Use `TokenAuthentication` instead of API keys.

2 files changed, 7 insertions, 11 deletions

diff --git a/pysite/permissions.py b/pysite/permissions.py
deleted file mode 100644
index 2a96b819..00000000
--- a/pysite/permissions.py
+++ /dev/null
@@ -1,8 +0,0 @@
-from django.conf import setting
-from rest_framework import permissions
-
-
-class HasValidAPIKey(permissions.BasePermission):
-    def has_permission(self, request, view):
-        api_key = request.META.get('HTTP_X_API_KEY')
-        return api_key == settings.BOT_API_KEY
diff --git a/pysite/settings.py b/pysite/settings.py
index b727c246..914fcbe5 100644
--- a/pysite/settings.py
+++ b/pysite/settings.py
@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/2.1/ref/settings/
 """
 
 import os
+import sys
 
 import environ
 
@@ -64,6 +65,8 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
 
     'django_hosts',
+    'rest_framework',
+    'rest_framework.authtoken'
 ]
 
 MIDDLEWARE = [
@@ -164,9 +167,10 @@ else:
 # Django REST framework
 # http://www.django-rest-framework.org
 REST_FRAMEWORK = {
-    'DEFAULT_PERMISSION_CLASSES': [
-        'pysite.permissions.HasValidAPIKey'
-    ]
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication'
+    ],
+    'TEST_REQUEST_DEFAULT_FORMAT': 'json'
 }
 
 # Bot API settings