We’ve had a similar problem, which I have written about here. Two notes to that thread:
1.) The database settings for name/host/credentials are defined in the settings. That means adding a new project (=client/tenant) involves logging into the server and updating the settings file. However I think it should be possible to update the settings from within the running instance with data pulled from the database where the django app lives.
2.) We have since added an extended system to define read/write access to the API for each user and each project. Unfortunately I can’t post our solution here as it would expose too much code. Essentially it works with custom permissions, a custom backend checking for those permissions and decorators for views so that ensuring correct read/write access is as simple as adding that decorator to the view method. For DRF the permissions alone might be enough.
Overall our code ended up a bit undjangonic, but it’s still manageable. I’d rather have to deal with some extra complexity than miss all those goodies Django brings along.