I have a sign up API for Django Rest FrameWork without authentication or any permissions. anyone that has access to the sign up API url can create an Account nonstop.My question is, is this secure?
If you implement the api without any type of security. Depending on what you let the user do with the api, which endpoints they can hit.
Is there any server side security?
You can implement Jason Web Token: simple JWT
You can check also django throttling : Throttling
You can also research on how to limit api calls from a device.