Using django with postman {"detail":"CSRF Failed: CSRF token missing or incorrect."}
If using token based authentication with DRF don't forget to set it in settings.py. Otherwise you'll get a CSRF error
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
]
}
Just in case it may be useful for somebody, I was facing the same problem with Postman. I was asked to include a CSRF on every request after getting a token for the first time so I realized that I had Session and Token authentication methods enabled so I commented out the SessionAuthentication line (of course, you could remove it as well)
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
# 'rest_framework.authentication.SessionAuthentication',
]
After that, I was able to request a token by using only my credentials without including any CSRF code:
I think that the fact of having those two auth classes activated was causing Django to muddle up somehow.
Your api need CSRF token, you have to add CSRF token to the request(and postman):
data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }
You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.