Some time has passed since this question was asked, and there are many great resources that have been created since I summarize and link below.
Adding an OAuth 2 Provider Feature
The Warcraft driver allows you to implement the functionality of the OAuth provider and is well documented and in good condition. It integrates well with Devise , and there are sample applications to learn from.
On the client side (for integration testing, or if you want to provide the Ruby client for external developers), you can use OmniAuth , and Doorkeeper docs guide you through the process of creating a custom strategy .
You may not need OAuth?
Depending on what type of API you are building, you may find that OAuth is redundant. OAuth is useful in cases where you are a content provider, and the developer is a third party who wants to access information on behalf of the user, but without the need to know their password.
If your use case is simpler (for example, you can provide a secret token and key directly to the API user), then generating and checking access tokens may be enough. In this case, you create a key (using SecureRandom.urlsafe_base64 , or has_secure_token if you are on Rails 5) and save it. The API user provides this token for each authentication request, and you can regenerate the token if the original has ever been compromised.
More information about this here and here .