tillmo
commented
4 years ago @pramodkumarbontha in settings.py, you have already added rest_framework.authentication.TokenAuthentication. What is its purpose?
It seems that currently, anyone can obtain all the data from the API. Access should be restricted via a token here.
pramodbontha
for user related requests, the frontend needs to authentificate itself to the backend API via JWT