Django Rest: Why is the access denied, although AccessAny is set as permission?

Question

I want to give all people, without any permissions access to my API. The following definitions I made in my files:

views.py

from rest_framework.views import APIView
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework.parsers import JSONParser
from rest_framework.permissions import AllowAny
from django.http import HttpResponse, JsonResponse
from rest_framework import status
from api.models import Application, Indice, Satellite, Band
from api.serializers import OsdSerializer
import logging
logger = logging.getLogger(__name__)

class OsdView(APIView):
    permission_classes = [AllowAny]

    def get(self, request):
        applications = Application.objects.all()
        serializer = OsdSerializer(applications, many=True)
        return Response({"Applications:": serializer.data})

class DetailView(APIView):
    permission_classes = [AllowAny]

    def get(self, request, machine_name):
        application = Application.objects.get(machine_name=machine_name)
        downloads = OsdSerializer(application, context={"date_from": request.query_params.get("from", None), "date_to": request.query_params.get("to", None), "location": request.query_params.get("location", None), })

        return Response(downloads.data)

settings.py

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny',
    ]
}

But when I access the API the result is the following instead of the content:

{"detail":"Invalid username/password."}

Answer 1

You also have to add a Authentication:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',
    ],

}

That's why you are getting the error; and do not worry, anyone will see your API data even without (a GET at least!) login.