Good Day everyone,
Question:
I would be very grateful if anyone can provide any thoughts, suggestions or recommendations on how to secure a custom API built using django (not DRF).
Context:
I have developed a web application that uses React on the frontend, Django (GeoDjango) on the backend and postgres+postgis as the dB. It’s main feature is a dashboard and upon user requests, I have functional-based views that executes and returns data via JsonResponses, which i then use to display on a map for instance.
Problem
I use Mapbox, and its source as geojson. Initially, to serialize the data to geojson format, I used the django-rest-framework-gis I found from the DRF docs. However, the serialization process using this package was too slow (about 20s to fetch, serialize and render data) (deduced most of the time was taken due to serialization).
I therefore stumbled upon this solution (Increase Django Geojson Serialization Performance | by Deniz Akdeniz | Medium) which used AsGeoJSON and the time taken to render the data was reduced to approximately 5s. Therefore I used this method and returned the data in a JsonResponse.
Main question:
I would now like to know how do I secure these custom built APIs? From online research I see resources stating that DRF is normally used and there are several security layers that can be easily added using that microframework. I also saw that authentication can be used. Also saw that data should be fetched using POST requests.
However, besides those options does anyone have any suggestions or recommendations for securing these kinds of APIs? I would really appreciate it.
Thank you.