What is the best way to restrict use of the xml format by using an API
key?
I’m guessing you would want to add a before_filter to your controllers
and check the request parameters to validate the API key. Or possibly
even combine that with your user authentication system so that you
could validate the API key once for the session (assuming the services
have state).
Robert,
I’ve seen many APIs that require the API key in the HTTP header
itself, as opposed to a request param. How would I parse this out in a
before_filter?
If I have a client to a service that requires the same, how do I set
the API key in the HTTP header of the request?
Thanks,
Mark
The controller has a headers hash you can use.
On 17 Jul 2008, at 20:10, Mark A. Richman wrote:
I’ve seen many APIs that require the API key in the HTTP header
itself, as opposed to a request param. How would I parse this out in a
before_filter?
headers[‘api_key’]
If I have a client to a service that requires the same, how do I set
the API key in the HTTP header of the request?
headers[‘api_key’] = ‘put ur key here’
Best regards
Peter De Berdt