BOB Docs
APIApplication

Core

The heart of the solution includes configuration data for managing the API and background tasks.

Settings

The settings are divided by environment, with common settings extracted into a common file. Each environment-specific settings file (e.g., test) must import the contents of the common file.

Framework Settings:

  • INSTALLED_APPS: A list of applications used in the Django project.
  • MIDDLEWARE: Middleware that processes requests and responses (Middleware in Django).
  • ROOT_URLCONF: Specifies the module containing the main routing configuration.
  • AUTH_USER_MODEL: Defines the user model for Django's authentication system.
  • AUTH_PASSWORD_VALIDATORS: Validators for password creation and usage.
  • LANGUAGE_CODE: The default language of the application.
  • TIME_ZONE: The time zone used by the application (Available time zones).
  • USE_I18N: Enables internationalization support (e.g., translations).
  • USE_TZ: Enables time zone support for database timestamps.
  • STATIC_URL: The URL path for accessing static files (e.g., CSS, JS, images).
  • STATIC_ROOT: The file system path where Django collects all static files for production.
  • MEDIA_ROOT: The file system path for storing user-uploaded files.
  • MEDIA_URL: The URL path for accessing user-uploaded files.
  • DEFAULT_AUTO_FIELD: Specifies the default primary key field type for new models (BigAutoField for 64-bit auto-incrementing fields).
  • LOGGING: Configures Django's logging system for application logs.

Environment Variables

The common configuration includes environment variables to allow project customization without modifying the code.

  • DJANGO_SETTINGS_MODULE: Specifies the settings module to load during application startup.

Security:

  • SECRET_KEY: A key for securing data such as sessions and CSRF tokens. Must remain secret in production.
  • DEBUG: Enables debug mode. Never enable in production, as it exposes sensitive error details.
  • ALLOWED_HOSTS: A list of allowed domains or IPs for the application.

Image Hosting:

  • HOST_IMAGES_ADDRESS: The address of the host serving images (e.g., CDN or file server).

CORS:

  • CORS_ALLOWED_ORIGINS: A list of trusted origins for cross-origin requests.
  • CORS_ALLOW_CREDENTIALS: If True, allows cookies and other credentials in cross-origin requests.

JWT (JSON Web Token):

  • JWT_PUBLIC_KEY and JWT_PRIVATE_KEY: Keys for signing and verifying JWTs.
  • REFRESH_TOKEN_KEY: Key for identifying refresh tokens.
  • ACCESS_TOKEN_EXPIRATION_TIME_IN_SECONDS and REFRESH_TOKEN_EXPIRATION_TIME_IN_SECONDS: Expiration times for access and refresh tokens.
  • JWT_AUDIENCE: Specifies the audience for JWTs.
  • JWT_ISSUER: Specifies the issuer of the JWTs.

Authorization and Firebase:

  • ENABLE_SELF_AUTHENTICATION: Enables the local user authentication system.
  • ENABLE_FIREBASE_AUTHENTICATION: Enables Firebase user authentication.
  • LOGIN_REGISTRATION_PROVIDERS: A list of available registration and login methods.
  • FIREBASE_CERTIFICATE_PATH: Path to the Firebase certificate for authentication.

Stripe (Payments):

  • STRIPE_API_KEY and STRIPE_ENDPOINT_SECRET: Keys for Stripe API usage and webhook verification.
  • ISO_ALPHA_3_CURRENCY_CODE: Currency code for payments.
  • ADDITIONAL_CURRENCIES_MULTIPLIERS: Multipliers for payments in different currencies.

Application and User Configuration:

  • HOST_ADDRESS: Application host address (e.g., domain or IP).
  • MAXIMUM_AMOUNT_OF_SINGLE_ITEM_TO_PURCHASE: Max quantity of a single product allowed per order.
  • DEFAULT_COUNTRY and DEFAULT_COUNTRY_ALPHA_2_CODE: Default country and its ISO Alpha-2 code.
  • MAILGUN_API_KEY: API key for Mailgun email service.

Email System:

  • USER_IS_ACTIVE_AFTER_EMAIL_VERIFICATION: Determines if a user becomes active after email verification.
  • SEND_VERIFICATION_EMAIL and SEND_RESET_PASSWORD_EMAIL: Enable verification and password reset emails.
  • BASE_RESET_PASSWORD_URL: URL for resetting passwords.
  • RESET_PASSWORD_TOKEN_TIME_IN_HOURS: Validity period of the reset password token in hours.
  • BASE_VERIFICATION_EMAIL_URL: URL for email verification.
  • SEND_INVITATIONS_VIA_EMAIL: Enables sending email invitations.

Generating JWT Keys

To create your own keys for signing and verifying API requests, install openssl and follow these steps:

  1. Generate a private key:
openssl genpkey -algorithm RSA -out private_jwt_key.pem -pkeyopt rsa_keygen_bits:2048
  1. Generate a public key from the private key:
openssl rsa -in private_jwt_key.pem -pubout -out public_jwt_key.pem

Store these keys in the environment variables JWT_PRIVATE_KEY and JWT_PUBLIC_KEY.

Never expose your private key!

API

The configuration file includes REST API setup information. The primary object for handling requests is:

api = NinjaAPI(auth=AuthorizedUsers())

You can register routers for specific applications:

api.add_router("/auth", auth_router)
api.add_router("/payment/billing", billing_router)
api.add_router("/store", store_router)

Authorization

The NinjaAPI object accepts an authorization class (AuthorizedUsers) as the default for all requests. This can be overridden for specific routers.

Available authorization classes:

  • AuthorizedUsers: Allows authenticated users.
  • AuthorizedOrAnonymousUser: Allows both authenticated and anonymous users.

Each request includes an auth attribute, representing either AnonymousUserBoB or CustomUser.

For more information, see the user application.

Learn more

Admin Panel

The admin panel allows you to manage all model instances in the solution:

path("admin/", admin.site.urls)

Access the panel using credentials from the setupdevusers command in the user application.

Learn more

Celery

This document includes the configuration for recurring tasks performed by the application.

Redis is used as the message broker, and Postgres is used for storing task results. For more information, refer to the background tasks module.

Learn more

Previous

Exception Registry

Next

User

On this page