Q) In how many Ways we can specify Fields in ModelSerializer Class?

3 Ways

1) To include all fields

fields = '__all__'

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
49  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
2) To include only some fields
fields = ('eno','ename','eaddr')
This approach is helpful if we want to include very less number of fields.

3) To exclude some fields

exclude = ('esal')

Except esal, all remaining fields will be considered.

If we want to consider majarity of the fileds then this approach is helpful.

Django REST Framework Views:

DRF provides 2 classes to define business logic for our API Views.

1) APIView
2) ViewSet

1) APIView:
 It is the most basic class to build REST APIs. It is similar to Django traditional View
class.
 It is the child class of Django's View class.
 It allows us to use standard HTTP methods as functions like get(),post(),put() etc
 Here, we have to write complete code for business logic and hence programmer
having complete control on the logic. We can understand flow of execution very
clearly.
 Best suitable for complex operations like working with multiple datasources, calling
other APIs etc
 We have to define url mappings manually.

Where APIViews are best suitable?

1) If we want complete control over the logic
2) If we want clear execution flow
3) If we are calling other APIs in the same request
4) If we want to work with multiple data sources simultaneously
5) If we want to perform any complex operations
etc
How to send Response in APIViews/ViewSets:
To send response to the partner/client application, DRF provides Response class. It will
convert input data to json format automatically.

For get Request:

1) from rest_framework.views import APIView

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
50  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
2) from rest_framework.response import Response
3) class TestApiView(APIView):
4) def get(self,request,format=None):
5) colors=['RED','BLUE','GREEN','YELLOW','INDIGO']
6) return Response({'msg':'Welcome to Colorful Year','colors':colors})

For Post Request:

In post request, partner/client application will send resource data in the form of json. To
convert this json data to python native types, serializer is required.

serializers.py

1) from rest_framework import serializers

2) class NameSerializer(serializers.Serializer):
3) name=serializers.CharField(max_length=7)

views.py

1) def post(self,request):
2) serializer=NameSerializer(data=request.data)
3) if serializer.is_valid():
4) name=serializer.data.get('name')
5) msg='Hello {} Wish You Happy New Year !!!'.format(name)
6) return Response({'msg':msg})
7) return Response(serializer.errors,status=400)

How to test POST Method:

We should provide json as input and we should use double quotes

1) input: {"name":"Sunny"}
2) response:
3)
4) HTTP 200 OK
5) Allow: GET, POST, HEAD, OPTIONS
6) Content-Type: application/json
7) Vary: Accept
8)
9) {
10) "msg": "Hello Sunny Wish You Happy New Year !!!"
11) }
12)
13) input: {"name":"Sunny Leone"}
14) response:
15)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
51  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
16) HTTP 400 Bad Request
17) Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
18) Content-Type: application/json
19) Vary: Accept
20)
21) {
22) "name": [
23) "Ensure this field has no more than 7 characters."
24) ]
25) }

How to implement put(), patch() and delete() Methods:

1) class TestApiView(APIView):
2) .....
3) def put(self,request,pk=None):
4) return Response({'msg':'Response from put method'})
5) def patch(self,request,pk=None):
6) return Response({'msg':'Response from patch method'})
7) def delete(self,request,pk=None):
8) return Response({'msg':'Response from delete method'})

Note: Test these methods by using browsable API(include screen shots)

Complete Application:
views.py

1) from django.shortcuts import render

2) from rest_framework.views import APIView
3) from rest_framework.response import Response
4) from testapp.serializers import NameSerializer
5) # Create your views here.
6) class TestApiView(APIView):
7) def get(self,request,format=None):
8) colors=['RED','BLUE','GREEN','YELLOW','INDIGO']
9) return Response({'msg':'Welcome to Colorful Year','colors':colors})
10) def post(self,request):
11) serializer=NameSerializer(data=request.data)
12) if serializer.is_valid():
13) name=serializer.data.get('name')
14) msg='Hello {} Wish You Happy New Year !!!'.format(name)
15) return Response({'msg':msg})
16) return Response(serializer.errors,status=400)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
52  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
17) def put(self,request,pk=None):
18) return Response({'msg':'Response from put method'})
19) def patch(self,request,pk=None):
20) return Response({'msg':'Response from patch method'})
21) def delete(self,request,pk=None):
22) return Response({'msg':'Response from delete method'})

serializers.py

1) from rest_framework import serializers

2) class NameSerializer(serializers.Serializer):
3) name = serializers.CharField(max_length=7)

urls.py

1) from django.conf.urls import url,include

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'^admin/', admin.site.urls),
7) url(r'^api/', views.TestApiView.as_view()),
8) ]

2) ViewSets:
 By using ViewSets, we can provide business logic for our API views.
 It is alternative to APIView class.

 In the case of APIView, we can use HTTP Methods as functions like get(), post() etc. But
in ViewSet, We have to use Model class actions/operations for function names.
 list()  To get all resources/records/objects
 retrieve()  To get a specific resource
 create()  To create a new resource
 update()  To update a resource
 partial_update()  To perform partial updation of resource.
 destroy()  To delete a resource.

Mapping:
get()  list() and retrieve()
post()  create()
put()  update()
patch()  partial_update()
delete()  destroy()

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
53  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
In APIViews, we have to write total logic. But in ViewSets most of the logic will be
provided automatically. Hence we can provide more functionality with less code and we
can develop API very quickly in less time.

When ViewSets are Best Choice:

1) If we want to develop a simple CRUD interface to our database.
2) If we want to develop a simple and quick API to manage predefined objects
3) If we are performing only standard operations with very less or no customization.
4) If we are not performing any complex operations like calling other APIs,using multiple
data sources etc

Sample Code for List Operation:

1) from rest_framework import viewsets

2) class TestViewSet(viewsets.ViewSet):
3) def list(self,request):
4) colors=['RED','GREEN','YELLOW','ORANGE']
5) return Response({'msg':'Wish YOu Colorful Life in 2019','colors':colors})

Defining Router for TestViewSet:

 In APIViews, we have to map views to urls manually. But in ViewSet, we are not
required to do explicitly. DRF provides a 'DefaultRouter' class to map ViewSet to the
urls, which are used by partner application.
 Routers provide an easy way of automatically determining the URL configurations.
Routers are required only for views developed by ViewSet.
 We have to add the following lines to urls.py:

1) from rest_framework import routers

2) router=routers.DefaultRouter()
3) router.register('test-viewset',views.TestViewSet,base_name='test-viewset')
4)
5) urlpatterns = [
6) ...
7) url(r'',include(router.urls))
8) ]

urls.py

1) from django.conf.urls import url,include

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
54  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
7)
8) urlpatterns = [
9) url(r'^admin/', admin.site.urls),
10) # url(r'^api/', views.TestApiView.as_view()),
11) url(r'',include(router.urls))
12) ]

create(),retrieve(),update(),partial update() and destroy() Methods:

1) from rest_framework import viewsets

2) class TestViewSet(viewsets.ViewSet):
3) ...
4) def create(self,request):
5) serializer=NameSerializer(data=request.data)
6) if serializer.is_valid():
7) name=serializer.data.get('name')
8) msg='Hello {} Your Life will be settled in 2019'.format(name)
9) return Response({'msg':msg})
10) return Response(serializer.errors,status=400)
11) def retrieve(self,request,pk=None):
12) return Response({'msg':'Response from retrieve method'})
13) def update(self,request,pk=None):
14) return Response({'msg':'Response from update method'})
15) def partial_update(self,request,pk=None):
16) return Response({'msg':'Response from partial_update method'})
17) def destroy(self,request,pk=None):
18) return Response({'msg':'Response from destroy method'})

Complete Application:
views.py

1) from rest_framework.response import Response

2) from testapp.serializers import NameSerializer
3) from rest_framework import viewsets
4) class TestViewSet(viewsets.ViewSet):
5) def list(self,request):
6) colors=['RED','GREEN','YELLOW','ORANGE']
7) return Response({'msg':'Wish YOu Colorful Life in 2019','colors':colors})
8) def create(self,request):
9) serializer=NameSerializer(data=request.data)
10) if serializer.is_valid():
11) name=serializer.data.get('name')
12) msg='Hello {} Your Life will be settled in 2019'.format(name)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
55  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
13) return Response({'msg':msg})
14) return Response(serializer.errors,status=400)
15) def retrieve(self,request,pk=None):
16) return Response({'msg':'Response from retrieve method'})
17) def update(self,request,pk=None):
18) return Response({'msg':'Response from update method'})
19) def partial_update(self,request,pk=None):
20) return Response({'msg':'Response from partial_update method'})
21) def destroy(self,request,pk=None):
22) return Response({'msg':'Response from destroy method'})

serializers.py

1) from rest_framework import serializers

2) class NameSerializer(serializers.Serializer):
3) name = serializers.CharField(max_length=7)

urls.py

1) from django.conf.urls import url,include

2) from django.contrib import admin
3) from testapp import views
4) from rest_framework import routers
5) router=routers.DefaultRouter()
6) router.register('test-viewset',views.TestViewSet,base_name='test-viewset')
7)
8) urlpatterns = [
9) url(r'^admin/', admin.site.urls),
10) # url(r'^api/', views.TestApiView.as_view()),
11) url(r'',include(router.urls))
12) ]

Differences between APIView and ViewSet

APIView ViewSet
1) Present in rest_framework.views 1) Present in rest_framework.viewsets Modules.
Module.
2) Method Names reflect HTTP 2) Method Names reflect Database Model class
Methods like actions/operations like

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
56  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
get(),post(),put(),patch(),delete() list(),retrieve(),create(),update(),partial_update()
and destroy()
3) We have to map views to urls 3) We are not required to map views to urls
explicitly. explicitly. DefaultRouter will takes care url
maapings automatically.
4) Most of the business logic we have 4) Most of the business logic will be generated
to write explicitly. automatically.
5) Length of the code is more 5) Length of the code is less.
6) API Development time is more 6) API Development time is less
7) Developer has complete control 7) Developer won't have complete control over
over the logic the logic.
8) Clear Execution Flow is possible 8) Clear Execution Flow is not possible
9) Best suitable for complex operations 9) Best suitable for developing simple APIs like
like using multiple data sources developing CRUD interface for database models.
simultaneously, calling other APIs etc

Demo applications on APIViews:

models.py

1) from django.db import models

admin.py

1) from django.contrib import admin

2) from testapp.models import Employee
3) # Register your models here.
4) admin.site.register(Employee)

serializers.py

1) from testapp.models import Employee

2) from rest_framework import serializers
3) class EmployeeSerializer(serializers.ModelSerializer):

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
57  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
4) class Meta:
5) model=Employee
6) fields='__all__'

views.py

1) from django.shortcuts import render

2) from rest_framework.views import APIView
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework.response import Response
5) from testapp.models import Employee
6) # Create your views here.
7) class EmployeeListAPIView(APIView):
8) def get(self,request,format=None):
9) qs=Employee.objects.all()
10) serializer=EmployeeSerializer(qs,many=True)
11) return Response(serializer.data)

Note: In the above example, serializer is responsible to convert queryset to python native
data type(dict) and Response object is responsible to convert that dict to json.

urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'^admin/', admin.site.urls),
7) url(r'^api/', views.EmployeeListAPIView.as_view()),
8) ]

To List all Employees by using ListAPIView Class:

If we want to get list of all resources then ListAPIView class is best suitable. This class
present in rest_framework.generics module.
Used for read-only endpoints to represent a collection of model instances.
Provides a get method handler.
Extends: GenericAPIView, ListModelMixin

1) from rest_framework import generics

2) class EmployeeAPIView(generics.ListAPIView):
3) queryset=Employee.objects.all()
4) serializer_class=EmployeeSerializer

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
58  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
How to implement Search Operation:
If we want to implement search operation, we have to override get_queryset() method in
our view class.

1) from rest_framework import generics

2) class EmployeeAPIView(generics.ListAPIView):
3) # queryset=Employee.objects.all()
4) serializer_class=EmployeeSerializer
5) def get_queryset(self):
6) qs=Employee.objects.all()
7) name=self.request.GET.get('ename')
8) if name is not None:
9) qs=qs.filter(ename__icontains=name)
10) return qs

Note: If we override get_queryset() method then we are not required to specify queryset
variable.

