Rails API Authentication
(1) No Authentication
class NoAuthenticationController < ApplicationController
include ActionController::MimeResponds
def my_api
respond_to do |f|
f.json {
render json: { data: 'value' }.to_json, status: :ok
}
f.xml {
render xml: { data: 'value' }.to_xml, status: :ok
}
end
end
end(2) Basic Authentication
class BasicAuthenticationController < NoAuthenticationController include ActionController::HttpAuthentication::Basic::ControllerMethods http_basic_authenticate_with name: 'username', password: 'password' end
On the client side, you need to send this header:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
(3) Token Authentication
class TokenAuthenticationController < NoAuthenticationController
include ActionController::HttpAuthentication::Token::ControllerMethods
before_action :authenticate, except: %i[authentication_api]
# API to get token
def authentication_api
# Check username and password. Then issue a token.
render json: { token: { value: '1234567890', expires: 2.hours.from_now.to_i } }.to_json, status: :ok
end
def authenticate
authenticate_token || render_unauthorized
end
def authenticate_token
authenticate_or_request_with_http_token do |token, _options|
token == '1234567890' # Check the token
end
end
def render_unauthorized
headers['WWW-Authenticate'] = 'Token realm="Application"'
head :unauthorized
end
endOn the client side, you need to call the authentication api to get the token, then supply the token in the header:
Authorization: Token token=1234567890
(4) API Key Authentication
class ApiKeyAuthenticationController < NoAuthenticationController
before_action :authenticate
# api_key is supplied via query param
def authenticate
authenticate_token || render_unauthorized
end
def authenticate_token
params.key?(:api_key) && params[:api_key] == '1823976172839823'
end
def render_unauthorized
head :unauthorized
end
endOn the client side, when you make a request, supply the api key in query param.
?api_key=1823976172839823
AI Summary
Chrome On-device AI
2025-11-08 07:02:00
Share this Post