Settings

Some of Django REST Framework Simple API Key’s behavior can be customized through settings variables in settings.py. You can find below the default DRF_API_KEY setting.

# Django project settings.py
...

DRF_API_KEY = {
     "FERNET_SECRET": "",
     "API_KEY_LIFETIME": 365,
     "AUTHENTICATION_KEYWORD_HEADER": "Api-Key",
     "ROTATION_PERIOD": timedelta(days=7),
     "ROTATION_FERNET_SECRET": ""
}

Above, the default values for these settings are shown.

FERNET_SECRET

The fernet key (Fernet) is used to encrypt and decrypt API Keys.

To generate a fresh fernet key, you can use the following command:

python manage.py generate_fernet_key

Make sure to store it somewhere safe and treat it as you will treat the SECRET_KEY Django setting.

API_KEY_LIFETIME

Determines the validity period of a generated Api Key. The default value is 365 days.

AUTHENTICATION_KEYWORD_HEADER

Determines the keyword that should come with every request made to your API. The default value is Api-Key and it is used in the following format:

Api-Key API_KEY

ROTATION_FERNET_SECRET

The ROTATION_FERNET_SECRET is a secondary Fernet key (Fernet) utilized within the MultiFernet cryptographic scheme. While the primary Fernet key (fernet_key) is used for the main encryption and decryption, the ROTATION_FERNET_SECRET plays a pivotal role during key rotation phases.

In the context of MultiFernet:

  • New tokens are encrypted using the ROTATION_FERNET_SECRET.

  • Tokens can be decrypted with either the ROTATION_FERNET_SECRET enabling a smooth key rotation without rendering existing tokens obsolete.

python manage.py generate_fernet_key

This strategic usage ensures that as you transition to a new key, older tokens encrypted with the previous key remain valid, and new tokens are encrypted using the new key. Thus, a seamless transition is achieved, enhancing security without causing disruptions.