What is DRF authentication (Token, JWT) in Django?

Djangoframework~5 mins

DRF authentication (Token, JWT) in Django

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

Authentication helps check who a user is before giving access. Token and JWT are ways to do this safely in Django REST Framework.

You want users to log in once and use a token to access your API without sending username and password every time.

You need to protect API endpoints so only logged-in users can see or change data.

You want a simple way to manage user sessions without cookies or server-side sessions.

You want to build a mobile app or frontend that talks to your Django backend securely.

You want to use stateless authentication that works well with modern web apps.

Syntax

Django

from rest_framework.authentication import TokenAuthentication
from rest_framework_simplejwt.authentication import JWTAuthentication

# In your Django settings.py
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',  # For Token auth
        'rest_framework_simplejwt.authentication.JWTAuthentication',  # For JWT auth
    ],
}

TokenAuthentication uses a simple token string to identify users.

JWTAuthentication uses JSON Web Tokens that include encoded user info and expiry.

Examples

This view uses TokenAuthentication to check the user token sent in headers.

Django

# Token Authentication example
from rest_framework.authentication import TokenAuthentication
from rest_framework.views import APIView
from rest_framework.response import Response

class MyView(APIView):
    authentication_classes = [TokenAuthentication]

    def get(self, request):
        return Response({'message': 'Hello, token user!'})

This view uses JWTAuthentication to check the JWT token sent in headers.

Django

# JWT Authentication example
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework.views import APIView
from rest_framework.response import Response

class MyView(APIView):
    authentication_classes = [JWTAuthentication]

    def get(self, request):
        return Response({'message': 'Hello, JWT user!'})

Sample Program

This API view requires a valid token to access. It greets the logged-in user by name.

Django

from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated

class HelloTokenView(APIView):
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]

    def get(self, request):
        username = request.user.username
        return Response({'message': f'Hello, {username}! You are authenticated with Token.'})

OutputSuccess

Important Notes

Tokens must be sent in the HTTP header as Authorization: Token <token> for TokenAuthentication.

JWT tokens are sent as Authorization: Bearer <jwt_token>.

Always keep tokens secret and use HTTPS to protect them in transit.

Summary

Token and JWT are ways to check who is using your API safely.

TokenAuthentication uses simple tokens; JWTAuthentication uses encoded tokens with expiry.

Use authentication classes in your views or settings to protect your API endpoints.