I needed to make a secure way to authenticate API requests for native
apps without timing out or sending a new CSRF token every time a new
view is loaded with a form. I created the following method to
authenticate and started documenting it.
It uses devise for user authentication with a token posted in the header
and for CSRF in non get requests it uses a date/salt/token hash.
I would like people to contribute and help improve and make this a
better gem! More info is in the link.