Django REST Framework

3.17.1 · active · verified Sun Mar 29

Django REST Framework (DRF) is a powerful and flexible toolkit for building Web APIs with Django. It simplifies the creation of RESTful services by providing robust serialization, authentication, permission management, and browsable API features. The library is actively maintained, with frequent minor and patch releases, currently at version 3.17.1.

Warnings

breaking Support for Python 3.9 was dropped in DRF 3.17.0.
Fix: Upgrade your Python environment to 3.10 or newer.
breaking Deprecated `coreapi` support was entirely removed in DRF 3.17.0. If you were using `coreapi` for schema generation, you must migrate to a different solution, such as `drf-yasg` for OpenAPI/Swagger.
Fix: Migrate API documentation generation to `drf-yasg` or other OpenAPI-compatible libraries, and remove `coreapi` related configurations.
breaking Support for Django 2.2 was dropped in DRF 3.14.0. Users on older Django versions must upgrade Django or pin DRF to an earlier compatible version.
Fix: Upgrade your Django project to Django 3.2 or newer to use DRF 3.14+.
gotcha The `raise_exception` argument for serializer's `is_valid()` method became keyword-only in DRF 3.14.0.
Fix: Update calls like `serializer.is_valid(True)` to `serializer.is_valid(raise_exception=True)`.
gotcha By default, DRF's global permission policy is `AllowAny`, meaning all incoming requests are allowed without authentication. This is often a security risk for production APIs.
Fix: Explicitly configure `DEFAULT_PERMISSION_CLASSES` in your `settings.py` (e.g., to `IsAuthenticated` or `IsAuthenticatedOrReadOnly`) or apply permission classes per view/viewset.
gotcha When dealing with writable nested serializers, `ModelSerializer`'s default `create()` and `update()` methods do not automatically handle saving related (nested) instances. You often need to override these methods.
Fix: Manually implement the `create()` and/or `update()` methods in your serializer to handle the logic for creating/updating nested objects. Consider third-party packages like `DRF Writable Nested` for automated solutions.
gotcha Django REST Framework's ViewSets implicitly define many endpoints (e.g., `list`, `create`, `retrieve`, `update`, `destroy`). This abstraction can make debugging or understanding request flow challenging compared to explicitly defined function-based views or traditional controllers.
Fix: Familiarize yourself with DRF's generic views and viewset mixins. Use tools like `drf_yasg` or the browsable API to clearly see the available endpoints and their expected input/output.

Install

pip install djangorestframework Install core library

Imports

APIView

from rest_framework.views import APIView

serializers
```
from rest_framework import serializers
```
ModelViewSet
```
from rest_framework import viewsets
```
Typically accessed as `viewsets.ModelViewSet`

DefaultRouter

from rest_framework.routers import DefaultRouter

permissions
```
from rest_framework import permissions
```
Commonly used as `permissions.IsAuthenticated` or `permissions.AllowAny`

Quickstart

This quickstart demonstrates how to set up a basic REST API endpoint using Django REST Framework's Model, Serializer, and ViewSet pattern. It defines a simple `Item` model, a `ModelSerializer` to convert model instances to JSON and vice-versa, and a `ModelViewSet` to handle CRUD operations. A `DefaultRouter` is used to automatically generate URL patterns, simplifying API endpoint configuration. It also includes the necessary Django settings and URL structure for DRF to function.

import os
import django
from django.conf import settings
from django.urls import path, include
from django.db import models

# Minimal Django settings for DRF
settings.configure(
    DEBUG=True,
    SECRET_KEY=os.environ.get('DJANGO_SECRET_KEY', 'django-insecure-DRF-quickstart-secret-key-for-testing'),
    ROOT_URLCONF=__name__,
    INSTALLED_APPS=[
        'django.contrib.auth',
        'django.contrib.contenttypes',
        'rest_framework',
    ],
    DATABASES={'default': {'ENGINE': 'django.db.backends.sqlite3', 'NAME': ':memory:'}},
)
django.setup()

from rest_framework import routers, serializers, viewsets

# 1. Define a simple Django Model
class Item(models.Model):
    name = models.CharField(max_length=100)
    description = models.TextField(blank=True)
    created_at = models.DateTimeField(auto_now_add=True)

    def __str__(self):
        return self.name

# 2. Define a Serializer for the Model
class ItemSerializer(serializers.ModelSerializer):
    class Meta:
        model = Item
        fields = '__all__'

# 3. Define a ViewSet for CRUD operations
class ItemViewSet(viewsets.ModelViewSet):
    queryset = Item.objects.all().order_by('-created_at')
    serializer_class = ItemSerializer

# 4. Set up a Router for automatic URL configuration
router = routers.DefaultRouter()
router.register(r'items', ItemViewSet)

# 5. Define URL patterns (mimicking a Django urls.py)
urlpatterns = [
    path('api/', include(router.urls)),
    path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
]

# Example usage (run in a Django shell or a test setup)
if __name__ == '__main__':
    # This part would typically be handled by Django's manage.py runserver
    # For demonstration, we'll manually interact.
    # In a real app, you'd run migrations and have a Django server.
    print("DRF Quickstart Example Setup Complete.")
    print("To interact, define URLs and run a Django development server.")
    # Example: Accessing router URLs
    # for url_pattern in router.urls:
    #     print(url_pattern)

    # Note: To run this code interactively outside a full Django project, 
    # you'd need a more involved setup to serve the API, e.g., using a test client.
    # For a minimal runnable example that doesn't require a full Django project setup:
    # This code snippet focuses on the DRF component definitions.
    pass

view raw JSON →