I am new to Django and I am trying to write some APIs. Django has user-based authentication request.user.is_authenticated() to check whether a valid user is logged in or not.
There is also session authentication.
How session authentication is different than Django user-based authentication?
Which is more secure? I am trying to write the rest APIs that call third-party APIs.
Is it possible to use tastypie SessionAuthentication without using the model?
I didn't find any rest API example that has implemented tastypie without model.
It usually depends on how you want to approach the authentication, they both are secure but session authentication is usually more secure when you don't have an SSL connection. Basic authentication would mean that you have to send the user email and password (credentials) every time you want to get anything from your API, while session authentication works with a session token inside a cookie that you store in your browser (or what ever app) in order to make that authentication and let the server know that you are you.
I completely recommend you to watch this talk https://www.youtube.com/watch?v=j8Yxff6L_po if you know a little bit of Node (also it might be useful if you don't), there, he explains pretty much all these differences. But on summary what I mean is that you can do auth with both altho I think session authentication is more secure since you don't need to send the users' credentials every time.