Today we will expand our Blog API to support some of the advanced django-rest-framework
features, like versioning
, throttling
, etc.
Aside from small changes, we will mostly keep the same data model as before. Previous endpoints, like /users
, /entries
, etc will also remain the same.
It's a very good practice to keep your APIs versioned. If at any point in the future you need to do significant changes to your API, changing the original code or endpoints would not allow backward compatibility for all the current clients of your API. Instead, we can create a new version and keep everything safe.
The API version must be specified in the URL like this: /api/v1/
. You must make sure to configure rest_framework
properly, so the version is available for every request under request.version
.
In order to test that the API versioning is actually working, we created a pretty simple StatusView
that only returns {"version": "v1"}
.
In our previous API, we only supported JSON
response format. There was no way of specifying a different data format. Today we will need to support both JSON
and XML
.
By default, the API should always return JSON
responses. But, if we send a custom ?format=xml
argument, the same output must be returned using XML
formatting. The ?format=json
argument should work as well, in case we want to explicitly select JSON
as output.
For security reasons, it's always recommended to avoid a single user being able to perform huge amount of requests in a considerable small amount of time. While working with APIs, that's well known as throttling
. In django-rest-framework
, API throttling
is available out of the box.
You will need to configure a rule in your API, to limit a maximal of 50 requests per minute
for the same user.
Finally, we will do a quick update to our Entry
model adding a new image
field. We should be able to POST an attached image while creating a new blog Entry
. We already provide the Django MEDIA_ROOT
and MEDIA_URL
settings so you don't need to deal with them. Make sure POSTed images are uploaded under those directories.
As a small hint, when you read the tests note that the format="multipart"
is used when POSTing the Entry
data.