Token Authentication for RESTful API: should the token be periodically changed?

Question

I\'m building a RESTful API with Django and django-rest-framework.

As authentication mechanism we have chosen \"Token Authentication\" and I have already implemented

Answer 1

You can leverage http://getblimp.github.io/django-rest-framework-jwt

This library is able generate token that has an expiration date

To understand the difference between DRF default token and the token provide by the DRF take a look at:

How to make Django REST JWT Authentication scale with mulitple webservers?