django-rest-framework/docs/api-guide/requests.md

<a class="github" href="request.py"></a>

# Requests

> If you're doing REST-based web service stuff ... you should ignore request.POST.
>
> &mdash; Malcom Tredinnick, [Django developers group][cite]

REST framework's `Request` class extends the standard `HttpRequest`, adding support for parsing multiple content types, allowing browser-based `PUT`, `DELETE` and other methods, and adding flexible per-request authentication.

## .method

`request.method` returns the uppercased string representation of the request's HTTP method.

Browser-based `PUT`, `DELETE` and other requests are supported, and can be made by using a hidden form field named `_method` in a regular `POST` form.


## .content_type

`request.content`, returns a string object representing the mimetype of the HTTP request's body, if one exists.


## .DATA

`request.DATA` returns the parsed content of the request body.  This is similar to the standard `HttpRequest.POST` attribute except that:

1. It supports parsing the content of HTTP methods other than `POST`, meaning that you can access the content of `PUT` and `PATCH` requests.
2. It supports parsing multiple content types, rather than just form data.  For example you can handle incoming json data in the same way that you handle incoming form data.

## .FILES

`request.FILES` returns any uploaded files that may be present in the content of the request body.  This is the same as the standard `HttpRequest` behavior, except that the same flexible request parsing that is used for `request.DATA`.

This allows you to support file uploads from multiple content-types.  For example you can write a parser that supports `POST`ing the raw content of a file, instead of using form-encoded file uploads.

## .user

`request.user` returns a `django.contrib.auth.models.User` instance. 

## .auth

`request.auth` returns any additional authentication context that may not be contained in `request.user`.  The exact behavior of `request.auth` depends on what authentication has been set in `request.authentication`.  For many types of authentication this will simply be `None`, but it may also be an object representing a permission scope, an expiry time, or any other information that might be contained in a token-based authentication scheme.

## .parsers

`request.parsers` should be set to a list of `Parser` instances that can be used to parse the content of the request body.

`request.parsers` may no longer be altered once `request.DATA`, `request.FILES` or `request.POST` have been accessed.

If you're using the `rest_framework.views.View` class... **[TODO]**

## .stream

`request.stream` returns a stream representing the content of the request body.

You will not typically need to access `request.stream`, unless you're writing a `Parser` class.

## .authentication

`request.authentication` should be set to a list of `Authentication` instances that can be used to authenticate the request.

`request.authentication` may no longer be altered once `request.user` or `request.auth` have been accessed.

If you're using the `rest_framework.views.View` class... **[TODO]**

[cite]: https://groups.google.com/d/topic/django-developers/dxI4qVzrBY4/discussion
Links to source files in docs 2012-09-09 01:06:13 +04:00			`<a class="github" href="request.py"></a>`

REST framework 2 docs 2012-09-01 23:26:27 +04:00			`# Requests`
New docs 2012-08-29 23:57:37 +04:00
			`> If you're doing REST-based web service stuff ... you should ignore request.POST.`
			`>`
Fix @api_view decorator tests 2012-09-27 00:47:19 +04:00			`> — Malcom Tredinnick, [Django developers group][cite]`
New docs 2012-08-29 23:57:37 +04:00
REST framework 2 docs 2012-09-01 23:26:27 +04:00			REST framework's `Request` class extends the standard `HttpRequest`, adding support for parsing multiple content types, allowing browser-based `PUT`, `DELETE` and other methods, and adding flexible per-request authentication.
New docs 2012-08-29 23:57:37 +04:00
REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .method`
New docs 2012-08-29 23:57:37 +04:00
			`request.method` returns the uppercased string representation of the request's HTTP method.

			Browser-based `PUT`, `DELETE` and other requests are supported, and can be made by using a hidden form field named `_method` in a regular `POST` form.



REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .content_type`
New docs 2012-08-29 23:57:37 +04:00
			`request.content`, returns a string object representing the mimetype of the HTTP request's body, if one exists.



REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .DATA`
New docs 2012-08-29 23:57:37 +04:00
			`request.DATA` returns the parsed content of the request body. This is similar to the standard `HttpRequest.POST` attribute except that:

			1. It supports parsing the content of HTTP methods other than `POST`, meaning that you can access the content of `PUT` and `PATCH` requests.
			`2. It supports parsing multiple content types, rather than just form data. For example you can handle incoming json data in the same way that you handle incoming form data.`

REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .FILES`
New docs 2012-08-29 23:57:37 +04:00
			`request.FILES` returns any uploaded files that may be present in the content of the request body. This is the same as the standard `HttpRequest` behavior, except that the same flexible request parsing that is used for `request.DATA`.

			This allows you to support file uploads from multiple content-types. For example you can write a parser that supports `POST`ing the raw content of a file, instead of using form-encoded file uploads.

REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .user`
New docs 2012-08-29 23:57:37 +04:00
			`request.user` returns a `django.contrib.auth.models.User` instance.

REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .auth`
New docs 2012-08-29 23:57:37 +04:00
			`request.auth` returns any additional authentication context that may not be contained in `request.user`. The exact behavior of `request.auth` depends on what authentication has been set in `request.authentication`. For many types of authentication this will simply be `None`, but it may also be an object representing a permission scope, an expiry time, or any other information that might be contained in a token-based authentication scheme.

REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .parsers`
New docs 2012-08-29 23:57:37 +04:00
			`request.parsers` should be set to a list of `Parser` instances that can be used to parse the content of the request body.

			`request.parsers` may no longer be altered once `request.DATA`, `request.FILES` or `request.POST` have been accessed.

Change package name: djangorestframework -> rest_framework 2012-09-20 16:06:27 +04:00			If you're using the `rest_framework.views.View` class... [TODO]
New docs 2012-08-29 23:57:37 +04:00
REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .stream`
New docs 2012-08-29 23:57:37 +04:00
			`request.stream` returns a stream representing the content of the request body.

			You will not typically need to access `request.stream`, unless you're writing a `Parser` class.

REST framework 2 docs 2012-09-01 23:26:27 +04:00			`## .authentication`
New docs 2012-08-29 23:57:37 +04:00
			`request.authentication` should be set to a list of `Authentication` instances that can be used to authenticate the request.

			`request.authentication` may no longer be altered once `request.user` or `request.auth` have been accessed.

Change package name: djangorestframework -> rest_framework 2012-09-20 16:06:27 +04:00			If you're using the `rest_framework.views.View` class... [TODO]
New docs 2012-08-29 23:57:37 +04:00
Change package name: djangorestframework -> rest_framework 2012-09-20 16:06:27 +04:00			`[cite]: https://groups.google.com/d/topic/django-developers/dxI4qVzrBY4/discussion`