Logo

Chris Nyland - Demo Site

API Demo
Django Rest Framework Demonstration

This is a demonstration of the Django Rest Framework, which is a powerful toolkit for building RESTful APIs in Django.

The API was designed to be RESTful and adhere to the 'Single Responsibility' principle of API's.
To that end I have created three logins that can be used to explore the API and how the authentication affects each one.

Please see below for the layout of the API and the logins you can use to explore them.

The API's can be explored either through the browser via login, or API software such as Postman via the available tokens.

API Overview

The API is hooked into a MySQL database with a fictional employee table.
The API is designed to allow for CRUD operations on the employee table, as based on user authentication and authorization.
Note that as all CRUD operations are allowed, the database is designed to regenerate the table on an hourly basis with semi-random data so all changes will be reverted.
This is to allow multiple people to experiment with the API without worrying about data integrity.

The API was designed to be RESTful and adhere to the 'Single Responsibility' principle of API's.
Please feel free to use the logins and API endpoints to explore and manipulate the database.

API Logins

If you wish to use the browser to view the endpoints, use the Login button in the top right hand corner. This will restrict to just the GET requests listed below.
If you wish to use the others, you can use Postman, Insomia or the Swagger UI provided.
They will require the tokens below. They are bearer tokens and require the 'Bearer' Prefix.

Please keep in mind the sessions are intentionally short and also expire upon exit.

Eddie Employee

Email: eddie.employee@company.ca
Password: dummy123
Bearer Token: 2468c25a10eef82b36ef1237af871824adc7251b
Notes: This has the lowest level of authentication. With this you can see the employee database, but only your own salary. This user is restricted to GET actions only. Mandy Manager will always be set as manager for this user.

Mandy Manager

Email: mandy.manager@company.ca
Password: dummy123
Bearer Token: 91c84276c49c681d9f23260e978ef603c1370240
Notes: This login has the ability to see the salary of any employee they are listed as manager of. All others are blocked. Again they are limited to GET actions only.

Adam Admin

Email: adam.admin@company.ca
Password: dummy123
Bearer Token: a1f44e16581b9be9f449c44ec3d469ad4dbbb4d7
Notes: This is the highest level of access. They can see all employees' salaries. As well they can add new employees, update data in existing entries and delete employees. Mandy Manager will always be set as manager for this user.

API Endpoints

The endpoints below are the main endpoints for the API. They are designed to be RESTful and follow the CRUD operations.

All endpoints are prefixed with /api/latest/ and are followed by the action you wish to perform.
All endpoints can be accesed via the browser, my Swagger UI or via API software such as Postman or Insomia.

GET /api/latest/employees

URL: https://chrisnydemo.ddns.net/api/latest/employees

This endpoint allows you to retrieve a list of all employees in the database.
It is available to all users, but this view does not allow you to view salaries.

Returns 200 OK upon success.

GET /api/latest/employee/{employee_id}

URL: https://chrisnydemo.ddns.net/api/latest/employee/{employee_id}

This endpoint fetches a single employee from the database.
It is available to all users, but this view does not allow you to view salaries as it is considered privileged information.

Returns 200 OK upon success.

GET /api/latest/employee/{employee_id}/salary

URL: https://chrisnydemo.ddns.net/api/latest/employee/{employee_id}/salary

This endpoint fetches a single employee's salary from the database.
Employees can only view their own salaries while Managers can only view their own, as well as employees under them.
Admins can view all salaries.

Returns 200 OK upon success.

PATCH /api/latest/employee/{employee_id}

URL: https://chrisnydemo.ddns.net/api/latest/employee/{employee_id}

This endpoint is used to modify any existing database entry and can only be used by Admins.
This endpoint expects a body outlining the changes to be made. This is most easily done via Swagger UI or Insomnia/Postman
Returns 200 OK upon success.

POST /api/latest/employees

URL: https://chrisnydemo.ddns.net/api/latest/employees

This endpoint is used to create a new database entry and can only be used by Admins.
This endpoint expects a body outlining all required fields. This is most easily done via Swagger UI or Insomnia/Postma

The current fields required are last_name, first_name, salary, position, email, manager. Missing any, the API will return a 403 along with the missing fields
Returns 201 Created upon success.

DELETE /api/latest/employee/{employee_id}

URL: https://chrisnydemo.ddns.net/api/latest/employee/{employee_id}

This endpoint is used to delete an existing database entry and can only be used by Admins.
No body is required for the request.

Returns 200 OK upon success.