Enabling HashIds

Serializer extensions also provides support for HashIds. Publicly exposing database IDs to your end users is often not a good idea, as it both reveals the number of entries (e.g. customers, orders etc.) in your database, and makes misuse of vulnerable endpoints a lot easier when a sequential key is used (e.g. /customers/1/). HashIds aim to solve both issues.

To enable HashIds, add the following to your REST_FRAMEWORK settings:

# settings.py

# my_app/__init__.py
import hashids
HASH_IDS = hashids.Hashids(salt='MYSALT')

Expanded ID fields will now use HashIds:

# serializers.py
class OwnerSerializer(SerializerExtensionsMixin, ModelSerializer):
    class Meta:
        model = models.Owner
        fields = ('name',)
        expandable_fields = dict(
>>> GET /owners/xFj/
  "name": "Tyrell",
  "organization_id": "4Vd"

Django Generic Class-Based Views

The ExternalIdViewMixin is provided to simplify retrieving objects when using Rest Framework's generic views.

Simply modify your views to apply the mixin:

# views.py
from rest_framework.generics import RetrieveAPIView

from rest_framework_serializer_extensions.views import (
    ExternalIdViewMixin, SerializerExtensionsAPIViewMixin)

from app import models, serializers

class OwnerAPIView(
    ExternalIdViewMixin, SerializerExtensionsAPIViewMixin, RetrieveAPIView
    Automatically translates an external ID (HashId) to retrieve the Owner
    queryset = models.Owner.objects.all()
    serializer_class = serializers.OwnerTestSerializer

And use external IDs within your urls:

# urls.py (Django 1 style)
from django.conf.urls import url

from app import views

urlpatterns = [


You can serialize HashIds as and when required using the HashIdField:

from rest_framework.serializers import ModelSerializer
from rest_framework_serializer_extensions.fields import HashIdField

from app import models

class OwnerSerializer(ModelSerializer):
    id = HashIdField(model=models.Owner)

    class Meta:
        model = models.Owner
        fields = ('id', 'name')

The model argument is used in combination with the source to generate the HashId. The field will automatically handle serializing/deserializing external HashIds to internal numeric IDs.

Additional fields

Also provided are the HashIdHyperlinkedIdentityField and HashIdHyperlinkedRelatedField fields. As above, these require a model argument.