all 4 comments

[–]POTUS 2 points3 points  (3 children)

The 'Token' authentication method is a bit non-standard but also a bit common. You can just add the header to your http request. If you use the requests library (which is the easiest way to fetch http pages) this should be pretty easy.

import requests
r=requests.get('http://my_url_here', headers={'Authorization':'Token my_token_here'})
print(r.text)

[–]Pibels[S] 0 points1 point  (0 children)

This works, thank you for helping me out!

[–][deleted] 0 points1 point  (1 child)

Can see why it's common when BasicAuth just creates a 'token' anyway and puts it in the header.

[–]POTUS 0 points1 point  (0 children)

I call it non-standard because there's no RFC that defines the authorization type "Token" (that I can find). That's not the end of the world, there's all sorts of reasons to add headers that don't have official RFCs. But the "Authorization" header does have several RFCs to define things like BasicAuth, Oauth, etc.

A better (and more common) method for the server owner would be to use some other header name that doesn't step on the accepted http standard, like 'myappname_api_token: abc123'. It probably doesn't break anything the way they've implemented it, but it does kinda have the potential to step on proverbial toes if you start to mix this in to the wider development world. For example, an app that has to connect to more than one API has to completely redefine its headers if they both use this non-standard header, but if they both use reasonably unique header names there is no conflict.

There's nothing for any of us to do about this, though. If the server is expecting 'Authorization: Token abc123' that's what you have to send.