...You should only expose your API endpoints over SSL/TLS to protect against content tampering and certain kinds of replay attacks. You can easily test if the endpoint is working by doing the following in your terminal, if you had a user created with the username admin and password password123. Alternatively, you can use all the content types supported by the Django REST framework to obtain the auth token.