I'm working on a basic Django Rest Framework API app and i'm trying to implement a Token based authentication system. I want to block off every view thats requested via an unauthenticated request except for the login and signup views. Currently when I try to login or sign up the request is denied and I get "Authentication credentials were not provided.".
How can I setup my views so that login and signup don't need a token?
I've looked at permissions and authentication classes but don't really know where I need to go from there.
You can set the default permission policy globally as described in the docs and then override the permission_classes only for the sign up and login like so:
...
from rest_framework.permissions import AllowAny
class SignUpView(APIView):
permission_classes = (AllowAny,)
...