Now, we will make changes to use token-based authentication to retrieve, update, or delete pilots. Only those users that have a token will be able to make these operations with pilots. Hence, we will setup a specific authentication for pilots. It will still be possible to see the pilot's name rendered in unauthenticated requests.
The token-based authentication requires a new model named
Token. Make sure you quit the Django's development server. Remember that you just need to press Ctrl + C in the terminal or command prompt window in which it is running.
Of course, in a production environment, we must make sure that the RESTful Web Service is only available over HTTPS, with the usage of the latest TLS versions. We shouldn't use a token-based authentication over plain HTTP in a production environment.
restful01/restful01/settings.py file that declares module-level variables that define the configuration of Django for the