Im building a simple REST API with ruby on rails that allows users to easily create an account. Recently I have tried to secure the API with an API token. I have been testing my API with the Advanced Rest Client that is found on the Google chrome web store. As far as I know it has worked as when I try to access the calls I get a message from my REST client test application that looks like this:
The problem comes when I try to authenticate successfully with the Advanced Rest Client. Here is the controller code that I use to create the token and check to see if the user authenticated:
class Api::UserController < ApplicationController
skip_before_filter :verify_authenticity_token
TOKEN = "secret"
before_action :authenticate
def index
@users = User.all
respond_to do |format|
format.json { render json: @users }
end
end
def create
@user = User.new()
@user.first_name = params[:first_name]
@user.last_name = params[:last_name]
@user.email = params[:email]
@user.password = params[:password]
respond_to do |format|
if @user.save
@response = {:status => "201", :message => "User successfully created."}
format.json { render json: @response, status: :created }
else
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
# private methods in the UserController class
private
def authenticate
authenticate_or_request_with_http_token do |token, options|
token == TOKEN
end
end
end
It's fairly simple and seems to be doing its job as I haven't been able to authenticate with the Advanced Rest Client. I have tried to set an API token in the HTTP headers but can't seem to get the syntax correct. Here are a few examples of what I have tried:
and,
and finally,
What am I doing wrong? Is the API token not stored in a HTTP header? Please help!
