Setting up the Shuup REST API¶

First, add rest_framework and shuup.api to your INSTALLED_APPS.

Then – and this differs from Django REST Framework’s defaults – you must add the REST_FRAMEWORK configuration dict to your settings. Django REST Framework defaults to no permission checking whatsoever (rest_framework.permissions.AllowAny), which would make all of your data world-readable and writable.

This is not what we want to accidentally happen, so configuration is enforced.

For the sake of demonstration, let’s make the API only accessible for superusers with the IsAdminUser permission policy. (Authentication is enabled by the default settings.)

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',)
}

Now just add the API to your root urlconf.

urlpatterns = [
    # *snip*
    url(r'^api/', include('shuup.api.urls')),
    # *snip*
]

All done! If you visit the /api/ URL (as a suitably authenticated user), you should be presented with Django REST Framework’s human-friendly user interface.