To list out all employee records the endpoint url is:

http://127.0.0.1:8000/api/

To list out all employee records where ename contains Sunny, the endpoint url is:
http://127.0.0.1:8000/api/?ename=Sunny

How to implement Create Operation with CreateAPIView:

CreateAPIView:
Used for create-only endpoints.
Provides a post method handler.
Extends: GenericAPIView, CreateModelMixin

class EmployeeCreateAPIView(generics.CreateAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer

url(r'^api/', views.EmployeeCreateAPIView.as_view()),

How to implement Retrieve Operation by using RetrieveAPIView:

RetrieveAPIView:
Used for read-only endpoints to represent a single model instance.
Provides a get method handler.
Extends: GenericAPIView, RetrieveModelMixin

class EmployeeDetailAPIView(generics.RetrieveAPIView):

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
59  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer

url(r'^api/(?P<pk>\d+)/$', views.EmployeeDetailAPIView.as_view()),

In the url pattern compulsory we should use 'pk',otherwise we will get the following error.

AssertionError at /api/2/
Expected view EmployeeDetailAPIView to be called with a URL keyword argument named
"pk". Fix your URL conf, or set the '.lookup_field' attribute on the view correctly.

If we want to use anyother name instead of 'pk' then we have to use lookup_field
attribute in the view class.

class EmployeeDetailAPIView(generics.RetrieveAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
lookup_field='id'

url(r'^api/(?P<id>\d+)/$', views.EmployeeDetailAPIView.as_view()),

How to implement Update Operation by using UpdateAPIView:

UpdateAPIView:
Used for update-only endpoints for a single model instance.
Provides put and patch method handlers.
Extends: GenericAPIView, UpdateModelMixin

class EmployeeUpdateAPIView(generics.UpdateAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
lookup_field='id'

url(r'^api/(?P<id>\d+)/$', views.EmployeeUpdateAPIView.as_view()),

Note: In the browsable API, for PUT operation we have to provide values for all fields.
But for PATCH operation we have to provide only required fields.

How to implement Delete Operation by using DestroyAPIView:

DestroyAPIView:
Used for delete-only endpoints for a single model instance.
Provides a delete method handler.
Extends: GenericAPIView, DestroyModelMixin

class EmployeeDeleteAPIView(generics.DestroyAPIView):

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
60  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
lookup_field='id'

url(r'^api/(?P<id>\d+)/$', views.EmployeeDeleteAPIView.as_view()),

Note:
ListAPIView  Specially designed class for List operation
CreateAPIView  Specially designed class for Create operation
RetrieveAPIView  Specially designed class for Detail operation
UpdateAPIView  Specially designed class for Update operation
DestroyAPIView  Specially designed class for delete operation

How to implement List and Create Operations by using

ListCreateAPIView:
We can use ListCreateAPIView to develop read-write endpoints to represent a collection
of model instances.
It provides get and post method handlers.

class EmployeeListCreateAPIView(generics.ListCreateAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer

url(r'^api/', views.EmployeeListCreateAPIView.as_view()),

How to implement Read and Update Operations by using

RetrieveUpdateAPIView:
We can use RetrieveUpdateAPIView to develop read and update endpoints to represent a
single model instance.
It provides get, put and patch method handlers.

class EmployeeRetrieveUpdateAPIView(generics.RetrieveUpdateAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
lookup_field='id'

url(r'^api/(?P<id>\d+)/$', views.EmployeeRetrieveUpdateAPIView.as_view()),

How to implement Read and Delete Operations by using

RetrieveDestroyAPIView:
We can use RetrieveDestroyAPIView to develop read and delete endpoints to represent a
single model instance.
It provides get and delete method handlers.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
61  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
class EmployeeRetrieveDestroyAPIView(generics.RetrieveDestroyAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
lookup_field='id'

url(r'^api/(?P<id>\d+)/$', views.EmployeeRetrieveDestroyAPIView.as_view()),

How to implement Read, Update and Delete Operations by using

RetrieveUpdateDestroyAPIView:
We can use RetrieveUpdateDestroyAPIView to develop read-update-delete endpoints to
represent a single model instance.
It provides get, put, patch and delete method handlers.

class EmployeeRetrieveUpdateDestroyAPIView(generics.RetrieveUpdateDestroyAPIView):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
lookup_field='id'

url(r'^api/(?P<id>\d+)/$', views.EmployeeRetrieveUpdateDestroyAPIView.as_view()),

Implementing all CRUD Operations by using 2 End Points:

views.py

1) class EmployeeListCreateAPIView(generics.ListCreateAPIView):
2) queryset=Employee.objects.all()
3) serializer_class=EmployeeSerializer
4) class EmployeeRetrieveUpdateDestroyAPIView(generics.RetrieveUpdateDestroyAP
IView):
5) queryset=Employee.objects.all()
6) serializer_class=EmployeeSerializer
7) lookup_field='id'

urls.py
url(r'^api/$', views.EmployeeListCreateAPIView.as_view()),
url(r'^api/(?P<id>\d+)/$', views.EmployeeRetrieveUpdateDestroyAPIView.as_view()),

Note: The following are various predefined APIView classes to build our API very easily

 ListAPIView
 CreateAPIView
 RetrieveAPIView
 UpdateAPIView
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
62  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
 DestroyAPIView
 ListCreateAPIView
 RetrieveUpdateAPIView
 RetrieveDestroyAPIView
 RetrieveUpdateDestroyAPIView

Mixins:
Mixins are reusable components. DRF provides several mixins to provide basic view
behaviour. Mixin classes provide several action methods like create(), list() etc which are
useful while implementing handling methods like get(), post() etc
The mixin classes can be imported from rest_framework.mixins.

The following are various Mixin classes provided by DRF.

1) ListModelMixin
2) CreateModelMixin
3) RetrieveModelMixin
4) UpdateModelMixin
5) DestroyModelMixin

1) ListModelMixin:
 It can be used to implement list operation (get method handler).
 It provides list() method
list(request,*args,**kwargs)

2) CreateModelMixin:
It can be used for implementing create operation. ie for creating and saving new
model instance(post method handler).It provides create() method.
create(request,*args,**kwargs)

3) RetrieveModelMixin:
It can be used to implement retrieve/detail operation(get method handler). It provides
retrieve() method
retrieve(request,*args,**kwargs)

4) UpdateModelMixin:
 It can be used to implement update operation(both put and patch)
 It provides update() method to implement put method handler.
update(request,*args,**kwargs)
 It provides partial_update() method to implement patch method handler
partial_update(request,*args,**kwargs)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
63  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
5) DestroyModelMixin:
 It can be used to implement destroy operation(delete method handler)
 It provide destroy() method
destroy(request,*args,**kwargs)

Demo Application:
1) from rest_framework import mixins
2) class EmployeeListModelMixin(mixins.CreateModelMixin,generics.ListAPIView):
3) queryset=Employee.objects.all()
4) serializer_class=EmployeeSerializer
5) def post(self,request,*args,**kwargs):
6) return self.create(request,*args,**kwargs)
7)
8) class EmployeeDetailAPIViewMixin(mixins.UpdateModelMixin,mixins.DestroyMod
elMixin,generics.RetrieveAPIView):
9) queryset=Employee.objects.all()
10) serializer_class=EmployeeSerializer
11) def put(self,request,*args,**kwargs):
12) return self.update(request,*args,**kwargs)
13) def patch(self,request,*args,**kwargs):
14) return self.partial_update(request,*args,**kwargs)
15) def delete(self,request,*args,**kwargs):
16) return self.destroy(request,*args,**kwargs)
17)
18) url(r'^api/$', views.EmployeeListModelMixin.as_view()),
19) url(r'^api/(?P<pk>\d+)/$', views.EmployeeDetailAPIViewMixin.as_view()),

Demo Application by using ViewSet:

models.py

1) from django.db import models

admin.py

1) from django.contrib import admin

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
64  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
2) from testapp.models import Employee
3) # Register your models here.
4) class EmployeeAdmin(admin.ModelAdmin):
5) list_display=['id','eno','ename','esal','eaddr']
6)
7) admin.site.register(Employee,EmployeeAdmin)

serializers.py

1) from testapp.models import Employee

2) from rest_framework.serializers import ModelSerializer
3) class EmployeeSerializer(ModelSerializer):
4) class Meta:
5) model=Employee
6) fields='__all__'

views.py

1) from django.shortcuts import render

2) from testapp.models import Employee
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework.viewsets import ModelViewSet
5) class EmployeeCRUDCBV(ModelViewSet):
6) serializer_class=EmployeeSerializer
7) queryset=Employee.objects.all()

urls.py

1) from django.conf.urls import url,include

2) from django.contrib import admin
3) from testapp import views
4) from rest_framework import routers
5) router=routers.DefaultRouter()
6) # router.register('api',views.EmployeeCRUDCBV,base_name='api')
7) router.register('api',views.EmployeeCRUDCBV)
8) urlpatterns = [
9) url(r'^admin/', admin.site.urls),
10) url(r'', include(router.urls)),
11) ]

Note:
1) If we want to develop simple APIs very quickly then ViewSet is the best choice
2) In the case of normal ViewSet, at the time of registration with router, base_name
attribute is mandatory. But if we are using ModelViewSet then this base_name
attribute is optional.
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
65  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Eg:
router.register('api',views.EmployeeCRUDCBV,base_name='api')
router.register('api',views.EmployeeCRUDCBV)

API Functionality Testing by using POSTMAN:

We have to install postman software explicitly
website: getpostman.com

The 4 Ways of Testing API Functionality

Partner
Application

POST MAN
API
Browsable
API

From Command
Prompt By Using
Httpie OR URL

1) Partner Application
2) Browsable API
3) POSTMAN

*****SCREEN SHOTS of the postman needs to be included

Note:
1) In the case of POST, PUT and PATCH Requests,we have to provide input data as the
part of Body in Postman.
2) Authentication information we have to provide in Headers part in Postman.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
66  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Authentication and Authorization:
The APIs, which are developed up to this can be accessed by every one.
By using ENDPOINT, any one can create a new resource,can modify and delete any
existing resource. It causes security problems. To provide Security for our API, we should
go for Authentication and Authorization.

Authentication:
The process of validating user is called authentication. Most of the times we can perform
authentication by using username and password combination or by using tokens etc

DRF provides several inbuilt authentication mechanisms

1) Basic Authentication
2) Session Authentication
3) Token Authentication
4) JWT(Json window Token) Authentication
etc

Note: By using DRF, we can implement our own custom authentication mechanism also

Authorization:
The process of validating access permissions of user is called authorization.
DRF provides several permission classes for authorization.

1) AllowAny
2) IsAuthenticated
3) IsAdminUser
4) IsAuthenticatedOrReadOnly
5) DjangoModelPermissions
6) DjangoModelPermissionsOrAnonReadOnly
etc

Note: After authentication we have to perform authorization.

Token based Authentication:

 Every request will be authenticated by using Token, which is nothing but Token
Authentication.
 TokenAuthentication is best suitable for native desktop clients and mobile clients.
 To implement TokenAuthentication, We have to use 3rd party application
'rest_framework.authtoken',which is responsible to generate and validate required
tokens. This application is the part of DRF.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
67  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Steps to implement TokenAuthentication:
1) We have to include authtoken application in INSTALLED_APPS list inside settings.py
file.

1) INSTALLED_APPS = [
2) ....
3) 'rest_framework',
4) 'rest_framework.authtoken',
5) 'testapp'
6) ]

2) Perform migrations so that the required tables of authtoken application will be

created in the database.
The table name is Tokens.
3) We can generate Tokens in the backend from admin interface by selecting required
user.
4) User also can send a request to authtoken application to generate token explicitly. For
this auth application url-pattern we have to configure in urls.py file.

1) from rest_framework.authtoken import views

2) urlpatterns = [
3) .....
4) url(r'^get-api-token/', views.obtain_auth_token,name='get-api-token'),
5) ]

We can send request to this authtoken application to get token as follows

http POST http://127.0.0.1:8000/get-api-token/ username="sunny"

password="durga123"

 authtoken application will validate this username and password.After valiation, it will
check is any token already generated for this user or not. If it is already generated then
return existing token from Tokens table.
 If it is not yet generated, then authtoken application will generate Token and save in
Tokens table and then send that token to the client.

