Djangorestframework-api-key

**This release is incompatible with 0.x**. See [Upgrade to 1.0](https://florimondmanca.github.io/djangorestframework-api-key/upgrade/1.4/) for migration steps.

Removed

- Remove `HasAPIKeyOrIsAuthenticated` permission class. You should use bitwise composition now, e.g. `HasAPIKey | IsAuthenticated`.
- Drop the `DRF_API_KEY_*` settings. (Pull 19)

Changed

- Switch to a new API key generation and validation scheme. Clients must now authorize using a single API key header (Pull 19). The header is `Authorization` by default. It can be customized using the `API_KEY_CUSTOM_HEADER` setting (Pull 26). Use the `name` field to identify clients.

Added

- Add support for Django 2.2. (Pull 27)
- Add programmatic API key creation using `APIKey.objects.create_key()`. (Pull 19)

Fixed

- Improved API key storage using Django's password hashing helpers. (Uses the default Django password hasher.) (Pull 19)

Removed

- Drop support for Python 3.4. Only 3.5, 3.6 and 3.7 are supported now.
- Drop support for Django < 2.0. Only 2.0 and 2.1 are supported now.

Fixed

- `HasAPIKey` now implements `.has_object_permissions()`, which allows to compose it with other permission classes and perform object-level permission checks. (Pull 25)

_Initial changelog entry._

Added

- `APIKey` model.
- `HasAPIKey` and `HasAPIKeyOrIsAuthenticated` permission classes.
- Generate, view and revoke API keys from the Django admin.
- Authenticate requests using the `Api-Token` and `Api-Secret-Key` headers. Customizable via the `DRF_API_KEY_TOKEN_HEADER` and `DRF_API_KEY_SECRET_KEY_HEADER` settings.