Home/ Questions/Q 8766879
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T16:39:31+00:00

I am using django-rest-framework . It provides an awesome Django admin style browsable self-documenting

  • 0

I am using django-rest-framework. It provides an awesome Django admin style browsable self-documenting API. But anyone can visit those pages and use the interface to add data (POST). How can I disable it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You just need to remove the browsable API renderer from your list of supported renderers for the view.

    Generally:

    REST_FRAMEWORK = {
    'DEFAULT_RENDERER_CLASSES': (
        'rest_framework.renderers.JSONRenderer',
    )
}

    Per-view basis:

    class MyView(...):
    renderer_classes = [renderers.JSONRenderer]

    Aside:

    In many cases I think it’s a shame that folks would choose to disable the browsable API in any case, as it’s a big aid to any developers working on the API, and it doesn’t give them more permissions that they would otherwise have. I can see that there might be business reasons for doing so in some cases, but generally I’d consider it a huge asset. Although, in some cases there may be details shown (like the names of custom actions) that a non-public API may not want to expose.

    See also the answer below for more detail about restricting the browsable API renderer to development.

    • 0