Note: From the postman also,we can send the request. But username and password we
have to provide in Body section.

Enabling Authentication and Authorization (Permissions) for

View Class:
 Upto this just we tested authtoken application to generate and store Tokens.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
68  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
 We have to enable authentication and authorization for our view classes either locally
OR globally.

Enabling Locally:
Our application may contain several view classes. If we want to enable authentication and
authorization for a particular view class then we have to use this local approach.

1) from rest_framework.authentication import TokenAuthentication

2) from rest_framework.permissions import IsAuthenticated
3) class EmployeeCRUDCBV(ModelViewSet):
4) ...
5) authentication_classes=[TokenAuthentication,]
6) permission_classes=[IsAuthenticated,]

Note: Now,if we want to access ENDPOINT compulsory we should send Token, otherwise
we will get 401 Unauthorized error response.

1) D:\durgaclasses>http http://127.0.0.1:8000/api/
2) HTTP/1.0 401 Unauthorized
3) Allow: GET, POST, HEAD, OPTIONS
4) Content-Length: 58
5) Content-Type: application/json
6) Date: Mon, 21 Jan 2019 11:43:07 GMT
7) Server: WSGIServer/0.2 CPython/3.6.5
8) Vary: Accept
9) WWW-Authenticate: Token
10) X-Frame-Options: SAMEORIGIN
11)
12) {
13) "detail": "Authentication credentials were not provided."
14) }

How to Send the Request with Token:

1) D:\durgaclasses>http http://localhost:8000/api/ "authorization:Token 3639020972
202cc1d25114ab4a5f54e6078184a4"
2)
3) HTTP/1.0 200 OK
4) Allow: GET, POST, HEAD, OPTIONS
5) Content-Length: 136
6) Content-Type: application/json
7) Date: Mon, 21 Jan 2019 11:45:13 GMT
8) Server: WSGIServer/0.2 CPython/3.6.5
9) Vary: Accept

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
69  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
10) X-Frame-Options: SAMEORIGIN
11)
12) [
13) {
14) "eaddr": "Mumbai",
15) "ename": "Sunny",
16) "eno": 100,
17) "esal": 1000.0,
18) "id": 1
19) },
20) {
21) "eaddr": "Hyderabad",
22) "ename": "Bunny",
23) "eno": 200,
24) "esal": 2000.0,
25) "id": 2
26) }
27) ]

Enabling Globally:
 If we want to enable authentication and authorization for all view classes, we have to
use this approach.
 We have to add the following lines inside settings.py file.

1) REST_FRAMEWORK={
2) 'DEFAULT_AUTHENTICATION_CLASSES':('rest_framework.authentication.TokenAut
hentication',),
3) 'DEFAULT_PERMISSION_CLASSES':('rest_framework.permissions.IsAuthenticated',)
4) }

Q) What is use of 'AllowAny' Permission Class?

 AllowAny is the default value for the permission class.
 If we configure permission classes globally then applicable for all view classes. If we
don't want authorization for a particular class then we should use this 'AllowAny'
permission Class.

1) from rest_framework.authentication import TokenAuthentication

2) from rest_framework.permissions import AllowAny
3) class EmployeeCRUDCBV(ModelViewSet):
4) queryset=Employee.objects.all()
5) serializer_class=EmployeeSerializer
6) authentication_classes=[TokenAuthentication,]
7) permission_classes=[AllowAny,]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
70  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
To access this end point now authentication and authorization is not required. Any one
can access.

Various Possible Permission Classes:

DRF provides the following pre defined permission classes

1) AllowAny
2) IsAuthenticated
3) IsAdminUser
4) IsAuthenticatedOrReadOnly
5) DjangoModelPermissions
6) DjangoModelPermissionsOrAnonReadOnly

1) AllowAny:
 The AllowAny permission class will allow unrestricted access irrespective of whether
request is authenticated or not.
 This is default value for permission-class. It is very helpful to allow unrestricted access
for a particular view class if global settings are enabled.

2) IsAuthenticated:
 The IsAuthenticated permission class will deny permissions to any unauthorized user.
ie only authenticated users are allowed to access endpoint.
 This permission is suitable, if we want our API to be accessible by only registered
users.

Note:
We can send Token in postman inside Headers Section
Key: Authorization
Value: Token 3639020972202cc1d25114ab4a5f54e6078184a4

3) IsAdminUser:
 If we use IsAdminUser permission class then only AdminUser is allowed to access.i.e
the users where is_staff property is True.
 This type of permission is best suitable if we want our API to be accessible by only
trusted administrators.
 If the user is not admin and if he is trying to access endpoint then we will get 403
status code error response saying:
{
"detail": "You do not have permission to perform this action."
}

4) IsAuthenticatedOrReadOnly:

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
71  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
 To perform read operation (safe methods:GET,HEAD,OPTIONS) authentication is not
required. But for the remaining operations (POST,PUT,PATCH,DELETE) authentication
must be required.
 If any person is allowed to perform read operation and only registered users are
allowed to perform write operation then we should go for this permission class.
 Eg: In IRCTC application, to get trains information (read operation) registration is not
required. But to book tickets (write operation) login must be required.

5) DjangoModelPermissions:
 This is the most powerful permission class. Authorization will be granted iff user is
authenticated and has the relevant model permissions.
 DjangoModelPermissions = Authentication + Model Permissions.
 If the user is not authenticated(we are not providing token) then we will get 401
Unauthorized error message saying
{
"detail": "Authentication credentials were not provided."
}
If we are providing Token (authenticated) but not having model permissions then we can
perform only GET operation. But to perform POST,PUT,PATCH,DELETE compulsory model
permissions must be required,otherwise we will get 403 Forbidden error message saying
{
"detail": "You do not have permission to perform this action."
}

How to provide Model Permissions:

To perform POST operation the required model permission is 'add'
To perform PUT,PATCH operations the required model permission is 'change'
To pderform DELETE operation the required model permission is 'delete'

We have to provide these model permissions in admin interface under User permissions:

testapp | employee | Can change employee

testapp | employee | Can add employee
testapp | employee | Can delete employee

Note: DjangoModelPermissions class is more powerful and we have complete control on

permissions.

6) DjangoModelPermissionsOrAnonReadOnly:
It is exactly same as DjangoModelPermissions class except that it allows
unauthenticated users to have read-only access to the API.
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
72  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
1) from rest_framework.viewsets import ModelViewSet
2) from testapp.models import Employee
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework.authentication import TokenAuthentication
5) from rest_framework.permissions import IsAuthenticated,AllowAny,IsAdminUser,I
sAuthenticatedOrReadOnly,DjangoModelPermissions,DjangoModelPermissionsOr
AnonReadOnly
6) class EmployeeCRUDCBV(ModelViewSet):
7) queryset=Employee.objects.all()
8) serializer_class=EmployeeSerializer
9) authentication_classes=[TokenAuthentication,]
10) permission_classes=[DjangoModelPermissionsOrAnonReadOnly,]

Custom Permissions:
Based on our programming requirement, we can define our own permission classes also.
We have to create child class for BasePermission class and we have to override
has_permission() method.

Eg 1: Define our own Permission class which allows only SAFE_METHODS

(GET,HEAD,OPTIONS)

permissions.py

1) from rest_framework.permissions import BasePermission,SAFE_METHODS

2) class IsReadOnly(BasePermission):
3) def has_permission(self,request,view):
4) if request.method in SAFE_METHODS:
5) return True
6) else:
7) return False

views.py

1) from rest_framework.viewsets import ModelViewSet

2) from testapp.models import Employee
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework.authentication import TokenAuthentication
5) from rest_framework.permissions import IsAuthenticated,AllowAny,IsAdminUser,I
sAuthenticatedOrReadOnly,DjangoModelPermissions,DjangoModelPermissionsOr
AnonReadOnly
6) from testapp.permissions import IsReadOnly
7) class EmployeeCRUDCBV(ModelViewSet):
8) queryset=Employee.objects.all()

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
73  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
9) serializer_class=EmployeeSerializer
10) authentication_classes=[TokenAuthentication,]
11) permission_classes=[IsReadOnly,]

Eg 2: Defining our own permission class which allows only GET and PATCH methods.

1) from rest_framework.permissions import BasePermission

2) class IsGETOrPatch(BasePermission):
3) def has_permission(self,request,view):
4) allowed_methods=['GET','PATCH']
5) if request.method in allowed_methods:
6) return True
7) else:
8) return False

Eg 3: Define our own permission class with the following requirement:

If the name is sunny then allow all methods

If the name is not sunny and the name contains even number of characters then allow
only safe methods otherwise not allowed to perform any operation

1) from rest_framework.permissions import BasePermission,SAFE_METHODS

2) class SunnyPermission(BasePermission):
3) def has_permission(self,request,view):
4) username=request.user.username
5) if username.lower()=='sunny':
6) return True
7) elif username != '' and len(username) %2 == 0 and request.method in
SAFE_METHODS:
8) return True
9) else:
10) return False

Complete Application for Token Authentication:

settings.py

1) INSTALLED_APPS = [
2) ....
3) 'rest_framework',
4) 'rest_framework.authtoken',
5) 'testapp'
6) ]
7) REST_FRAMEWORK={

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
74  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
8) 'DEFAULT_AUTHENTICATION_CLASSES':('rest_framework.authentication.
TokenAuthentication',),
9) 'DEFAULT_PERMISSION_CLASSES':('rest_framework.permissions.IsAuthenticated',)
10) }

models.py

1) from django.db import models

admin.py

1) from django.contrib import admin

serializers.py

1) from testapp.models import Employee

2) from rest_framework.serializers import ModelSerializer
3) class EmployeeSerializer(ModelSerializer):
4) class Meta:
5) model=Employee
6) fields='__all__'

permissions.py

1) from rest_framework.permissions import BasePermission,SAFE_METHODS

2) class IsReadOnly(BasePermission):
3) def has_permission(self,request,view):
4) if request.method in SAFE_METHODS:
5) return True
6) else:
7) return False
8)
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
75  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
9) class IsGETOrPatch(BasePermission):
10) def has_permission(self,request,view):
11) allowed_methods=['GET','PATCH']
12) if request.method in allowed_methods:
13) return True
14) else:
15) return False
16)
17) class SunnyPermission(BasePermission):
18) def has_permission(self,request,view):
19) username=request.user.username
20) print('username:',username)
21) print(len(username))
22) if username.lower()=='sunny':
23) return True
24) elif username != '' and len(username) %2 == 0 and request.method in
SAFE_METHODS:
25) return True
26) else:
27) return False

views.py

1) from rest_framework.viewsets import ModelViewSet

2) from testapp.models import Employee
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework.authentication import TokenAuthentication
5) from rest_framework.permissions import IsAuthenticated,AllowAny,IsAdminUser,I
sAuthenticatedOrReadOnly,DjangoModelPermissions,DjangoModelPermissionsOr
AnonReadOnly
6) from testapp.permissions import SunnyPermission
7) class EmployeeCRUDCBV(ModelViewSet):
8) queryset=Employee.objects.all()
9) serializer_class=EmployeeSerializer
10) authentication_classes=[TokenAuthentication,]
11) permission_classes=[SunnyPermission,]

urls.py

1) from django.conf.urls import url,include

2) from django.contrib import admin
3) from testapp import views
4) from rest_framework import routers
5)
6) router=routers.DefaultRouter()

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
76  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
7) router.register('api',views.EmployeeCRUDCBV)
8) from rest_framework.authtoken import views
9)
10) urlpatterns = [
11) url(r'^admin/', admin.site.urls),
12) url(r'', include(router.urls)),
13) url(r'^get-api-token/', views.obtain_auth_token,name='get-api-token'),
14) ]

Limitation of Token Authentication:

In TokenAuthentication, all tokens will be stored in database table (Tokens table). For
every request DRF will communicate with the database to validate token and to identify
corresponding user. This database interaction for every request creates performance
problems. Hence scalability of API will be down.

To over come this problem, we should go for JWT Authentication. The main advantage of
JWT Authentication over TokenAuthentication is database interaction is not required to
identify user. From the token itself, DRF can identify user, which improves performance
and scalability of the application.
Because of this advantage, JWTAuthentication is the most commonly used type of
authentication in real time.

