Django REST Framework patterns. Trigger: When implementing generic DRF APIs (ViewSets, serializers, routers, permissions, filtersets). For Prowler API specifics (RLS/RBAC/Providers), also use prowler-api.
View on GitHubFebruary 2, 2026
Select agents to install to:
npx add-skill https://github.com/prowler-cloud/prowler/blob/b1f99716171856bf787a7695a588ffad6bf8d596/skills/django-drf/SKILL.md -a claude-code --skill django-drfInstallation paths:
.claude/skills/django-drf/## Critical Patterns - ALWAYS separate serializers by operation: Read / Create / Update / Include - ALWAYS use `filterset_class` for complex filtering (not `filterset_fields`) - ALWAYS validate unknown fields in write serializers (inherit `BaseWriteSerializer`) - ALWAYS use `select_related`/`prefetch_related` in `get_queryset()` to avoid N+1 - ALWAYS handle `swagger_fake_view` in `get_queryset()` for schema generation - ALWAYS use `@extend_schema_field` for OpenAPI docs on `SerializerMethodField` - NEVER put business logic in serializers - use services/utils - NEVER use auto-increment PKs - use UUIDv4 or UUIDv7 - NEVER use trailing slashes in URLs (`trailing_slash=False`) > **Note:** `swagger_fake_view` is specific to **drf-spectacular** for OpenAPI schema generation. --- ## Implementation Checklist When implementing a new endpoint, review these patterns in order: | # | Pattern | Reference | Key Points | |---|---------|-----------|------------| | 1 | **Models** | `api/models.py` | UUID PK, `inserted_at`/`updated_at`, `JSONAPIMeta.resource_name` | | 2 | **ViewSets** | `api/base_views.py`, `api/v1/views.py` | Inherit `BaseRLSViewSet`, `get_queryset()` with N+1 prevention | | 3 | **Serializers** | `api/v1/serializers.py` | Separate Read/Create/Update/Include, inherit `BaseWriteSerializer` | | 4 | **Filters** | `api/filters.py` | Use `filterset_class`, inherit base filter classes | | 5 | **Permissions** | `api/base_views.py` | `required_permissions`, `set_required_permissions()` | | 6 | **Pagination** | `api/pagination.py` | Custom pagination class if needed | | 7 | **URL Routing** | `api/v1/urls.py` | `trailing_slash=False`, kebab-case paths | | 8 | **OpenAPI Schema** | `api/v1/views.py` | `@extend_schema_view` with drf-spectacular | | 9 | **Tests** | `api/tests/test_views.py` | JSON:API content type, fixture patterns | > **Full file paths**: See [references/file-locations.md](references/file-locations.md) --- ## Decision Trees ### Which Serializer? ``` GET l