DRF's installation is pretty straightforward.

The first thing you'll need to do is install django rest frameware package

using PIP.

So I'm gonna quit my server here that I had running and

I will do Pip install djangorestframework all as one big long word.

Now on workspaces I already have those installed,

you of course will need to install it at home.

So once that finishes, I'm gonna hop over here to my settings.py and

I need to add this into my installed apps, as you pretty much always need to do.

So I'm gonna put it in here before courses,

which is the app that I've started you all with.

And just because I like to have django stuff and

then third party packages and then my own stuff.

I think I've talked about that before.

While we're here in the settings file, you can go ahead and

add the global authentication and

permissions rules that Django rest framework will use for the API.

I'm gonna do all of this together way down here at the bottom so

it's all just in one place, and keeping kind of with Django's thing here,

I'm just gonna do REST Framework, that way I can just kind of search for stuff.

So all of DRF's settings go into a dictionary that's named REST_FRAMEWORK.

And this is kind of nice because it makes it fairly easy to find it,

you just find something with that name, right.

So let's add in these keys, the first key we're going to add in is

DEFAULT_AUTHENTICATION_CLASSES and

this key defines what the, as you can probably guess,

the default authentication classes are.

So these are the default ways that rest framework will use to authenticate a user.

The first item in the tuple here for this one is gonna be

rest_framework.authentication.SessionAuth- entication.

And so that just makes it use Django's standard session authentication.

Notice that this is a tuple.

So you'll need to make sure and include a comma since there's only one item.

Otherwise it won't show up as a tuple as far as Python is concerned.

So that's authentication figuring out who someone is.

The next thing to set up by default is permissions.

So this key is going to be the DEFAULT_PERMISSION_CLASSES and

it's also going to be a tuple and it's going to be rest-framework

.permissions.isauthenticatedforreadonly and

again couple single item has to have a comma.

So authentication is how we identify a user, it's how rest framework says, okay,

this is user A, this is user B, and then permissions is how rest framework says,

okay, user A can do this, user B can do that,

user C doesn't have any of these, so don't let him do anything.

And this is AuthenticatedOrReadOnly class.

Specifies that if the user is logged in, if they're authenticated,

REST framework knows who they are, then they are allowed to do stuff.

They can create records, edit records and delete records.

If they're not authenticated, then everything is read only.

All they can do is see data, they can't actually do anything with the data.

Straightforward enough, nothing too weird here.

These will get changed later on but for now these are really good defaults.

All right, so you're now done with the settings file, you can those that,

get rid of that, you'll come back to it later, but you need to set up some URLs so

that you can actually authenticate yourself with Django rest framework.

So what we're gonna do is here in url.py in this url patterns,

I'm gonna add a new rule and it's going to start with api-auth and

then I'm going to include rest_framework .urls,

and I'm gonna give it a namespace of rest_framework.

Am I over my 80, I am, darn.

All right, there we go.

So, this gives me a place to go and log in.

So with this last step completed, I'm gonna go ahead and launch the server.

And there it is and I'm gonna come over here to my

browser that already have open on the preview server and

I'm gonna go to api-auth/login.

Oops!

I forgot to import include.

All right, let's import that.

I should restart and refresh.

Cool, there we go.

All right so I already have a user set up.

So, I'm gonna go ahead and log in with that user.

The user name is kennethlove and the password is test password.

Now if you want to create your own super user you will have to use the create super

user manage dot pi command and then put in whatever username and password you want.

As you can see, we now get this error because accounts profile doesn't exist.

That's cool, the API now knows that we're authenticated.

It just can't redirect me to this default page because

that default page doesn't exist.

I did not create that route.

If you'd like to create that route, go ahead, but you really don't have to.