From 8864e4f792fdf42ebc538bb69028b42a07a7b2fa Mon Sep 17 00:00:00 2001 From: Jaimyn Mayer Date: Thu, 19 Oct 2023 14:04:02 +1000 Subject: [PATCH] Update docs to include example on manually validating API keys (#257) * Update guide.md to add example for manually validating API key * Update guide.md to add manual key validation note to programmatic usage section * Update guide.md - fixed copy paste error * Update docs/guide.md Co-authored-by: Florimond Manca --------- Co-authored-by: Florimond Manca --- docs/guide.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/guide.md b/docs/guide.md index e12434d..353dbd6 100644 --- a/docs/guide.md +++ b/docs/guide.md @@ -73,6 +73,17 @@ See also [Setting the permission policy](http://www.django-rest-framework.org/ap permission_classes = [HasAPIKey | IsAuthenticated] ``` +### Manually validating API keys +You can also manually validate an API key with the `APIKey` objects manager using the `is_valid()` method on the manager lke below. This is useful for validating API keys outside of a normal Django view, such as inside a websocket consumer from Django Channels. + +```python +from rest_framework_api_key.permissions import APIKey + +# this should be a string containing only the API key - remove any additional text like "Api-Key" if present +raw_key = "XXXXXXXX.XXXXXXXXXX" +is_valid_key = APIKey.objects.is_valid(raw_key) +``` + ### Making authorized requests #### Authorization header @@ -123,8 +134,10 @@ When it is installed, `djangorestframework-api-key` adds an "API Key Permissions #### Programmatic usage -API keys can be created, viewed and revoked programmatically by manipulating the `APIKey` model. +API keys can be created, viewed, revoked, and validated programmatically by manipulating the `APIKey` model. +- You can validate API keys manually, see the "Manually validating API keys" section above. + !!! note The examples below use the [Django shell](https://docs.djangoproject.com/en/2.2/ref/django-admin/#django-admin-shell).