JWT (Json Web Token) Authentication:

This authentication is not inbuilt support of DRF. We have to install seperately. There are
several third party packages are available to implement JWT Authentication for DRF like

djangorestframework-jwt
django-rest-framework-simplejwt
etc

How JWT Works?

The JWT is just an authorization token that should be included in every request.

This authentication associated with the following token management terminology.

1) Access Token:
☻ This token can used to access our end point. The default expiration time is 5 minutes.
Ofcourse, it is customizable.

☻ We can generate access token by using the following configurations in urls.py

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
77  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
1) from rest_framework_jwt.views import obtain_jwt_token
2) urlpatterns = [
3) ...
4)
5) url(r'^api-token-auth/', obtain_jwt_token),
6) ]

2) Refresh Token:
☻ Non-expired tokens can be "refreshed" to obtain a brand new token with renewed
expiration time. For this compulsory we should set JWT_ALLOW_REFRESH is True.

☻ The expiration time for refresh token is 7 days. Ofcourse, it is customizable.

☻ Once refresh token expires then we have to provide our username and password to
generate.

☻ To perform refresh, the following configurations in urls.py required.

1) from rest_framework_jwt.views import refresh_jwt_token

2) urlpatterns = [
3) ...
4) url(r'^api-token-refresh/', refresh_jwt_token),
5) ]

3) Verify Token:
☻ We can verify whether the token is expired or not by using the following url
configurations in urls.py.

1) from rest_framework_jwt.views import verify_jwt_token

2) urlpatterns = [
3) ...
4) url(r'^api-token-verify/', verify_jwt_token),
5) ]

☻ Passing a token to the verification endpoint will return a 200 response and the token if
it is valid. Otherwise, it will return a 400 Bad Request as well as an error identifying
why the token was invalid.

Note: This tokens and expiration time concept is required to provide security.
JWT Token holds more information than Tokens of TokenAuthentication.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
78  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
How to implement JWT Authentication?
1) We have to install djangorestframework-jwt by using pip command.
pip install djangorestframework-jwt
2) We have to configure the following url-patterns to perform access token, refresh
token and verify token in urls.py file

urls.py

1) from rest_framework_jwt.views import obtain_jwt_token,refresh_jwt_token,verif

y_jwt_token
2)
3) urlpatterns = [
4) ....
5) url(r'âuth-jwt/', obtain_jwt_token),
6) url(r'âuth-jwt-refresh/', refresh_jwt_token),
7) url(r'âuth-jwt-verify/', verify_jwt_token),
8) ]

Obtaining of Access Token

From the Command Prompt
D:\>http POST http://127.0.0.1:8000/auth-jwt/ username="durga" password="durga123"
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Length: 203
Content-Type: application/json
Date: Mon, 28 Jan 2019 10:46:50 GMT
Server: WSGIServer/0.2 CPython/3.6.5
Vary: Accept
X-Frame-Options: SAMEORIGIN

{
"token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cmdhIiw
iZXhwIjoxNTQ4NjcyNzA5LCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4NjcyNDA5fQ.OxAMEKb
HTH9Kyk1Lh6OXl7UAs8el_sSEiLb9vDpf03E"
}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
79  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
From the postman tool:
POST http://127.0.0.1:8000/auth-jwt/

Body section:
Key: username value:durga
Key: password value:durga123

{
"token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cmdhIiw
iZXhwIjoxNTQ4NjcyOTU2LCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4NjcyNjU2fQ.8aKbA36Z
EcHtwWmbii48jUJuFHrzNA2qth6s3xOqw0M"
}

Refresh Token:
To perform refresh token compulsory we required to set JWT_ALLOW_REFRESH as True.
Inside settings.py the following configurations are required.

JWT_AUTH={
...
'JWT_ALLOW_REFRESH': True,
}

From Command Prompt:

D:\>http POST http://127.0.0.1:8000/auth-jwt-refresh/
token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1c
mdhIiwiZXhwIjoxNTQ4NjczNDgzLCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4NjczMTgzfQ.td
C5css67Ix8v4Tci4q5YjhobQoLnaSqOOh6wfl2qpk"
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Length: 203
Content-Type: application/json
Date: Mon, 28 Jan 2019 11:00:53 GMT
Server: WSGIServer/0.2 CPython/3.6.5
Vary: Accept
X-Frame-Options: SAMEORIGIN

{
"token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cmdhIiw
iZXhwIjoxNTQ4NjczNTUzLCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4NjczMTgzfQ.a045-
Tl43mGGfsTK608p-UCN1s92lfjJjRzGKW-s9Xo"
}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
80  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Note: Refresh should be done before expiring the access token. Once access token we
cannot perform refresh.

D:\>http POST http://127.0.0.1:8000/auth-jwt-refresh/

token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1c
mdhIiwiZXhwIjoxNTQ4NjczNDgzLCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4NjczMTgzfQ.td
C5css67Ix8v4Tci4q5YjhobQoLnaSqOOh6wfl2qpk"
HTTP/1.0 400 Bad Request
Allow: POST, OPTIONS
Content-Length: 47
Content-Type: application/json
Date: Mon, 28 Jan 2019 10:58:26 GMT
Server: WSGIServer/0.2 CPython/3.6.5
Vary: Accept
X-Frame-Options: SAMEORIGIN

{
"non_field_errors": [
"Signature has expired."
]
}

From postman tool:

POST http://127.0.0.1:8000/auth-jwt-refresh/

Headers section:
Key: Content-Type value: application/json

Body Section:
KEY: token
value:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cm
dhIiwiZXhwIjoxNTQ4NjczNDgzLCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4NjczMTgzfQ.tdC5
css67Ix8v4Tci4q5YjhobQoLnaSqOOh6wfl2qpk (existing access token)

{
"token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cmdhIiw
iZXhwIjoxNTQ4Njc0MzgyLCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4Njc0MDUwfQ.bQOZPD
1mTeT7yziBSCFkFSjvsoy0LxV9B9a8GyEVXlM"
}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
81  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Verify Token:
Passing a token to the verification endpoint will return a 200 response and the token if it
is valid. Otherwise, it will return a 400 Bad Request as well as an error identifying why the
token was invalid.

From the Command Prompt:

D:\>http POST http://127.0.0.1:8000/auth-jwt-verify/
token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1c
mdhIiwiZXhwIjoxNTQ4Njc0NTY1LCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4Njc0MjY1fQ._S
x2JJ3FGwV8Xt3Cj-qmEB4rbE0Z-iq6CpSWQVzRwwM"
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Length: 203
Content-Type: application/json
Date: Mon, 28 Jan 2019 11:18:18 GMT
Server: WSGIServer/0.2 CPython/3.6.5
Vary: Accept
X-Frame-Options: SAMEORIGIN

{
"token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cmdhIiw
iZXhwIjoxNTQ4Njc0NTY1LCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4Njc0MjY1fQ._Sx2JJ3FG
wV8Xt3Cj-qmEB4rbE0Z-iq6CpSWQVzRwwM"
}

D:\>http POST http://127.0.0.1:8000/auth-jwt-verify/

token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkI
joxLCJ1c2VybmFtZSI6ImR1cmdhIiwiZXhwIjoxNTQ4Njc0NTY1LCJlbWFpbCI6IiIsIm9yaWdfa
WF0IjoxNTQ4Njc0MjY1fQ._Sx2JJ3FGwV8
Xt3Cj-qmEB4rbE0Z-iq6CpSWQVzR1234wwM"
HTTP/1.0 400 Bad Request
Allow: POST, OPTIONS
Content-Length: 50
Content-Type: application/json
Date: Mon, 28 Jan 2019 11:21:04 GMT
Server: WSGIServer/0.2 CPython/3.6.5
Vary: Accept
X-Frame-Options: SAMEORIGIN
{
"non_field_errors": [
"Error decoding signature."
]
}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
82  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
From postman tool:
POST http://127.0.0.1:8000/auth-jwt-verify/

Headers section:
Key: Content-Type value: application/json

Body Section:
KEY: token
value:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cm
dhIiwiZXhwIjoxNTQ4Njc0NTY1LCJlbWFpbCI6IiIsIm9yaWdfaWF0IjoxNTQ4Njc0MjY1fQ._Sx2
JJ3FGwV8Xt3Cj-qmEB4rbE0Z-iq6CpSWQVzRwwM

{
"non_field_errors": [
"Signature has expired."
]
}

The 3 Parts of JWT Token:

In JWT Authentication the token is composed by three parts
header.payload.signature

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImR1cmdhIiwiZXhwIjoxNTQ4Njc0NTY1LCJlbWFpbCI6IiI
sIm9yaWdfaWF0IjoxNTQ4Njc0MjY1fQ.
_Sx2JJ3FGwV8Xt3Cj-qmEB4rbE0Z-iq6CpSWQVzRwwM

Enabling JWT Authentication in View Class:

...
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
class EmployeeCRUDCBV(ModelViewSet):
queryset=Employee.objects.all()
serializer_class=EmployeeSerializer
authentication_classes=[JSONWebTokenAuthentication,]
permission_classes=[IsAuthenticated,]

Sending Request with Token from the postman:

GET http://127.0.0.1:8000/api/
Headers Section:
Key: Authorization
Value: JWT <Token>

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
83  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Note: The default JWT_AUTH_HEADER_PREFIX is JWT. But we can configured our own
prefix in settings.py as follows

JWT_AUTH={
....
'JWT_AUTH_HEADER_PREFIX':'Bearer'
}

JWT Additional Settings:

JWT_AUTH = {
'JWT_ENCODE_HANDLER':
'rest_framework_jwt.utils.jwt_encode_handler',

'JWT_DECODE_HANDLER':
'rest_framework_jwt.utils.jwt_decode_handler',

'JWT_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_payload_handler',

'JWT_PAYLOAD_GET_USER_ID_HANDLER':
'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',

'JWT_RESPONSE_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_response_payload_handler',

'JWT_SECRET_KEY': settings.SECRET_KEY,
'JWT_GET_USER_SECRET_KEY': None,
'JWT_PUBLIC_KEY': None,
'JWT_PRIVATE_KEY': None,
'JWT_ALGORITHM': 'HS256',
'JWT_VERIFY': True,
'JWT_VERIFY_EXPIRATION': True,
'JWT_LEEWAY': 0,
'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=300),
'JWT_AUDIENCE': None,
'JWT_ISSUER': None,

'JWT_ALLOW_REFRESH': False,
'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),

'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_AUTH_COOKIE': None,
}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
84  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
JWT_AUTH = {
....
'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=300),
'JWT_ALLOW_REFRESH': False,
'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
....
}

How to implement Custom Authentication:

Based on our requirement, we can implement our own authentication.

Process:
1) We have to write our Custom Authentication class by extending from
BaseAuthentication.
2) We have to override authenticate() method.
3) Returns a tuple of (user,None) for successful authentication
4) Raise AuthenticationFailed exception for failed authentication.

authentications.py

1) from rest_framework.authentication import BaseAuthentication

2) from rest_framework.exceptions import AuthenticationFailed
3) from django.contrib.auth.models import User
4) class CustomAuthentication(BaseAuthentication):
5) def authenticate(self,request):
6) username=request.GET.get('username')
7) if username is None:
8) return None
9) try:
10) user=User.objects.get(username=username)
11) except User.DoesNotExist:
12) raise AuthenticationFailed('No such type of user')
13) return (user,None)

views.py

1) from testapp.authentications import CustomAuthentication

2) class EmployeeCRUDCBV(ModelViewSet):
3) queryset=Employee.objects.all()
4) serializer_class=EmployeeSerializer
5) authentication_classes=[CustomAuthentication,]
6) permission_classes=[IsAuthenticated,]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
85  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
We can send request for the endpoint as follows
http://127.0.0.1:8000/api/?username=durga

Demo Application-2 for Custom Authentication:

Requirements:
1) Client required to send secret key and username as query parameters.
2) Length of key should be 7 characters
3) The first character should be lower case alphabet symbol which should be last
character of username
4) The third character should be 'Z'
5) The 5 th character should be first character of username

Eg:
username: durga
secrete key: a7ZXd98

http://127.0.0.1:8000/api/?username=durga&key=a7ZXd98

authentications.py

1) from rest_framework.authentication import BaseAuthentication

2) from django.contrib.auth.models import User
3) from rest_framework.exceptions import AuthenticationFailed
4) class CustomAuthentication2(BaseAuthentication):
5) def authenticate(self,request):
6) username=request.GET.get('username')
7) key=request.GET.get('key')
8) if username is None or key is None:
9) return None
10) c1=len(key) == 7
11) c2=key[0]==username[-1].lower()
12) c3=key[2]=='Z'
13) c4=key[4]==username[0]
14) try:
15) user=User.objects.get(username=username)
16) except User.DoesNotExist:
17) raise AuthenticationFailed('Your provided username is invalid,plz provide
valid username to access endpoint')
18) if c1 and c2 and c3 and c4:
19) return (user,None)
20) raise AuthenticationFailed('Your provided key is invalid,plz provide valid key to
access endpoint')

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
86  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
views.py

1) from rest_framework.viewsets import ModelViewSet

2) from testapp.models import Employee
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework.permissions import IsAuthenticated
5) from testapp.authentications import CustomAuthentication2
6) class EmployeeCRUDCBV(ModelViewSet):
7) queryset=Employee.objects.all()
8) serializer_class=EmployeeSerializer
9) authentication_classes=[CustomAuthentication2,]
10) permission_classes=[IsAuthenticated,]

OAUTH2 Authentication:
Just refer the following links and documentation to implement social authentication by
using OAUTH2.
https://github.com/RealmTeam/django-rest-framework-social-oauth2
https://python-social-auth.readthedocs.io/en/latest/
https://django-oauth-toolkit.readthedocs.io/en/latest/
https://aaronparecki.com/oauth-2-simplified/

Basic Authentication:
It is very easy to setup.
But it is not recommended for production and we can use this Basic Authentication just
for testing purpose.
With every request we have to send username and password in base 64 encoded format
with Authorization Header.

