Rest

Auto-generated JSON CRUD from your models, plus authentication, permissions, filtering, pagination.

Built-in auth classes (Session, Bearer, Chain, Fn) and how to write your own.

Built-in permission classes (AllowAny, IsAuthenticated, IsStaff, ReadOnly), the ReadOnly default, Or / And combinators, and how to write your own.

Which models become API endpoints, the built-in block-list (auth_user, session, the permissions/tasks/admin tables), and the include_only / exclude / expose controls.

Create a parent and its children in one POST with writable nested serializers.

Download any resource as CSV with ?format=csv, same filters, search, and field selection as the JSON list.

Give custom @action endpoints a typed request/response shape that validates input and feeds the OpenAPI spec.

API rate limiting - AnonRateThrottle, UserRateThrottle, ScopedRateThrottle, the rate string format, and the 429 + Retry-After response.

Opt-in API versioning - URL-path (/api/v1/...) and accept-header (Accept; version=v2) schemes, allowed/default versions, and reading the resolved version on the request context.

Opt-in bulk create / update / delete - one transaction, all-or-nothing, with the same permissions, throttle, and field denylist as the single-object endpoints.