[kwlug-disc] Django API authentication

[Paul Nijjar]

I am too intimidated to ask this on Stack Exchange, and by
DuckDuckGo-fu is weak, so I'll ask here: 

I have a Django webapp. Human-interactive screens will be
authenticated using LDAP (aka the authentication system on the
Operating System That Shall Not Be Named). 

Now I am creating a very simple API from scratch. I would like to
avoid using Tastypie or Django REST Framework if I can, because the
API is really trivial. 

The API will be consumed by two things: 
- A Javascript snippet
- A desktop application written in Python

My goals: 

- Authenticate the API methods against a small set of shared
  passwords NOT stored on the LDAP server
- Do it in such a way that it is easy to program the Javascript
  snippet and desktop application to authenticate
- Do it quickly and easily, without needing to learn anything too
  complex (otherwise I would just use Tastypie)
- Not use this layer of authentication for the interactive screens of
  the webapp

What am I looking for? How do I go about this?

I do not think I need anything as complicated as an API key setup.

I am pretty confused as to how you even authenticate REST calls in
Django, so pointers to that would be helpful as well.

- Paul 


-- 
http://pnijjar.freeshell.org