Comments on how secure this method is?

[typeshige]

Great tutorial. I learned a lot but I was wondering if you could say something about how secure this is and what might need to change to use this in production.

Also, in the tutorial, shouldn't the urls be:

$ curl localhost:8000/api/users/i/
$ curl -X POST -d "username=user&password=pass" localhost:8000/api/obtain-auth-token/
$ curl -H "Authorization: Token {your token here}" localhost:8000/api/users/i/

[coxjonc]

Hey sorry for not getting to this I was switching jobs (and countries!) so got caught up in other stuff. Yeah it depends how you registered the app in your root urlconf - if you registered it as ^api then yes, you should add api at the start of the url path. Since that's what most people will do, I'll go ahead and change it in the tutorial. Thanks for the tip.

As for security, give me a little time to work on it and I'll see if I can make an update to the tutorial. That's definitely an important consideration.