djangodjoser

Djoser Disable Unused Endpoints


I am using Djoser for authentication in my WebApp and it is pretty fine. However, I'm concerned about some endpoints, like

auth/users

which returns all users if a token is passed. I won't be using this endpoint and will disable it in frontend as I don't want my users to use it as well. But still, I'm concerned. How can I disable these unused endpoints provided by Djoser?


Solution

  • It's not easily possible to completely disable the endpoints. Maybe restricting this endpoint for admin only will be sufficient?

    You could try setting rest_framework.permissions.IsAdminUser permission for user_list view.

    Something like this should work:

    DJOSER = {
        'PERMISSIONS': {
            'user_list': ['rest_framework.permissions.IsAdminUser'],
        }
    }
    

    DRF IsAdminUser permission

    DJoser permissions docs