← Back to Skills Marketplace
pradeepcep

Django REST Framework

by pradeepcep · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ Security Clean
813
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install drf
Description
Generate and manage Django REST APIs using DRF with best practices for serializers, viewsets, routing, authentication, optimization, and testing.
README (SKILL.md)

Django REST Framework

This skill details how to generate, configure, and enhance REST APIs using Django + Django REST Framework (DRF). It includes instructions on project setup, API structure, serializers, viewsets, routing, authentication, performance optimization, testing, and common pitfalls.

Overview

Use this skill when you:

  • Start a Django + Django REST Framework (DRF) project
  • Work on a Django project that uses Django REST Framework (DRF)
  • Work on a Python project that lists djangorestframework in its requirements.txt or pyproject.toml
  • Create REST API endpoints in a Django project
  • Add, modify, or apply best practices for serializers, views, viewsets, permissions, authentication, pagination, filtering in a Django project
  • Optimize database queries and API performance in a Django project

Start a Project

1. Create & Activate Virtual Environment

python3 -m venv .venv
source .venv/bin/activate
pip install django djangorestframework
django-admin startproject project .

2. Create an App

python manage.py startapp [appname or "api"]

3. Configure Django REST Framework

Add to settings.py:

INSTALLED_APPS = [
    "rest_framework",
    appname or "api",
]

REST_FRAMEWORK = {
    "DEFAULT_PERMISSION_CLASSES": [
        "rest_framework.permissions.IsAuthenticated",
    ],
    "DEFAULT_RENDERER_CLASSES": [
        "rest_framework.renderers.JSONRenderer",
    ],
    "DEFAULT_FILTER_BACKENDS": [
        "django_filters.rest_framework.DjangoFilterBackend",
    ],
    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.LimitOffsetPagination",
    "PAGE_SIZE": 10,
}

Core Principles

Serializers

  • Prefer ModelSerializer to reduce boilerplate.
  • Keep serializers focused on validation and representation.
  • Use separate serializers for:
    • list vs detail
    • read vs write
    • public vs internal APIs
  • Add serializers to a serializers.py file inside the appropriate Django app

Example:

# File: accounts/serializers.py
class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ["id", "username", "email"]

Views & ViewSets

  • Use ViewSet or ModelViewSet for standard CRUD APIs.
  • Override get_queryset() instead of filtering in the serializer.
  • Keep views thin, and use features from DRF parent classes as much as possible
  • Always return responses in the configured format (fallback to json)
  • Always put views in the views.py file inside the appropriate Django app

Example:

# File: accounts/views.py
class UserViewSet(ModelViewSet):
    serializer_class = UserSerializer

    def get_queryset(self):
        return User.objects.filter(is_active=True)

Routing

  • Use DRF routers for consistency and discoverability.
  • Avoid deeply nested URLs unless strictly necessary.
  • Put routers in a urls.py file inside the appropriate Django app
  • Make sure the urls.py inside the Django app is included in the main urls.py

Example:

# File: accounts/urls.py
router = DefaultRouter()
router.register("users", UserViewSet)
urlpatterns = router.urls

Example:

# File: project/urls.py

urlpatterns = [
    path("", include("accounts.urls")),
]

Authentication & Permissions

Authentication

  • Prefer stateless authentication for APIs.
  • Token-based or JWT authentication is recommended.
  • Never rely on session authentication for public APIs unless explicitly required.

Permissions

  • Always define explicit permissions.
  • Default to secure (IsAuthenticated) rather than open.
  • Use custom permission classes for fine-grained control.
  • Create custom permissions inside a permissions.py file inside the appropriate Django app.

Example:

permission_classes = [IsAuthenticated]

Pagination, Filtering & Throttling

Pagination

  • Always paginate list endpoints.
  • Avoid returning unbounded querysets.

Filtering

  • Filter in get_queryset() using request parameters.
  • Validate query params explicitly.

Throttling

Protect APIs from abuse:

REST_FRAMEWORK = {
    "DEFAULT_THROTTLE_CLASSES": [
        "rest_framework.throttling.AnonRateThrottle",
        "rest_framework.throttling.UserRateThrottle",
    ],
    "DEFAULT_THROTTLE_RATES": {
        "anon": "100/day",
        "user": "1000/day",
    },
}

Performance Best Practices

Query Optimization

  • Always inspect query counts in list views.
  • Use select_related() for foreign keys.
  • Use prefetch_related() for many-to-many and reverse relations.

