All geek questions in one place

Authentication API Access - Best Practices?

I use Devise in a Rails application and want to show some model data through the API, but access to the API should be limited only as an application.

$ curl http://myapp.com/api/v1/sales/7.json {"error":"You need to sign in or sign up before continuing."}

Obviously.

Is there a best practice for accessing the API in such situations? I would prefer to authenticate + capture data in one step, but this is just to make working with the client easier. They will pull the client part of the data using jQuery.

Thanks for any info!

  • Vanessa
+6
source share
2 answers

I recommend that you follow up on Option 2: Using the API Key in the next article to implement API authentication in Rails.

It is lightweight and just requires passing the api_key parameter with every request.

+1
source

My suggestion will be to generate an “API key” (hash value) and pass this using a json request. This way you can authenticate and track the use of the API. Many APIs use “keys” to track and authenticate use. Google Maps, for example, uses only the API key. Where PayPal uses a username, password and key. There are several ways to do this.

I would try to create a one-to-many table that belongs to the user, only for keys. Thus, the user can create more than one hash key for different purposes. (One for reports, one for backups, one for fantastic pie charts that are automatically retrieved from Powerpoint).

0
source

Source: https://habr.com/ru/post/908851/

More articles:


All Articles