A fully authenticated REST API built using Django REST Framework for managing streaming platforms, artists, multimedia content, and user-submitted reviews.
This backend project supports token-based authentication, secure review submissions, and admin-level control over platform data β all wrapped in clean, filterable, and paginated endpoints.
Base URL: https://content-review.onrender.com
π All endpoints require a valid token, including
GETrequests.
- π Token-based user registration and login
- π₯ CRUD for streaming content, artists, and platforms
- βοΈ One-review-per-user restriction per content
- π Filtering and search on most endpoints
- π Human-readable response fields (e.g., names instead of IDs)
- π¦ View-specific throttling and per-action limits
- π Multiple pagination strategies supported
- βοΈ SQLite + WhiteNoise + Render deployment-ready setup
# Clone the repository
git clone https://github.com/bitsbuild/ContentReviewBackend.git
cd ContentReviewBackend
# Create virtual environment
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Apply migrations and run the dev server
python manage.py migrate
python manage.py runserverThis project uses Token Authentication via Django REST Framework.
π All API requests must include the token in the header β even for GET.
- After registration or login, copy the token
- In Postman, go to the Headers tab
- Add:
Key: Authorization
Value: Token <your_token_here>
β Example:
Authorization: Token 9a14abf7d93a4112345abc...
Base paths:
/api/β content, reviews, artists, platforms/user/β register, login, delete
POST /user/create/
{
"username": "johndoe",
"email": "john@example.com",
"password": "securepassword",
"confirm_password": "securepassword"
}Returns:
{
"status": "Account Created Successfully",
"token": "<your_token_here>"
}POST /user/token/
{
"username": "johndoe",
"password": "securepassword"
}Returns:
{
"token": "<your_token_here>"
}POST /user/delete/
π Requires Token Auth
Deletes the currently authenticated user.
As Per Latest Update Rating Based On Average Numeric Rating Of All Reviews For The Particular Piece Will Also Be Up For Display In "content_rating" Field For Content Endpoints In GET Method.
GET /api/contents/
π Requires Token Auth
Supports:
-
Filtering:
?artists=<id>&content_platform=<id>&content_released=true -
Search:
?search=platform_nameor?search=artist_name -
Pagination options:
- Page-based:
?p=2or?page=2,?size=5 - Limit-offset:
?limit=5&start=10 - Cursor-based:
?autopage=<cursor_string>
- Page-based:
{
"content_name": "Inception",
"content_platform": "Netflix",
"artists": ["Hans Zimmer", "Leonardo DiCaprio"],
"reviews": [...]
}π All related fields are shown as names instead of raw IDs.
POST /api/contents/
π Admin Only (is_staff=True)
{
"content_name": "Inception",
"content_description": "Sci-fi thriller",
"content_released": true,
"content_platform": "<platform_id>",
"artists": ["<artist_id_1>", "<artist_id_2>"]
}GET /api/artists/
π Requires Token Auth
π Write Access: Admin Only
Supports:
- Search:
?search=zimmer
{
"artist_name": "Hans Zimmer",
"artist_about": "Film Composer"
}GET /api/platforms/
π Requires Token Auth
π Write Access: Admin Only
Supports:
- Search:
?search=netflix
{
"platform_name": "Netflix",
"platform_url": "https://netflix.com"
}GET /api/reviews/
π Requires Token Auth
Supports:
- Filtering:
?review_movie=<id>&review_stars=5 - Search:
?search=Inception
π Review response shows
review_userandreview_movieas names.
POST /api/reviews/
π Requires Token Auth
{
"review_name": "Masterpiece!",
"review_body": "Brilliant visuals and music",
"review_stars": 5,
"review_movie": "<content_id>"
}π Each user can post only one review per content (enforced via DB constraint). π Only the creator can update/delete their review.
| Endpoint | Filters | Search Fields |
|---|---|---|
/api/contents/ |
artists, content_platform, content_released |
artists__artist_name, content_platform__platform_name |
/api/artists/ |
β | artist_name, artist_about |
/api/platforms/ |
β | platform_name, platform_about, platform_url |
/api/reviews/ |
review_movie, review_stars, review_user |
review_movie__content_name |
| Type | Example URL Params | Notes |
|---|---|---|
| Page Number | ?page=2 or ?p=2, ?size=5 |
Default strategy. Supports p= alias |
| Limit-Offset | ?limit=5&start=10 |
Offset-based pagination |
| Cursor-Based | ?autopage=<cursor> |
Uses content_created for ordering |
Max page size: 30 items Invalid page requests return a clear error message.
Throttle behavior is enforced globally and per-view:
| Scope | Rate |
|---|---|
Anonymous (anon) |
30 requests/min |
Authenticated (user) |
60 requests/min |
| Content Views | 60 requests/min |
| Platform Views | 60 requests/min |
| Artist Views | 60 requests/min |
| Review (list) | 60 requests/min |
| Review (write) | 10 requests/hour |
These settings are managed using custom throttle classes and scoped via settings.
| Resource | Read Access | Write Access |
|---|---|---|
| Users (create/token/delete) | Open (with throttle) | π Delete: Token Required |
| Content / Platform / Artist | π Auth Required | π Admin Only (is_staff=True) |
| Reviews | π Auth Required | π Only creator can edit/delete |
β Permissions are enforced at both view and object level using DRF permissions. β No anonymous access is permitted β not even for viewing data.
- Python 3.10
- Django 5.x
- Django REST Framework
- SQLite (used in both development and deployment)
- WhiteNoise (for static file handling)
- Render.com (deployment)
- Postman (for API testing)
This project is released under the MIT License.