Default authentication classes may not be suitable
Currently the boilerplate defaults to using rest framework's SessionAuthentication
and a sub-class of TokenAuthentication
for the default authentication classes for all endpoints. This may not be a suitable approach, especially as our core strategy is to deploy behind the API gateway and alongside the gateway emulator for local development, these default settings prevent any requests being made to the API in local development.