Reputation: 1458
Rails Api Authentication vs User Authentication
I am using rails 4 and developing my first API. The API will be used solely for our android and ios apps to communicate with the rails app / database.
I am struggling to see the difference between API authentication and user authentication when it comes to an API. It seems people use these terms interchangeably.
I want my api to be secure, meaning only the apps can submit http requests, but I also want users to be able to log in. And when I say users, I mean app users... not outside clients who are accessing our api (we don't want this at all).
Would love if someone could clear this up for me. I may just not be thinking about it in the right way, therefore confusing myself.
So to break it down, these are the two things I need to be able to do:
- secure the api of course... making it so only the mobile apps can access it
- users are able to log in and access their profile, resources that
belongs_toto them, etc. When users aren't logged in, they still need to be able to see the index and other pages that don't require a logged in user.
thx!
Upvotes: 1
Views: 72
Answers (1)
Reputation: 796
Have you heard of JWT? It's a good option to hadle users with the app and rails api separated.
Gem for jwt in rails: https://github.com/nsarno/knock
Upvotes: 1
Related Questions
- Getting error: Peer authentication failed for user "postgres", when trying to get pgsql working with rails
- REST API Authentication
- Git push results in "Authentication Failed"
- Understanding the Rails Authenticity Token
- JWT (JSON Web Token) automatic prolongation of expiration
- How to use concerns in Rails 4
- How can I rename a database column in a Ruby on Rails migration?
- SPA best practices for authentication and session management
- RESTful Authentication