This question might look stupid but I want to get some clarification. I'm building a Django rest framework application for the very first time. I'm able to set up api endpoints for the application. And when I register a user he gets a token. And when I login a user through postman it returns a token. But in real world app, how does the client receive that drf token that is return as json data that is needed to login. Does he receive it in his email that he used to register? Also, if the user recieves the token, am I supposed to create another API to contain the field that the user eventually sends the token through before gaining access to the website? Please I would appreciate it if I also get a good material that explains the process in details and uncomplicated.
The documentation is very clear about how the tokens are to be used.
if you are using token authentication, when you register a new user a unique token is generated in the tokens table. When you log in, you will receive the token from the server. As far as the server is concerned, if you call any API with the token in the header, the user is considered to be logged in. If you call any API without the token (for APIs that require it) you will receive a not logged in message in the response