How to encode username and password:

http://www.utilities-online.info/base64/#.XFGE8lUzbIU
We have to provide username and password in the following format for encoding
<username>:<password>

Eg: durga:durga123
Encoded string is : ZHVyZ2E6ZHVyZ2ExMjM=

views.py

1) ..
2) from rest_framework.authentication import BasicAuthentication
3) class EmployeeCRUDCBV(ModelViewSet):
4) queryset=Employee.objects.all()
5) serializer_class=EmployeeSerializer

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
87  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
6) authentication_classes=[BasicAuthentication,]
7) permission_classes=[IsAuthenticated,]

How to send request from command prompt:

http http://localhost:8000/api/ "authorization:Basic ZHVyZ2E6ZHVyZ2ExMjM="

Here 'ZHVyZ2E6ZHVyZ2ExMjM=' is encoded string of username:password

How to send request from postman:

GET http://localhost:8000/api/

Headers Section:
Key: Authorization value: Basic ZHVyZ2E6ZHVyZ2ExMjM=

Note: We can do encoding of username and password in postman tool itself and we are
not required to use any third party websites.

GET http://localhost:8000/api/

Authorization Section:

Type: Basic Auth (select from dropdown list)

Username: durga
Password: durga123

Limitation of Basic Authentication:

1) Here, with every request we have to send username and password in base-64
encoding, which can be easily decoded and hence it causes security problems.
2) 2. We cannot customize look and feel of login form

Because of these reasons, this type of authentication is not recommended to use.

Session Authentication:
Session Based authentication is the traditional authentication mechanism,what ever we
used in django.
Session authentication is implemented by the following class
rest_framework.authentication.SessionAuthentication
Internally authentication will be performed by Django inbuilt auth application.

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
88  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Demo Application:
models.py

1) from django.db import models

admin.py

1) from django.contrib import admin

serializers.py

1) from testapp.models import Employee

2) from rest_framework import serializers
3) class EmployeeSerializer(serializers.ModelSerializer):
4) class Meta:
5) model=Employee
6) fields='__all__'

views.py

1) from django.shortcuts import render

2) from testapp.models import Employee
3) from testapp.serializers import EmployeeSerializer
4) from rest_framework import viewsets
5) from rest_framework.authentication import SessionAuthentication
6) from rest_framework.permissions import IsAuthenticated
7) class EmployeeCRUDCBV(viewsets.ModelViewSet):
8) queryset=Employee.objects.all()
9) serializer_class=EmployeeSerializer
10) authentication_classes=[SessionAuthentication,]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
89  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
11) permission_classes=[IsAuthenticated,]

projectname/templates/registration/login.html

1) <!DOCTYPE html>
2) <html lang="en" dir="ltr">
3) <head>
4) <meta charset="utf-8">
5) <title></title>
6) </head>
7) <body>
8) <h1>Login to access API</h1><hr>
9) <form method="post">
10) {%csrf_token%}
11) {{form.as_p}}
12) <button type="submit" >Login</button>
13) </form>
14) </body>
15) </html>

urls.py

1) from django.conf.urls import url,include

2) from django.contrib import admin
3) from testapp import views
4) from rest_framework import routers
5) router=routers.DefaultRouter()
6) router.register('api',views.EmployeeCRUDCBV)
7)
8) urlpatterns = [
9) url(r'^admin/', admin.site.urls),
10) url(r'', include(router.urls)),
11) url(r'accounts/', include('django.contrib.auth.urls')),
12) ]

settings.py

1) INSTALLED_APPS = [
2) ....,
3) 'rest_framework',
4) 'testapp'
5) ]
6) TEMPLATE_DIR=os.path.join(BASE_DIR,'templates')
7) ...
8) TEMPLATES = [

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
90  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
9) {
10) 'BACKEND': 'django.template.backends.django.DjangoTemplates',
11) 'DIRS': [TEMPLATE_DIR],
12) ...
13) },
14) ]
15) LOGIN_REDIRECT_URL='/api/'

How to send Request for Login:

http://127.0.0.1:8000/accounts/login/

The request will goes to auth application and it will display

projectname/templates/registraion/login.html file.
If credentials are valid then the request will goes to api,otherwise display login form
again.

How to Logout from the Session:

http://127.0.0.1:8000/accounts/logout/

Auth application is responsible to provide login form,to perform authentication and to

perform logout.

DRF-Pagination:
Pagination is the splitting of large datasets into separated pages.
Whenever we are performing list operation(GET), if the number of resources is very huge,
then we should go for pagination.

DRF provides several pagination classes to implement pagination.

1) PageNumberPagination
2) LimitOffsetPagination
3) CursorPagination

All these classes present in rest_framework.pagination module.

How to enable Pagination Globally:

In settings.py, we have to add the following code:

1) REST_FRAMEWORK={
2) 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.
PageNumberPagination',
3) 'PAGE_SIZE':10,
4) }

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
91  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
This pagination is applicable for all view classes.

How to enable Pagination Locally:

We can specify by using pagination_class variable.

1) from rest_framework.pagination import PageNumberPagination

2) class EmployeeAPIView(generics.ListAPIView):
3) queryset =Employee.objects.all()
4) serializer_class =EmployeeSerializer
5) pagination_class = PageNumberPagination

Note: default pagination concept is avaialble only for generic views and viewsets. If we
are using regular APIView, then we have to write pagination code explicitly.

Demo Application for PageNumberPagination:

models.py

1) from django.db import models

2) class Employee(models.Model):
3) eno=models.IntegerField()
4) ename=models.CharField(max_length=64)
5) esal=models.FloatField()
6) eaddr=models.CharField(max_length=64)

admin.py

1) from django.contrib import admin

serializers.py

1) from testapp.models import Employee

2) from rest_framework import serializers
3) class EmployeeSerializer(serializers.ModelSerializer):
4) class Meta:
5) model=Employee
6) fields='__all__'

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
92  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
pagination.py

1) from rest_framework.pagination import PageNumberPagination

2) class MyPagination(PageNumberPagination):
3) page_size=5
4) page_query_param='mypage'
5) page_size_query_param='num'
6) max_page_size=11
7) last_page_strings=('end_page',)

views.py

1) from testapp.models import Employee

2) from testapp.serializers import EmployeeSerializer
3) from rest_framework import generics
4) from testapp.pagination import MyPagination
5) class EmployeeAPIView(generics.ListAPIView):
6) queryset =Employee.objects.all()
7) serializer_class =EmployeeSerializer
8) pagination_class =MyPagination

urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'^admin/', admin.site.urls),
7) url(r'^api/', views.EmployeeAPIView.as_view()),
8) ]

populate.py
This script can be used to populate Employee table with fake data by using faker and
random modules

1) import os
2) os.environ.setdefault('DJANGO_SETTINGS_MODULE','paginationproject1.settings')
3) import django
4) django.setup()
5)
6) from testapp.models import *
7) from faker import Faker
8) from random import *
9) faker=Faker()
nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
93  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
10) def populate(n):
11) for i in range(n):
12) feno=randint(1001,9999)
13) fename=faker.name()
14) fesal=randint(10000,20000)
15) feaddr=faker.city()
16) emp_record=Employee.objects.get_or_create(eno=feno,ename=fename,esal=f
esal,eaddr=feaddr)
17) populate(120)

Various Important allowed Parameters for

PageNumberPagination:
1) page_size:
It represents the number of records/resources per page. It overrides the value which is
set for PAGE_SIZE variable present in settings.py

2) page_query_param:
A string value indicating the name of the query parameter to use for the pagination
control. The default value is 'page'
http://127.0.0.1:8000/api/?page=4
Eg: page_query_param='mypage'
http://127.0.0.1:8000/api/?mypage=4

3) page_size_query_param:
If set, this is a string value indicating the name of a query parameter that allows the
client to set the page size on a per-request basis. Defaults to None, indicating that the
client may not control the requested page size.
Eg: page_size_query_param = 'required_page_size'
http://127.0.0.1:8000/api/?required_page_size=10

4) max_page_size:
If set, this is a numeric value indicating the maximum allowable requested page size.
This attribute is only valid if page_size_query_param is also set. If client requesting
page size which is greater than this value then only max_page_size will be considered.

5) last_page_strings:
A list or tuple of string values indicating values that may be used with the
page_query_param to request the final page in the set. Default value is ('last',)
Eg: last_page_strings = ('end_page',)
http://127.0.0.1:8000/api/?page=end_page
http://127.0.0.1:8000/api/?required_page_size=10&page=end_page

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
94  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
2) LimitOffsetPagination:
 If the partner application (client application) wants a limited number of resources
starts from the given offset then we should go for LimitOffsetPagination.

 Eg: Client application required 20 resources starts from offset 10 (i.e from 10th index
onwards)

 http://127.0.0.1:8000/api/?limit=20&offset=10
 It returns the resources from 11th id to 30th id.

Note: The offset is zero based. i.e the offset of first record is 0

Demo Application for LimitOffsetPagination:

pagination.py

1) from rest_framework.pagination import LimitOffsetPagination

2) class MyPagination2(LimitOffsetPagination):
3) default_limit=5
4) limit_query_param='mylimit'
5) offset_query_param='myoffset'
6) max_limit=20

views.py

1) from testapp.pagination import MyPagination2

2) class EmployeeAPIView(generics.ListAPIView):
3) queryset =Employee.objects.all()
4) serializer_class =EmployeeSerializer
5) pagination_class =MyPagination2

Various Important Properties of LimitOffsetPagination

Class:
1) default_limit: It represents the number of resources required to provide to the client
per page. This value will be considered iff client won't provide any limit. If we are not
configuring this property and client won't provide limit then the value will be
considered from PAGE_SIZE variable of settings.py

2) limit_query_param: It represents the query parameter name which can be used to

provide limit value by the client. The default parameter name is 'limit'

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
95  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
3) offset_query_param: It represents the query parameter name which can be used
to provide offset value by the client. The default parameter name is 'offset'

4) max_limit: We can use this parameter to limit maximum number of resources per
page.If the client requests more than this value then, it returns the number of
resources specified by max_limit only.

3) CursorPagination:
If we want resources based on some 'ordering' then we should go for
CursorPagination.
Eg: To get aAll records according to ascending order of employee salaries but 5
resources per page.

Demo Application for CursorPagination:

pagination.py

1) from rest_framework.pagination import CursorPagination

2) class MyPagination3(CursorPagination):
3) ordering='-esal' #based on descending order of employee salaries
4) page_size=5
5) cursor_query_param='mycursor'

views.py

1) from testapp.pagination import MyPagination3

2) class EmployeeAPIView(generics.ListAPIView):
3) queryset =Employee.objects.all()
4) serializer_class =EmployeeSerializer
5) pagination_class =MyPagination3

Various Important Properties of CursorPagination Class:

1) ordering:
We can use this field to specify the required order.

ordering = 'esal' #based on ascending order of employee salaries

ordering = '-esal' #based on descending order of employee salaries

The default value of ordering fields is '-created'

2) page_size: It can be used to specify the number of records per page.

