Reputation: 116
Building an API with/without OAuth and OpenID
I need to develop an API to be the core of a web APP. My initial idea was making a REST API that would treat all the request and then create some clients for web, mobile and desktop.
My question is, How should I manage the authentication for this situation? I thought about using a token that would be passed with all requests to the REST API. Im my case, I would not like to have something like OAuth because the ecosystem will not have multiple apps like Facebook/Twitter does. NOTE: I must have the API separated from the client for web.
In more details, I would request POST /users/auth passing their password and username, and receive an auth token.
Is it a good approach or there is something better?
Upvotes: 1
Views: 399
Answers (2)
Reputation: 2008
Agree that Devise is great for the auth in the application. For the API level, 3scale could help a lot (http://www.3scale.net) - it takes care of rate limits, keys, oauth secret distribution, analytics, developer portal and other stuff. There's a ruby plugin to get started here: https://github.com/3scale/3scale_ws_api_for_ruby.
Upvotes: 3
Related Questions
- ruby on Rails Rest Api + oAuth
- Implement Oauth2 together with own app
- Rails custom consumer oauth strategy
- Ruby on Rails Client API Implementation
- Ruby on Rails API Security
- Secure my rails API
- How to authenticate Oauth with REST implementations
- Implementing oauth in a Rails app: one user model or two (user + authentication)?
- Rails, oauth vs oauth2
- Using OAuth as Rails webapp API authentication?