A fully-featured Django Rest Framework (DRF) project implementing JWT authentication, AES field-level encryption, API rate limiting, and CI/CD integration via GitHub Actions. Designed to demonstrate secure API development with access control, token-based authentication, encrypted data storage, request throttling, and automated testing — ideal for production-grade systems.
Designed to demonstrate how to build secure, production-ready REST APIs with token-based access, encrypted data storage, request throttling, and automated testing pipelines.
- ✅ JWT Authentication (with
djangorestframework-simplejwt) - 🔐 AES Field-Level Encryption using
cryptography - ⏳ API Rate Limiting (User Throttle: 5 requests/minute)
- 📮 Secure API Endpoints with DRF
ListCreateAPIView - 🔄 CI/CD Pipeline with GitHub Actions
- 🧪 Basic Unit Test for Secure Data POST API
- 🧱 Minimal & Modular Project Structure
- Python 3.10+
- Django 5.x
- Django REST Framework
- SimpleJWT for token auth
- Cryptography for encryption
- GitHub Actions for automated testing
drf-secure-api-jwt-encrypt-cicd-limitation/ ├── api/ │ ├── admin.py │ ├── apps.py │ ├── models.py │ ├── serializers.py │ ├── urls.py │ └── views.py ├── secure_api_project/ │ ├── settings.py │ ├── urls.py ├── .github/ │ └── workflows/ │ └── django.yml ├── manage.py ├── requirements.txt └── README.md
git clone https://github.com/Ainy07/drf-secure-api-jwt-encrypt-cicd-limitation.git
cd drf-secure-api-jwt-encrypt-cicd-limitationpython -m venv env
source env/bin/activate # On Linux/Mac
env\Scripts\activate # On Windowspip install -r requirements.txtpython manage.py makemigrations
python manage.py migratepython manage.py createsuperuserpython manage.py runserver{
"username": "yourusername",
"password": "yourpassword"
}{
"access": "<access_token>",
"refresh": "<refresh_token>"
}
Headers:
Authorization: Bearer <access_token>
{
"plain_text": "My secret info"
}{
"id": 1,
"decrypted_text": "My secret info"
}python manage.py test apiThe project includes a GitHub Actions workflow that:
Installs dependencies
Runs tests automatically on every push to main
.github/workflows/django.yml:
name: Django CI
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Run tests
run: |
cd secure_api_project
python manage.py test apiEncryption key is randomly generated per session for demo purposes. In production, use a secure static key, loaded from .env or a vault.
JWT settings like expiration can be tuned via SIMPLE_JWT in settings.py.
This project is open-source and free to use under the MIT License.
Django & DRF Official Docs
cryptography Python Library
simplejwt JWT package
This project is live on PythonAnywhere 🚀
🔗 Base URL: https://ainy07.pythonanywhere.com/
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/token/ |
Obtain JWT Access + Refresh token | ❌ |
| POST | /api/token/refresh/ |
Refresh Access Token | ❌ |
| GET/POST | /api/secure-data/ |
Store & Retrieve encrypted secure data | ✅ Bearer Token |
| Admin | /admin/ |
Django Admin Panel | ✅ Superuser |
📌 Example request for secure data (live):
POST https://ainy07.pythonanywhere.com/api/secure-data/
Authorization: Bearer <access_token>
Content-Type: application/json
{
"plain_text": "My secret info"
}