How to disable admin-style browsable interface of django-rest-framework?
I am using django-rest-framework. It provides an awesome Django admin style browsable self-documenting API. But anyone can visit those pages and use the interface to add data (POST). How can I disable it?
Answer
You just need to remove the browsable API renderer from your list of supported renderers for the view.
Generally:
REST_FRAMEWORK = {
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
)
}
Per-view basis:
class MyView(...):
renderer_classes = [renderers.JSONRenderer]
Aside:
In many cases I think it's a shame that folks would choose to disable the browsable API in any case, as it's a big aid to any developers working on the API, and it doesn't give them more permissions that they would otherwise have. I can see that there might be business reasons for doing so in some cases, but generally I'd consider it a huge asset. Although, in some cases there may be details shown (like the names of custom actions) that a non-public API may not want to expose.
See also the answer below for more detail about restricting the browsable API renderer to development.