How to secure APIs for Registration and Login in Django Rest Framework

0 votes
I am using it with token authentication using django-rest-framework-jwt and it returns the token when User logged in through our rest API.

So the question is how to secure any registration or login views for our API endpoints.Any high-level XSS scripts can have malicious looping for creating registrations.How can we secure it in Django Rest Framework ?
Jun 25, 2020 in Python by kartik
• 37,490 points
1,479 views

1 answer to this question.

0 votes

Hello @kartik,

you cannot have an authentication system like JWT protect your pages like login and registration. However there are many other things you can do. Below I have mentioned two of them briefly to get you started and rest you can study in detail.

  • First to address the XSS issue -
  • Implementation

    Django provides middleware and settings added in settings>base.py Middleware:

    django.middleware.security.SecurityMiddleware

    Settings:

    SECURE_BROWSER_XSS_FILTER = True
    This sets header to X-XSS-Protection: 1; mode=block
  •  Second Brute Force Attack
  • An automated programme may attack to hack username and password of a user or to slow down the server.

  • Implementation

    Django Rest Framework provides inbuilt settings for throttling

    REST_FRAMEWORK = {
        ...
        'DEFAULT_THROTTLE_CLASSES': (
            'rest_framework.throttling.AnonRateThrottle',
            'rest_framework.throttling.UserRateThrottle',
            'rest_framework.throttling.ScopedRateThrottle',
        ),
        'DEFAULT_THROTTLE_RATES': {
            'anon': '60/minute',
            'app1': '10000/day',
            'app2': '10000/day',
        },
        ...
    }

Hope it helps!!

answered Jun 25, 2020 by Niroj
• 82,560 points

Related Questions In Python

0 votes
1 answer

how to download and install Django rest framework?

To install Django, you can simply open ...READ MORE

answered Apr 24, 2018 in Python by Christine
• 15,830 points
621 views
0 votes
1 answer

How to disable a method in a ViewSet, django-rest-framework

Hello @kartik, You could keep using viewsets.ModelViewSet and define http_method_names on your ...READ MORE

answered Jun 25, 2020 in Python by Niroj
• 82,560 points
2,568 views
0 votes
1 answer

How to update user password in Django Rest Framework?

Hello @kartik, Using a modelserializer might be an ...READ MORE

answered Jul 1, 2020 in Python by Niroj
• 82,560 points
2,861 views
0 votes
1 answer

How to test an API endpoint with Django-rest-framework using Django-oauth-toolkit for authentication?

Hello @kartik, You should avoid making unneeded API calls, ...READ MORE

answered Jul 1, 2020 in Python by Niroj
• 82,560 points
921 views
0 votes
1 answer

How to return custom JSON in Django REST Framework?

Hello @kartik, There are 2 ways to custom ...READ MORE

answered Jun 25, 2020 in Python by Niroj
• 82,560 points
3,795 views
0 votes
1 answer

How to add annotate data in django-rest-framework queryset responses?

Hello @kartik, The queryset returned from get_queryset provides ...READ MORE

answered Jun 25, 2020 in Python by Niroj
• 82,560 points
1,431 views