I'm using Django TastyPie for my API. I have a completely separate HTML application that my user views and will see basic read only info from the Django API. My question is what authentication method should I use in this situation. The HTML application is technically me not the user and they don't login. The app is not Django but pure javascript, hiding a key or anything else is pointless.
1 Answers
2
votes
will see basic read only info from the Django API.
It sounds like you probably just want to make those bits of the API publicly available for read-only access, and then not use any authentication method.
As you say attempting to hide a key isn't a sensible way to go, and if there's no kind of user login then you can't really authenticate in any secure way.