It is exactly same as PageNumberPagination class page_size

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
96  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
3) cursor_query_param:
It can be used to specify the name of the cursor query parameter. Default value is
'cursor'

GET /api/?cursor=cD0xOTQwNi4w
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
"next": "http://127.0.0.1:8000/api/?cursor=cD0xODczMy4w",
"previous": "http://127.0.0.1:8000/api/?cursor=cj0xJnA9MTkzNTYuMA%3D%3D",
"results": [
{
"id": 27,
"eno": 1354,
"ename": "David Reid",
....
}

Eg: cursor_query_param='mycursor'

GET /api/?mycursor=cD0xOTQwNi4w
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
"next": "http://127.0.0.1:8000/api/?mycursor=cD0xODczMy4w",
"previous": "http://127.0.0.1:8000/api/?mycursor=cj0xJnA9MTkzNTYuMA%3D%3D",
"results": [
{
"id": 27,
"eno": 1354,
"ename": "David Reid",
...
}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
97  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
PageNumberPagination vs LimitOffsetPagination vs
CursorPagination:
1) If we want all resources page by page then we should go for PageNumberPagination.
Here we can specify only page_size and we cannot specify offset and ordering.
2) If we want the resources based on specified limit and offset then we should go for
LimitOffsetPagination. Here we have choice to specify offset value from where we
have to consider resources. We cannot specify ordering.
3) If we want all resources based on some ordering then we should go for
CursorPagination. Here we can specify page_size and orderning and we cannot specify
offset value.

How to install Python Packages in Linux:

sudo apt install python3-libraryname
or
apt-get install python-pip
pip install pygame

DRF-Filtering:
We can implement Search/Filter operation in the following 2 ways
1) Planin Vanilla Filtering
2) By using Django RestFramework API

1) Planin Vanilla Filtering:

We can implement Search operation by overriding get_queryset() method in our view
class.

views.py

1) class EmployeeAPIView(generics.ListAPIView):
2) #queryset =Employee.objects.all()
3) serializer_class =EmployeeSerializer
4) def get_queryset(self):
5) qs=Employee.objects.all()
6) name=self.request.GET.get('ename')
7) if name is not None:
8) qs=qs.filter(ename__icontains=name)
9) return qs

For the request: http://127.0.0.1:8000/api/

Returns all Employee records without any filtering

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
98  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
For the request: http://127.0.0.1:8000/api/?ename=Jhon
Returns Employee records where ename contains 'Jhon'.
In this case the records will be filtered.

Limitation of Vanilla Filtering:

It is very difficult to implement filtering based on some complex conditions. To overcome
this problem we should go for DRF provided advanced Filtering concept.

2) By using Django RestFramework API:

 It is more advanced filtering and easy to implement when compared with Vanilla
Filtering.
 We have to add filter backend in settings.py as follows:
REST_FRAMEWORK={
....,
'DEFAULT_FILTER_BACKENDS':('rest_framework.filters.SearchFilter',),
'SEARCH_PARAM':'mysearch'
}

The default value for 'SEARCH_PARAM' is 'search', which can be used by partner
application to send value for the search.

In the views.py we have to specify 'search_fields' as follows

class EmployeeAPIView(generics.ListAPIView):
queryset =Employee.objects.all()
serializer_class =EmployeeSerializer
search_fields=('ename','eno')

Note:
1) search_fields=('eno',)
http://127.0.0.1:8000/api/?mysearch=2
It returns all Employee records where eno contains '2'

2) search_fields=('=eno',)
http://127.0.0.1:8000/api/?mysearch=2
It returns all Employee records where eno is exactly equals to '2'

3) search_fields=('^eno',)
http://127.0.0.1:8000/api/?mysearch=2
It returns all Employee records where eno is starts with '2'

Note:
'=' means exact match
'^' means starts with

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
99  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Note: search_fields=('eno$',)
ends with specified digit --->won't work

How to ordering of all Records:

We can order either in ascending or in descending based on given parameter.

settings.py

1) REST_FRAMEWORK={
2) 'DEFAULT_FILTER_BACKENDS':('rest_framework.filters.SearchFilter','rest_framewo
rk.filters.OrderingFilter'),
3) 'SEARCH_PARAM':'mysearch',
4) 'ORDERING_PARAM':'myordering'
5) }

The default value for 'ORDERING_PARAM' is 'ordering'

In the browsable API, we can see orderning based on every field.

Ordering
ID - ascending
ID - descending
Eno - ascending
Eno - descending
Ename - ascending
Ename - descending
Esal - ascending
Esal - descending
Eaddr - ascending
Eaddr - descending

But, we can specify our own ordering fields also based on our requirement.

class EmployeeAPIView(generics.ListAPIView):
queryset =Employee.objects.all()
serializer_class =EmployeeSerializer
search_fields=('ename',)
ordering_fields=('eno','esal')

In browsable API we can see options as follows:

Ordering
eno - ascending
eno - descending
esal - ascending
esal - descending

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
100  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
ordering based on spcified parameters.

Note: The default value for ordering_fields is : 'all'

Client can send request with search and ordering parameters as follows
http://127.0.0.1:8000/api/?mysearch=R
http://127.0.0.1:8000/api/?myordering=-esal
http://127.0.0.1:8000/api/?mysearch=R&myordering=-esal

Nested Serializers:
Sometimes we can use one serializer inside another serializer to serialize dependent
Model fields, such type of serializers are called Nested Serializers.

If Model mappings are there (like OneToOne, ManyToOne, ManyToMany) then we should
go for Nested Serializers.

Eg 1: Assume there are two Models named with Author and Book. Book model has
ForiegnKey reference to Author. While listing Author information, the corresponding
Books information also required to provide. Hence inside AuthorSerializer, we required
use BookSerializer. This concept is nothing but Nested Serializers.

Syntax:
class AuthorSerializer(serializers.ModelSerializer):
books_by_author = BookSerializer(read_only=True,many=True)
....

Eg 2: Assume there are two Models named with Musician and Album. Album model has
ForiegnKey reference to Musician. While listing Musician information, the corresponding
Albums information also required to provide. Hence inside MusicianSerializer, we
required use AlbumSerializer. This concept is nothing but Nested Serializers.

Syntax:
class MusicianSerializer(serializers.ModelSerializer):
albums_by_musician = AlbumSerializer(read_only=True,many=True)
....

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
101  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Complete Demo Application-1:
models.py

1) from django.db import models

2) class Author(models.Model):
3) first_name=models.CharField(max_length=64)
4) last_name=models.CharField(max_length=64)
5) subject=models.CharField(max_length=64)
6) def __str__(self):
7) return self.first_name
8)
9) class Book(models.Model):
10) title=models.CharField(max_length=256)
11) author=models.ForeignKey(Author,on_delete=models.CASCADE,related_name='
books_by_author')
12) release_date=models.DateField()
13) rating=models.IntegerField()
14) def __str__(self):
15) return self.title

admin.py

1) from django.contrib import admin

2) from testapp.models import Author,Book
3) class AuthorAdmin(admin.ModelAdmin):
4) list_display=('id','first_name','last_name','subject')
5) class BookAdmin(admin.ModelAdmin):
6) list_display=('id','title','author','release_date','rating')
7)
8) admin.site.register(Author,AuthorAdmin)
9) admin.site.register(Book,BookAdmin)

serializers.py

1) from testapp.models import Author,Book

2) from rest_framework import serializers
3) class BookSerializer(serializers.ModelSerializer):
4) class Meta:
5) model=Book
6) fields='__all__'
7)
8) class AuthorSerializer(serializers.ModelSerializer):
9) books_by_author=BookSerializer(read_only=True,many=True)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
102  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
10) class Meta:
11) model=Author
12) fields='__all__'

views.py

1) from django.shortcuts import render

2) from testapp.models import Author,Book
3) from testapp.serializers import AuthorSerializer,BookSerializer
4) from rest_framework import generics
5) class AuthorListView(generics.ListCreateAPIView):
6) queryset=Author.objects.all()
7) serializer_class=AuthorSerializer
8) class AuthorView(generics.RetrieveUpdateDestroyAPIView):
9) queryset=Author.objects.all()
10) serializer_class=AuthorSerializer
11) class BookListView(generics.ListCreateAPIView):
12) queryset=Book.objects.all()
13) serializer_class=BookSerializer
14) class BookView(generics.RetrieveUpdateDestroyAPIView):
15) queryset=Book.objects.all()
16) serializer_class=BookSerializer

urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'âdmin/', admin.site.urls),
7) url(r'âuthor-api/$', views.AuthorListView.as_view()),
8) url(r'âuthor-api/(?P<pk>\d+)/$', views.AuthorView.as_view()),
9) url(r'^book-api/$', views.BookListView.as_view()),
10) url(r'^book-api/(?P<pk>\d+)/$', views.BookView.as_view()),
11) ]

setttings.py

1) INSTALLED_APPS = [
2) ...
3) 'rest_framework',
4) 'testapp'
5) ]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
103  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
In the above example, whenever we are sending the request to Author API, it will display
Author information including corresponding Books information also.

Demo Application-2:
models.py

1) from django.db import models

2) class Musician(models.Model):
3) first_name=models.CharField(max_length=50)
4) last_name=models.CharField(max_length=50)
5) instrument=models.CharField(max_length=50)
6) def __str__(self):
7) return self.first_name
8) class Album(models.Model):
9) artist=models.ForeignKey(Musician,on_delete=models.CASCADE,related_name='
album_musician',null=True)
10) name=models.CharField(max_length=50)
11) release_date=models.DateField()
12) rating=models.IntegerField()
13) def __str__(self):
14) return self.name

admin.py

1) from django.contrib import admin

2) from testapp.models import Musician,Album
3) class MusicianAdmin(admin.ModelAdmin):
4) list_display=('id','first_name','last_name','instrument')
5) class AlbumAdmin(admin.ModelAdmin):
6) list_display=('id','name','release_date','rating','artist')
7)
8) admin.site.register(Musician,MusicianAdmin)
9) admin.site.register(Album,AlbumAdmin)

serializers.py

1) from testapp.models import Album,Musician

2) from rest_framework import serializers
3) class AlbumSerializer(serializers.ModelSerializer):
4)
5) class Meta:
6) model=Album
7) fields='__all__'

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
104  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
8) class MusicianSerializer(serializers.ModelSerializer):
9) album_musician=AlbumSerializer(read_only=True,many=True)
10) class Meta:
11) model=Musician
12) # fields=('first_name','last_name','instrument','album_musician')
13) fields='__all__'

views.py

1) from django.shortcuts import render

2) from testapp.models import Album,Musician
3) from testapp.serializers import AlbumSerializer,MusicianSerializer
4) from rest_framework import generics
5) # Create your views here
6) class MusicianListView(generics.ListCreateAPIView):
7) queryset=Musician.objects.all()
8) serializer_class=MusicianSerializer
9) class MusicianView(generics.RetrieveUpdateDestroyAPIView):
10) queryset=Musician.objects.all()
11) serializer_class=MusicianSerializer
12)
13) class AlbumListView(generics.ListCreateAPIView):
14) queryset=Album.objects.all()
15) serializer_class=AlbumSerializer
16) class AlbumView(generics.RetrieveUpdateDestroyAPIView):
17) queryset=Album.objects.all()
18) serializer_class=AlbumSerializer

urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'âdmin/', admin.site.urls),
7) url(r'âlbum-api/$', views.AlbumListView.as_view()),
8) url(r'âlbum-api/(?P<pk>\d+)/$', views.AlbumView.as_view()),
9) url(r'^musician-api/$', views.MusicianListView.as_view()),
10) url(r'^musician-api/(?P<pk>\d+)/$', views.MusicianView.as_view()),
11) ]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
105  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
settings.py

1) INSTALLED_APPS = [
2) ...
3) 'rest_framework',
4) 'testapp'
5) ]

In the above example, whenever we are sending the request to Musician API, it will
display Musician information including corresponding album information also.

