1

I am using rails 4 and developing my first API. The API will be used solely for our android and ios apps to communicate with the rails app / database.

I am struggling to see the difference between API authentication and user authentication when it comes to an API. It seems people use these terms interchangeably.

I want my api to be secure, meaning only the apps can submit http requests, but I also want users to be able to log in. And when I say users, I mean app users... not outside clients who are accessing our api (we don't want this at all).

Would love if someone could clear this up for me. I may just not be thinking about it in the right way, therefore confusing myself.

So to break it down, these are the two things I need to be able to do:

  1. secure the api of course... making it so only the mobile apps can access it
  2. users are able to log in and access their profile, resources that belongs_to to them, etc. When users aren't logged in, they still need to be able to see the index and other pages that don't require a logged in user.

thx!

Improve this question

1 Answer 1

Reset to default
1

Have you heard of JWT? It's a good option to hadle users with the app and rails api separated.

Gem for jwt in rails: https://github.com/nsarno/knock

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.