Update
A small update: Devess no longer has authentication_token , as its implementation is considered too uncertain. A good alternative is Brian Auton's suggestion .
A summary of his method is that it generates authentication_and_and_and_and_and_sec in a separate model. Then you perform authentication, sending both your key and secret, if a match is found, you are temporarily logged in as a user.
In your application controller, it looks like this:
class ApplicationController < ActionController::Base before_filter :authenticate_from_token protected def authenticate_from_token if current_token.try :authenticatable sign_in token.authenticatable, store: false end end def current_token AuthenticationToken.find_authenticated({ secret: (params[:secret] || request.headers[:secret]), secret_id: (params[:secret_id] || request.headers[:secret_id]), }) end end
authenticatable token in this case is a user model or any other thing that has been authenticated (tokens are polymorphic). As you can see, it can easily be made to work with Devise.
I really like this method and it implemented it in a recent API. Read it on your website.
Old answer
Deprecated answer saved for links to older versions of Devise: Devise has an authentication_token column that I can use to authenticate the user. I could have a login API method, which I will also send by username + password, and then return it and save it to sign all my other calls locally. This is mainly a cookie system, but one of them is directly supported by Devise.
In addition to this, I could generate a token either on every call, or on every session.