API + tokens?

Hi all,

This is almost certainly a noob question, but I’ve hit a wall
developing my rails3 app.

I am looking to integrate various sections with a legacy system based
on PHP. I had envisaged this being fairly straight forward, using curl
to send POST requests for example. The issue / dilema I have is that
all requests are met with an InvalidAuthenticityToken error. I don’t
want to lose this security feature, but am not sure how to proceed in
terms of providing a secure API for the integration.

Is it possible to send a set token along with all requests, or am I
missing something here?

Any pointers would be much appreciated!

Cheers,

Paul T.

Which direction are you curling in? From PHP to Rails, or vice-versa?

Walter

From PHP to rails currently, I will need to work in both directions
however going forward but could possibly just use MySQL queries from
Rails to the PHP app if required

Thanks,

Paul

paulo wrote:

Hi all,

This is almost certainly a noob question, but I’ve hit a wall
developing my rails3 app.

I am looking to integrate various sections with a legacy system based
on PHP. I had envisaged this being fairly straight forward, using curl
to send POST requests for example. The issue / dilema I have is that
all requests are met with an InvalidAuthenticityToken error. I don’t
want to lose this security feature, but am not sure how to proceed in
terms of providing a secure API for the integration.

For API calls, you probably don’t want the authenticity token. That’s
only for Rails-generated forms, as a measure of protection against
spoofed requests. It’s meaningless for APIs. If you want a secure API,
you’ll better off using OAuth or HTTP-Basic authentication, not the
Rails authenticity token.

A quick Google search turned up
http://www.patricktulskie.com/2010/04/skip-rails-authenticitytoken-check-sometimes/
for turning off the token check sometimes.

Is it possible to send a set token along with all requests,

I don’t believe so.

or am I
missing something here?

Any pointers would be much appreciated!

Cheers,

Paul T.

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

Right, will start looking in that direction then, thanks for that
Marnen

Paul

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs