» Token Authentication for RESTful API: should the token be periodically changed?
Token Authentication for RESTful API: should the token be periodically changed?
|January 28, 2013
Posted by forumadmin
I’m building a RESTful API with Django and django-rest-framework:
As authentication mechanism we’ve chosen “Token Authentication” and I have already implemented it following Django-Rest-Framework’s documentation, the question is, should the application renew / change the Token periodically and if yes how? Should it be the mobile app that requires the token to be renewed or the web-app should do it autonomously?
What is the best practice?
Has anybody here experience with Django Rest Framework and could suggest a technical solution?
(the last question has lower priority)
More Related Questions
- Trying to implement Django authentication through django-rest-framework-jwt. Why do I get "ValueError: Empty module name"? I have an existing, working Django application that implements numerous Django-REST-framework APIs.
Now I'm trying to add user authentication APIs as described in […]
- What is best practice to serialize foreign key fields in a REST-ful api I want to write a Django app with a REST-ful api. Django REST framework offers three built-in model serializers: ModelSerializer which serializes to something like this
- View design for a Django website which has a RESTful API from the get go I am trying to build a Django powered website. I want the website to be dynamic. For example, I want the profile page for a authenticated user to contain multiple resources (like a friends […]
- Django Rest Framework wont let me have more than one permission I have a problem with the Django Rest Framework and permissions. DRF won't let me have more than one permission on my views for example.
If I login to the API as an admin user I can get […]
- Do sessions really violate RESTfulness? Is using sessions in a RESTful API really violating RESTfulness? I have seen many opinions going either direction, but I'm not convinced that sessions are RESTless. From my point of […]
- How to serializer/deserialize Django models My current Django REST Framework application has a Parameter model with 2 fields: "key" and "value". Currently, my REST API asks clients for a list of dictionaries with always the same […]
- django rest framework dont return tuples Right now I am using django rest framework that returns tuples like this:
how do I only return the names without the two dimensional array.
I just […]
- Social networks as login for RESTful web service I am working on a RESTful web service implementation and wanted to provide security for my RESTful web service, but I dont want to take the pain of registering user and maintaining and […]
- Is the Twitter API *really* RESTful? Along with half of the web developer community, I've been struggling to really and truly grok the REST style. More specifically, I've been trying to form some opinions on how practical a […]
- Two Authentications For RESTful Services We have a central RESTful webservices application that exposes data to many different clients (parsers, web applications, touch applications, etc). The clients have different means for […]