Permissions and Throttling
Control who can call your API and how often.
Who Can Call Your API?
An open API lets anyone read or change your data. Permissions decide who is allowed to do what on each endpoint.
The permission_classes Attribute
You attach access rules with permission_classes on a view or ViewSet. DRF checks them before any action runs.
from rest_framework.permissions import IsAuthenticated
class BookViewSet(viewsets.ModelViewSet):
permission_classes = [IsAuthenticated]All lessons in this course
- ModelViewSet and Routers
- Permissions and Throttling
- Token and JWT Authentication
- Filtering, Search, and Pagination