17

I'd like to work with rails-api gem special to create API-only application. To provide authentication mechanism I want to use built-in authenticate_or_request_with_http_token method described in Railscasts #352, but this method in missing here.

Does anybody have an experience with on rails-api gem?

P.S. I can see this approach, but is this production-ready?

T.J. Schuck
  • 3,645
  • 2
  • 19
  • 20
Anatoly
  • 15,298
  • 5
  • 53
  • 77

2 Answers2

49

I am in the process of developing a service using the rails-api. We haven't deployed yet, but are nearing that time, and haven't had any issues in testing. You need to include any non-essential modules which you want to use, as rails-api is trimmed right down. I am using authenticate_or_request_with_http_token in ApplicationController like so:

include ActionController::HttpAuthentication::Token::ControllerMethods

def authenticate
  authenticate_or_request_with_http_token do |token, options|
    apiKey = ApiKey.where(auth_token: token).first
    @current_user = apiKey.user if apiKey
  end
end

If you just want the token, there is a handy method token_and_options:

include ActionController::HttpAuthentication::Token

def current_user
  api_key = ApiKey.where(auth_token: token_and_options(request)).first
  User.find(api_key.user_id) if api_key
end
Jon Rutherford
  • 679
  • 5
  • 3
  • so from your perspective, **rails-api** covers everything you need to build an API? – Anatoly Jul 03 '12 at 04:16
  • The only thing I needed & which it didn't have was the HttpAuthentication module, which was very easy to include. So yes, it has pretty much everything. – Jon Rutherford Jul 06 '12 at 06:21
  • what about caching strategies? does it support everything you need? – Anatoly Jul 06 '12 at 06:23
  • I can't help you there sorry. Our release #1 is for a small number of internal users. Optimization will come with time. I was looking at [Cached Model](https://github.com/seattlerb/cached_model) for simple single row queries, but haven't put it into practice yet. – Jon Rutherford Jul 06 '12 at 06:56
  • Is there any way to get the authenticated user in the action? – Throoze Jul 06 '16 at 13:20
2

From the README:

Basic, Digest and Token Authentication: Rails comes with out-of-the-box support for three kinds of HTTP authentication.

So, yes, this is production ready (it's still Rails after all). The example you linked to is the way to go (the trick is to include only what you need from Action Pack).

Oscar Del Ben
  • 4,485
  • 1
  • 27
  • 41
  • you say it's production ready based on documentation, do you have an experience to use it in production? – Anatoly Jun 28 '12 at 03:29
  • It's Rails, Rails is production ready. You're just including single modules instead of loading the whole thing. – Oscar Del Ben Jun 28 '12 at 14:55
  • you missed the point, I have good experience with Rails and decided to use Rails itself to build an API. **Rails-api** is immature skeleton yet (we should dig into Rails and choose appropriate modules), but I'm looking forward to use it later – Anatoly Jun 29 '12 at 04:51
  • FWIW we've been using it in production for some time and it's been excellent. – pwightman Jun 03 '13 at 15:33