Consuming 3rd Party API from Django Application:

Requirement:
If we are sending the request to django application, it will provide the following
information as the part of response
client's ipaddress
client's city
client's state
client's country
etc

ipstack.com is 3rd vendor provides API to get complete client information.

Once we registered in this website then we will get FREE API KEY. With that key we have
to send the request.

http://api.ipstack.com/183.82.219.127?access_key=3dc63ae05b2288d3bdb6ceaf97f18505
{"ip":"183.82.219.127","type":"ipv4","continent_code":"AS","continent_name":"Asia","c
ountry_code":"IN","country_name":"India","region_code":"TG","region_name":"Telanga
na","city":"Prakashamnagar","zip":"500016","latitude":17.4427,"longitude":78.4751,"loc
ation":{"geoname_id":10524299,"capital":"New
Delhi","languages":[{"code":"hi","name":"Hindi","native":"\u0939\u093f\u0928\u094d\
u0926\u0940"},{"code":"en","name":"English","native":"English"}],"country_flag":"http:\
/\/assets.ipstack.com\/flags\/in.svg","country_flag_emoji":"\ud83c\uddee\ud83c\uddf3
","country_flag_emoji_unicode":"U+1F1EE U+1F1F3","calling_code":"91","is_eu":false}}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
106  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
Demo Application:
views.py

1) from django.shortcuts import render

2) import requests
3) def get_geographic_info(request):
4) ip = request.META.get('HTTP_X_FORWARDED_FOR', "") or
request.META.get ('REMOTE_ADDR')
5) print(ip)
6) # url='http://api.ipstack.com/'+str(ip)+'?
access_key= 3dc63ae05b2288d3bdb6ceaf97f18505'
7) url='http://api.ipstack.com/183.82.219.127?
access_key=3dc63ae05b2288d3bdb6ceaf97f18505'
8) response=requests.get(url)
9) data=response.json()
10) return render(request,'testapp/info.html',data)

projectname/templates/testapp/info.html

1) <!DOCTYPE html>
2) <html lang="en" dir="ltr">
3) <head>
4) <meta charset="utf-8">
5) <title></title>
6) </head>
7) <body>
8) <h1>Consuming External API Demo</h1><hr>
9) <h2>Your Geographic Information</h2>
10) <h3>Your IP Address:{{ip}}</h3>
11) <h3>Your continent_name:{{continent_name}}</h3>
12) <h3>Your country_name:{{country_name}}</h3>
13) <h3>Your region_name:{{region_name}}</h3>
14) <h3>Your city:{{city}}</h3>
15) <h3>Your zip:{{zip}}</h3>
16) <h3>Your longitude:{{longitude}}</h3>
17) <h3>Your latitude:{{latitude}}</h3>
18) </body>
19) </html>

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
107  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
urls.py

1) from django.conf.urls import url

2) from django.contrib import admin
3) from testapp import views
4)
5) urlpatterns = [
6) url(r'^admin/', admin.site.urls),
7) url(r'^info/', views.get_geographic_info),
8) ]

Note:
venkataprasad.pythonanywhere.com/info
venkataprasad
prasad1247

Developing Django Application and Its API (djproject):

djproject
|
|-djproject
|-settings.py
|-urls.py
|
|-templates
|-testapp
|-
|-
|-
|-
|-static
|-css
|-
|-
|-images
|-
|-
|-
|-testapp
|-api
|-views.py
|-serializers.py
|-urls.py
|-views.py
|-models.py

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
108  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
|-urls.py
|-admin.py

models.py

1) from django.db import models

2)
3) # Create your models here.
4) class hydjobs(models.Model):
5) date=models.DateField();
6) company=models.CharField(max_length=100);
7) title=models.CharField(max_length=100);
8) eligibility=models.CharField(max_length=100);
9) address=models.CharField(max_length=100);
10) email=models.EmailField();
11) phonenumber=models.IntegerField()
12)
13) class blorejobs(models.Model):
14) date=models.DateField();
15) company=models.CharField(max_length=100);
16) title=models.CharField(max_length=100);
17) eligibility=models.CharField(max_length=100);
18) address=models.CharField(max_length=100);
19) email=models.EmailField();
20) phonenumber=models.IntegerField()
21)
22) class chennaijobs(models.Model):
23) date=models.DateField();
24) company=models.CharField(max_length=100);
25) title=models.CharField(max_length=100);
26) eligibility=models.CharField(max_length=100);
27) address=models.CharField(max_length=100);
28) email=models.EmailField();
29) phonenumber=models.IntegerField()
30)
31) class punejobs(models.Model):
32) date=models.DateField();
33) company=models.CharField(max_length=100);
34) title=models.CharField(max_length=100);
35) eligibility=models.CharField(max_length=100);
36) address=models.CharField(max_length=100);
37) email=models.EmailField();
38) phonenumber=models.IntegerField()

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
109  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
admin.py

1) from django.contrib import admin

2) from testapp.models import hydjobs,blorejobs,chennaijobs,punejobs
3)
4) # Register your models here.
5) class hydjobsAdmin(admin.ModelAdmin):
6) list_display=['date','company','title','eligibility','address','email','phonenumber']
7)
8) class blorejobsAdmin(admin.ModelAdmin):
9) list_display=['date','company','title','eligibility','address','email','phonenumber']
10)
11) class chennaijobsAdmin(admin.ModelAdmin):
12) list_display=['date','company','title','eligibility','address','email','phonenumber']
13)
14) class punejobsAdmin(admin.ModelAdmin):
15) list_display=['date','company','title','eligibility','address','email','phonenumber']
16)
17) admin.site.register(hydjobs,hydjobsAdmin)
18) admin.site.register(chennaijobs,chennaijobsAdmin)
19) admin.site.register(blorejobs,blorejobsAdmin)
20) admin.site.register(punejobs,punejobsAdmin)

testapp/views.py

1) from django.shortcuts import render

2) from django.core.paginator import Paginator,PageNotAnInteger,EmptyPage
3) from testapp.models import *
4)
5) # Create your views here.
6) def index(request):
7) return render(request,'testapp/index1.html')
8)
9) def hydjobs1(request):
10) jobs_list=hydjobs.objects.order_by('-date')
11) paginator=Paginator(jobs_list,25)
12) page_number=request.GET.get('page')
13) try:
14) jobs_list=paginator.page(page_number)
15) except PageNotAnInteger:
16) jobs_list=paginator.page(1)
17) except EmptyPage:
18) jobs_list=paginator.page(paginator.num_pages)
19) return render(request,'testapp/hydjobs.html',{'jobs_list':jobs_list})
20)

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
110  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
21) def blorejobs(request):
22) return render(request,'testapp/blorejobs.html')
23)
24) def punejobs(request):
25) return render(request,'testapp/punejobs.html')
26)
27) def chennaijobs(request):
28) return render(request,'testapp/chennaijobs.html')

index1.html

1) <!DOCTYPE html>
2) {%load staticfiles%}
3) <html lang="en" dir="ltr">
4) <head>
5) <meta charset="utf-8">
6) <title></title>
7) 
8) <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/cs
s/bootstrap.min.css" integrity="sha384-
BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" c
rossorigin="anonymous">
9) <link rel="stylesheet" href="{%static "css/newfile.css"%}">
10) </head>
11) <body>
12) <div class="container" align='center'>
13) <div class="jumbotron">
14) <h1>WELCOME TO DURGAJOBS</h1>
15) <p>continuous Job Updates for every hour...</p>
16) <a href="/hydjobs" class='btn btn-primary btn-lg'>HYD JOBS</a>
17) <a href="#" class='btn btn-primary btn-lg'>BANGALORE JOBS</a>
18) <a href="#" class='btn btn-primary btn-lg'>PUNE JOBS</a>
19) <a href="#" class='btn btn-primary btn-lg'>CHENNAI JOBS</a>
20) </div>
21) </div>
22) </body>
23) </html>

hydjobs.html

1) <!DOCTYPE html>
2) {%load staticfiles%}
3) <html lang="en" dir="ltr">
4) <head>
5) <meta charset="utf-8">

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
111  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
6) <link rel="stylesheet" href="{% static "css/demodjproject.css" %}">
7) <title></title>
8) </head>
9) <body>
10) <h1>Hyderabad Jobs Information</h1>
11)
12) <img src="{%static "images/hyd2.jpg"%}" alt="">
13) <img src="{%static "images/hyd1.jpg"%}" alt="">
14) <img src="{%static "images/hyd3.jpg"%}" alt="">
15) <hr>
16) {% if jobs_list %}
17) <table id='tab'>
18) <thead>
19) <th>Date</th>
20) <th>Company</th>
21) <th>Title</th>
22) <th>Eligibility</th>
23) <th>Address</th>
24) <th>Email</th>
25) <th>Phone Number</th>
26) </thead>
27) {%for job in jobs_list %}
28) <tr>
29) <td>{{job.date}}</td>
30) <td>{{job.company}}</td>
31) <td>{{job.title}}</td>
32) <td>{{job.eligibility}}</td>
33) <td>{{job.address}}</td>
34) <td>{{job.email}}</td>
35) <td>{{job.phonenumber}}</td>
36) </tr>
37) {% endfor %}
38) </table>
39) {%include 'testapp/pagination.html' with page=jobs_list%}
40) {%else %}
41) <p>No Jobs Found in Hyderabad</p>
42) {% endif %}
43) </body>
44) </html>

pagination.html

1) <div class="paginator">
2) <span>
3) {%if page.has_previous%}

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
112  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
4) <a href="?page={{page.previous_page_number}}">Previous</a>
5) {%endif%}
6) </span>
7) <span class='current'>
8) page {{page.number}} of {{page.paginator.num_pages}}
9) </span>
10) <span>
11) {%if page.has_next%}
12) <a href="?page={{page.next_page_number}}">Next</a>
13) {%endif%}
14) </span>
15) </div>

newfile.css

1) body{
2) background: url(https://images.unsplash.com/photo-1512665591-
75fa7ba868d7?ixlib=rb-
0.3.5&ixid=eyJhcHBfaWQiOjEyMDd9&s=9fff1ea450ba4c7242b1bd207630469f&aut
o=format&fit=crop&w=667&q=80);
3) }
4) .container .jumbotron{
5) margin-top: 200px;
6) background: red;
7) color:white;
8) }
9) .container .jumbotron a{
10) background:yellow;
11) color:blue;
12) border:2px solid green;
13) }

demodjproject.css

1) .container .jumbotron{
2) background: red;
3) color:white;
4) }
5) body{
6) background: url(https://images.unsplash.com/photo-1512665591-
75fa7ba868d7?ixlib=rb-
0.3.5&ixid=eyJhcHBfaWQiOjEyMDd9&s=9fff1ea450ba4c7242b1bd207630469f&aut
o=format&fit=crop&w=667&q=80)
7) }
8) .container{

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
113  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
9) margin-top: 200px;
10) }
11) .jumbotron a{
12) background: yellow;
13) color:red;
14) border:2px solid green;
15) }
16) img{
17) height: 200px;
18) width:30%;
19) float:left;
20) margin:1.5%;
21) border:2px solid red;
22) }
23) .imagesb
24) {
25) border:3px solid red;
26) }
27) h1{
28) color:white;
29) text-align: center;
30) background:red;
31) }
32) table,thead,th,tr,td{
33) color:yellow;
34) border:2px solid white;
35) font-size: 20px;
36) margin:auto;
37) background:red;
38) }
39) thead,th{
40) color:white;
41) border:2px solid white;
42) font-size: 20px;
43) margin:auto;
44) background:blue;
45) }

settings.py

1) TEMPLATE_DIR=os.path.join(BASE_DIR,'templates')
2) STATIC_DIR=os.path.join(BASE_DIR,'static')
3) INSTALLED_APPS = [
4) ...
5) 'rest_framework',

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
114  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
6) 'testapp'
7) ]
8) TEMPLATES = [
9) {
10) 'BACKEND': 'django.template.backends.django.DjangoTemplates',
11) 'DIRS': [TEMPLATE_DIR],
12)
13) STATIC_URL = '/static/'
14) STATICFILES_DIRS=[
15) STATIC_DIR,
16) ]

