Hi All - I am currently developing an API in Flask for automating a few of my tasks. I am planning to use Django for consuming the Flask API and for displaying the results. The API will be used by my team as well, so I would like to enforce access controls based on the user logged in. For example, User A can consume the API, but User B can only see the results. Also, I am planning to enforce other controls, such as a user can consume a particular API only once per day. For the Database, I am planning to use PostgreSQL. Request you to share your insights and ideas. Thank you!
So, to limit access to URLs based on users, you will need to use roles for the users. So, there will be groups under which all users need to categorised. Let's say in a Hospital setting, the roles would be "Patients", "Doctors", "Nurses" etc. And all the users will be under these categories. Django has an open source extension "django-role-permissions" which I have used extensively for many of my projects and I can vouch for. It is easy to handle and has good documentation to get started with.
For limiting API calls, you will need to create a table which accounts for the number of times a specific API is called by a user and use that to limit access.
Link to mentioned library: https://github.com/vintasoftware/django-role-permissions