i have a question about tastypie. I have created a API using tastypie. Through this API i use an app i have created to get information. I do no need to be authenticated, but i can. So if i have signed in or not and open the url (Example: /api/posts/) through the app all the posts are return. So far so good :)
Is there any way to restrict the API to my APP? Using a key or something like that? So that if i go in my browser to /api/posts/, i will not be able to see the content?
I'm thinking about solving this using just POST, but is there any other way?
Thanks in advance :)
You could just implement your own Authentication object for your Resources to use. They've got an example of this at the bottom of the doc page on tastypie authentication.
Of course, it depends on how much "protection" you're looking for. By using a custom authenticator you could check for certain request headers, a certain user-agent, or similar - but none of these will stop anyone with 2 minutes and a packet sniffer.