API Development
testapp/api/serializers.py

1) from rest_framework.serializers import ModelSerializer

2) from testapp.models import hydjobs
3) class HydJobsSerializer(ModelSerializer):
4) class Meta:
5) model=hydjobs
6) fields='__all__'

testapp/api/views.py

1) from rest_framework import viewsets

2) from testapp.models import hydjobs
3) from testapp.api.serializers import HydJobsSerializer
4) class HydJobsCRUDCBV(viewsets.ModelViewSet):
5) serializer_class=HydJobsSerializer
6) queryset=hydjobs.objects.all()

testapp/api/urls.py

1) from django.conf.urls import url,include

2) from rest_framework import routers
3) from testapp.api.views import HydJobsCRUDCBV
4) router=routers.DefaultRouter()
5) router.register('hydjobsinfo',HydJobsCRUDCBV)
6) urlpatterns = [
7) url(r'', include(router.urls)),
8) ]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
115  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
project level urls.py

1) from django.conf.urls import url,include

2) from django.contrib import admin
3) from testapp import views
4) urlpatterns = [
5) url(r'^admin/', admin.site.urls),
6) url(r'^$', views.index),
7) url(r'^hydjobs/', views.hydjobs1),
8) url(r'^blorejobs/', views.blorejobs),
9) url(r'^punejobs/', views.punejobs),
10) url(r'^chennaijobs/', views.chennaijobs),
11) url(r'^api/', include('testapp.api.urls')),
12) ]

Python Client to consume API:

import requests
BASE_URL='http://127.0.0.1:8000/'
ENDPOINT='api/hydjobsinfo/'
r=requests.get(BASE_URL+ENDPOINT)
data=r.json()
for job in data:
print('Company Name:',job['company'])
print('Eligibility:',job['eligibility'])
print('Title:',job['title'])
print('Mail Id:',job['email'])
print('Phone Number:',job['phonenumber'])
print()

pip install django-rest-swagger

'rest_framework_swagger'

from rest_framework_swagger.views import get_swagger_view

schema_view=get_swagger_view(title='Swagger API for Employee')

url(r'^docs/$',schema_view)

Step 1:
$ pip install django-rest-swagger

Step 2:
Add 'rest_framework_swagger' to INSTALLED_APPS in Django

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
116  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com
settings.py

1) INSTALLED_APPS = [
2) ...
3) 'rest_framework_swagger',
4) ...
5) ]

Step 3:
open urls.py file and add the code like

1) from rest_framework_swagger.views import get_swagger_view

2) schema_view = get_swagger_view(title=' Swagger API for Employee')
3)
4) urlpatterns = [
5) url(r'^generic/$', schema_view) # add this line
6) ]

nd
DURGASOFT, # 202, 2 Floor, HUDA Maitrivanam, Ameerpet, Hyderabad - 500038,
117  040 – 64 51 27 86, 80 96 96 96 96, 92 46 21 21 43 | www.durgasoft.com

Django by Durga
100% (2)
Django by Durga
199 pages
Django Durga
84% (19)
Django Durga
124 pages
Andrey Bulezyuk - Django 3 - For Beginners (2021)
100% (1)
Andrey Bulezyuk - Django 3 - For Beginners (2021)
347 pages
TVL - Computer Systems Servicing: Quarter 2 - Module 2: Application Sofware
100% (2)
TVL - Computer Systems Servicing: Quarter 2 - Module 2: Application Sofware
23 pages
JAVA Full Stack Development by Sidharth Sahoo 1689241942
No ratings yet
JAVA Full Stack Development by Sidharth Sahoo 1689241942
72 pages
Exploring Hadoop Ecosystem (Volume 2): Stream Processing
From Everand
Exploring Hadoop Ecosystem (Volume 2): Stream Processing
Wei Liu
No ratings yet
Lara Full Course Content
No ratings yet
Lara Full Course Content
5 pages
Angular 7 Material - Harsha PDF
No ratings yet
Angular 7 Material - Harsha PDF
454 pages
Django Framework
100% (1)
Django Framework
44 pages
Advanced Python Material PDF
57% (7)
Advanced Python Material PDF
209 pages
MEAN Web Development - Second Edition
From Everand
MEAN Web Development - Second Edition
Amos Q. Haviv
No ratings yet
Report On Medical Shop Management System
No ratings yet
Report On Medical Shop Management System
43 pages
Django Rest API PDF
67% (3)
Django Rest API PDF
73 pages
29 Django Rest API PDF
100% (1)
29 Django Rest API PDF
73 pages
Django 'Mahmoud Ahmed+
No ratings yet
Django 'Mahmoud Ahmed+
342 pages
Django Rest Framework Json API
No ratings yet
Django Rest Framework Json API
21 pages
Django
No ratings yet
Django
126 pages
Django PDF
No ratings yet
Django PDF
106 pages
Tutorial 1: Serialization: Django REST Framework
No ratings yet
Tutorial 1: Serialization: Django REST Framework
10 pages
Django
100% (12)
Django
58 pages
MongoDB Manual Master
No ratings yet
MongoDB Manual Master
618 pages
Django Notes
No ratings yet
Django Notes
20 pages
21CS62 Fullstack Django Lab Manuals - SEACET
No ratings yet
21CS62 Fullstack Django Lab Manuals - SEACET
136 pages
Python Notes
No ratings yet
Python Notes
186 pages
Docker and Kubernetes PDF
No ratings yet
Docker and Kubernetes PDF
6 pages
Django Rest Framework Json API
No ratings yet
Django Rest Framework Json API
21 pages
Ui Techonolgy
100% (1)
Ui Techonolgy
248 pages
Django Rest Framework
No ratings yet
Django Rest Framework
105 pages
Bootstrap
67% (3)
Bootstrap
24 pages
1.language Fundamentals Study Material PDF
No ratings yet
1.language Fundamentals Study Material PDF
32 pages
Wokring With Python Django-Web Framework Define Statement
No ratings yet
Wokring With Python Django-Web Framework Define Statement
78 pages
Django Notes
No ratings yet
Django Notes
40 pages
Backend Challenge
No ratings yet
Backend Challenge
6 pages
Git Essentials - Sample Chapter
No ratings yet
Git Essentials - Sample Chapter
16 pages
Full Stack Web Development With Python and DJango - Java Script PDF
100% (2)
Full Stack Web Development With Python and DJango - Java Script PDF
40 pages
Spring MVC Hibernate MySQL CRUD Example
No ratings yet
Spring MVC Hibernate MySQL CRUD Example
15 pages
Docker
No ratings yet
Docker
2 pages
Spring Boot Cookbook - Sample Chapter
100% (1)
Spring Boot Cookbook - Sample Chapter
24 pages
Python and Django
100% (2)
Python and Django
25 pages
Basics: Showing Output To User
No ratings yet
Basics: Showing Output To User
17 pages
Django Rest Framework Json API
No ratings yet
Django Rest Framework Json API
21 pages
Building Multi Tenant Applications With Django
100% (1)
Building Multi Tenant Applications With Django
53 pages
Django Admin
No ratings yet
Django Admin
15 pages
Docker Mastery - 5
No ratings yet
Docker Mastery - 5
87 pages
MVC
No ratings yet
MVC
95 pages
Java by Nagoor PDF
100% (2)
Java by Nagoor PDF
16 pages
Top 50 Django Interview Questions
No ratings yet
Top 50 Django Interview Questions
10 pages
Hadoop - The Final Product
100% (2)
Hadoop - The Final Product
42 pages
Simple Way CSS PDF
No ratings yet
Simple Way CSS PDF
36 pages
Introduction To MongoDB Presentation
No ratings yet
Introduction To MongoDB Presentation
132 pages
Important ReactJs Interview Questions
No ratings yet
Important ReactJs Interview Questions
27 pages
Multi Threading Enhancements
No ratings yet
Multi Threading Enhancements
27 pages
Mongo DB Running Notes
33% (3)
Mongo DB Running Notes
209 pages
18 Months With Scala
No ratings yet
18 Months With Scala
38 pages
AngularJS W3schhols
100% (2)
AngularJS W3schhols
180 pages
Durgasoft Core Java Latest1111
75% (8)
Durgasoft Core Java Latest1111
440 pages
PYTHON Pattern - Durga
100% (4)
PYTHON Pattern - Durga
48 pages
Advance Java Natraz
No ratings yet
Advance Java Natraz
485 pages
HBase Essentials
From Everand
HBase Essentials
Nishant Garg
No ratings yet
Instant PostgreSQL Backup and Restore How-to
From Everand
Instant PostgreSQL Backup and Restore How-to
Shaun Thomas
No ratings yet
C & Data Structures
From Everand
C & Data Structures
Prof. P. Padmanabham
No ratings yet
Learn Hadoop in 24 Hours
From Everand
Learn Hadoop in 24 Hours
Alex Nordeen
No ratings yet
PLSQL 5 1 Practice
No ratings yet
PLSQL 5 1 Practice
2 pages
IEC Certification Kit: Simulink Requirements™ ISO 26262 Tool Qualification Package
No ratings yet
IEC Certification Kit: Simulink Requirements™ ISO 26262 Tool Qualification Package
26 pages
OOPR211 Module-2
No ratings yet
OOPR211 Module-2
71 pages
Ansys_Rocky_Installation_24R1
No ratings yet
Ansys_Rocky_Installation_24R1
127 pages
蔡仁松教授資料結構 - L1G - Abstract Data Type and the C++ Class
No ratings yet
蔡仁松教授資料結構 - L1G - Abstract Data Type and the C++ Class
10 pages
Windows 7 Deployment Image Using Audit Mode and Sysprep With An Unattend
No ratings yet
Windows 7 Deployment Image Using Audit Mode and Sysprep With An Unattend
6 pages
UML Certification - Fundamental Exam
No ratings yet
UML Certification - Fundamental Exam
8 pages
1
No ratings yet
1
6 pages
Kbld183002 Rplidar: SDK Ultra - Simple - Multi - Touch Rplidar - Multi - Touch Calibration Application SDK SDK SDK
No ratings yet
Kbld183002 Rplidar: SDK Ultra - Simple - Multi - Touch Rplidar - Multi - Touch Calibration Application SDK SDK SDK
9 pages
CSE-Machine Learning & Big Data - WSS Source Book
No ratings yet
CSE-Machine Learning & Big Data - WSS Source Book
181 pages
Presentations PPT Unit-3 29042019034737AM
No ratings yet
Presentations PPT Unit-3 29042019034737AM
205 pages
Digital Presentation
No ratings yet
Digital Presentation
10 pages
WCF Course Module
No ratings yet
WCF Course Module
4 pages
Git Cheet Sheet
No ratings yet
Git Cheet Sheet
2 pages
JCL Tutorial - Ibm JCL Mainframe JCL Introduction Basics Examples Reference Study Material Guide
No ratings yet
JCL Tutorial - Ibm JCL Mainframe JCL Introduction Basics Examples Reference Study Material Guide
4 pages
Macros Ejemplos
No ratings yet
Macros Ejemplos
10 pages
How To Auto Embed Videos From YouTube & Facebook To WordPress - BlackHatWorld
No ratings yet
How To Auto Embed Videos From YouTube & Facebook To WordPress - BlackHatWorld
5 pages
Night Watch Notes
No ratings yet
Night Watch Notes
30 pages
Upgrading From Design Assistant 2.x To 3.0
No ratings yet
Upgrading From Design Assistant 2.x To 3.0
8 pages
Postgres SQL Injection Cheat Sheet
No ratings yet
Postgres SQL Injection Cheat Sheet
3 pages
Divyesh Patel - Practical-5 - MAD
No ratings yet
Divyesh Patel - Practical-5 - MAD
10 pages
Pointers
No ratings yet
Pointers
6 pages
Interface Python With SQL Database Notes
No ratings yet
Interface Python With SQL Database Notes
4 pages
Java Project Proposal - Quiz System PDF
75% (4)
Java Project Proposal - Quiz System PDF
4 pages
Sritam Bal: Java Developer, Software Developer
No ratings yet
Sritam Bal: Java Developer, Software Developer
2 pages
Vumoo
No ratings yet
Vumoo
4 pages
OOP-Lec 7 (Dynamic Memory Management)
No ratings yet
OOP-Lec 7 (Dynamic Memory Management)
25 pages
Practical File OF Data Structure and Algorithms
No ratings yet
Practical File OF Data Structure and Algorithms
35 pages