I am just about to start building a web and Cordova based mobile app that will use Django / Tastypie as API server.
The app will not be served by Django, it will be served from independent server/ domain with Django being there just to provide API.
Tastypie has options for API key, basic HTTP authentication, session based authentication. I am trying to decide which approach to take. Any opinions out there? The app will provide unauthenticated login / signup but the rest will be behind a login.
I have built web apps based on Angular before that are served from Django and so with them I was able to get a CSRF token for posting data. But this app will be a hybrid mobile app (Cordova based) and also a web app served from some domain or other. How best to handle CSRF given that I will not be able to get a CSRF token to add to Ajax requests?
I have looked for how other services such as Parse.io solve this but have not found anything that helps.
Thanks
Rich