Example:

# File: orders/views.py
def get_queryset(self):
    return Order.objects.select_related("customer").prefetch_related("items")

Caching

  • Cache expensive read-heavy endpoints.
  • Use Redis or Memcached.
  • Never cache user-specific responses globally.

Testing

  • Write tests for:
    • serializers
    • permissions
    • edge cases
  • Use APITestCase and APIClient.
  • Test both success and failure paths.

Common Gotchas & Pitfalls

Bulky Views / Bulky Serializers

Avoid putting business logic inside: - serializers - views - permission classes

Instead, use: - service modules - domain logic in models - reusable helper functions

N+1 Query Problems

DRF does not optimize queries automatically. Missing select_related() or prefetch_related() will silently destroy performance.

Silent Security Bugs

Common mistakes: - Forgetting permission classes - Allowing unauthenticated access by default - Exposing writeable fields unintentionally - Exposing passwords or secret fields in response

Always audit: - serializer fields - permission classes - allowed HTTP methods

Assuming Async Behavior

Django REST Framework is primarily synchronous.

Do not assume: - async views improve performance automatically - background tasks belong in request/response cycles

Use task queues (Celery etc.) for long-running work.

Example Commands

python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser
python manage.py runserver

📝 References

  • Django documentation
  • Django REST Framework documentation
  • Real-world production DRF patterns
Usage Guidance
This skill is a coherent, text-only guide for building DRF APIs. Before using it: (1) review the SKILL.md to ensure its commands and recommendations match your project conventions; (2) if you run its shell commands (virtualenv, pip install), do so in a controlled environment (local venv or container) to avoid affecting system-wide Python packages; (3) verify any third-party packages you install come from trusted package indexes; and (4) if you want stricter assurance, copy the guidance and run the steps manually rather than granting an agent automatic execution privileges.
Capability Analysis
Type: OpenClaw Skill Name: drf Version: 1.0.0 The skill bundle provides comprehensive documentation and standard commands for setting up and working with Django REST Framework. All commands listed in `SKILL.md` are typical for Django development (e.g., `python3 -m venv`, `pip install`, `django-admin startproject`, `python manage.py`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent to perform actions outside the stated purpose. The content is purely instructional and aligned with its description.
Capability Assessment
Purpose & Capability
The name/description (Django REST Framework scaffolding and best practices) match the SKILL.md content. The only declared runtime requirement is python3, which is appropriate for the described tasks.
Instruction Scope
The SKILL.md stays on-topic: project setup, serializers, viewsets, routing, auth, optimization, and testing. It instructs creating virtualenvs, installing Django/DRF via pip, editing standard Django files (settings.py, views.py, urls.py, serializers.py). It does not instruct reading unrelated system files, accessing environment secrets, or sending data to external endpoints.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded by the registry. The advice to run pip install is expected for Python projects. There are no download URLs or archive extracts that would raise concerns.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance references project-local files (requirements.txt, pyproject.toml, settings.py), which is proportionate to the skill's purpose.
Persistence & Privilege
The skill is not force-installed (always:false) and does not request persistent or cross-skill privileges. As an instruction-only skill it will not modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install drf
  3. After installation, invoke the skill by name or use /drf
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Django REST Framework (DRF) skill with modern scaffolding practices. - Detailed guidelines for setting up and configuring DRF projects. - Covers serializers, viewsets, routing, authentication, permissions, pagination, filtering, and performance best practices. - Includes sections about common pitfalls and how to avoid them. - Provides practical examples and command snippets for each stage. - Emphasizes security and query optimization for production-ready APIs.
Metadata
Slug drf
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Django REST Framework?

Generate and manage Django REST APIs using DRF with best practices for serializers, viewsets, routing, authentication, optimization, and testing. It is an AI Agent Skill for Claude Code / OpenClaw, with 813 downloads so far.

How do I install Django REST Framework?

Run "/install drf" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Django REST Framework free?

Yes, Django REST Framework is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Django REST Framework support?

Django REST Framework is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Django REST Framework?

It is built and maintained by pradeepcep (@pradeepcep); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments