Simple twitter like app, trying to understand permissions and authentication. So i have 3 views for now, all posts views, specific person's posts, and a create post view. Looks like this:

@api_view(['GET'])
@permission_classes((IsAuthenticated,))
def posts(request):
    posts = Post.objects.order_by("-created")
    serializer = PostSerializer(posts, many=True)
    return Response(serializer.data)

@api_view(['GET'])
@permission_classes((IsAuthenticated,))
def profile(request, name):
    posts = Post.objects.filter(user__username=name)
    serializer = PostSerializer(posts, many=True)
    return Response(serializer.data)

@api_view(['POST'])
@permission_classes((IsAuthenticated,))
def post_create(request):
    data = request.data
    print(request.user)
    serializer = PostSerializer(data=data)
    if serializer.is_valid():
        serializer.save(user=request.user)
        return Response(serializer.data, status=status.HTTP_201_CREATED)
    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

Relevant settings:

INSTALLED_APPS = [
   
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.sites',

    'rest_framework',
    'rest_framework.authtoken',
    'rest_auth',
    'rest_auth.registration',
    
    'allauth',
    'allauth.account',
    

    'network', # my app
]


REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
}

I'm using rest-auth and allauth currently for logging in and registration, their URLs are working fine i think and I can register users and login and get my tokens. However, whenever i go to one of the URLs, it just says

{
    "detail": "Authentication credentials were not provided."
}

Even though I LITERALLY just logged in using the rest-auth URL and/or admin.

I think I have a slight idea on whats going on after hours of searching, I need to somehow pass in my token whenever I go to one of the URLs? I have no clue how to do something like that in my views while developing the API. When I start incorporating Reactjs, i can store the token in localstorage and so pass it in the header but is there any way to do it with nothing in the frontend?

I really need the credentials obviously cuz then i'd have access to request.user and i need the user object so i can add it when creating the post serializer.save(user=request.user)