For any method that needs to be POSTed to, you have to turn off the
authenticity token check for that action, or that entire controller.
This is as simple as:
Maintaining a session is usually done manually, where you have a /login
that returns a login token, then every subsequent API request has to
include that token or the request is dropped. It’s up to the application
to keep track of who is logged in and which tokens are valid.
If you want to use a real Rails session, then whatever you use to
communicate needs to know how to work with cookies. There are plenty of
HTTP client libraries out there, you’ll need to find the one that works
w/ what you need.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.