Understanding authentication, permissions, and throttling
Our current version of the API processes all incoming requests without requiring any kind of authentication. Django REST Framework allows us to easily use different authentication schemes to identify the user that originated the request or the token that signed the request. Then, we can use these credentials to apply the permission and throttling policies that will determine whether the request must be permitted or not. In a production environment, we can combine an authentication scheme with an API running under HTTPS. In our development configuration, we will continue working with the API under HTTP, but this is only valid for developing.
As happened with other configurations, we can set the authentication schemes globally and then override them, if necessary, in a class-based view or a function view. A list of classes specifies the authentication schemes that we want to use. Django REST Framework will use all the specified classes...