Hello there,
I run a website that is written in Rails that uses the standard
authentication mechanisms, where you provide your user and password and
that gets challenged against an encrypted value.
Now I am about to expose some of the features via API, and I am thinking
about running a separate API server that would be a Sinatra app.
However, sending the user id and password over the internet doesn’t seem
very secure, even though we’ll be using HTTPS on the server.
One way of authentication that I always liked is the way, for instance,
GitHub handles pushes to their servers. When you give them your public
SSH RSA key, makes this machine authorized to interact as you with their
server.
Would it be possible to have something similar for this API, even using
HTTPS? What kind of approaches to this problem are known patterns on the
Ruby community? Any guidance, in terms of Gems, Articles and such would
be nice.
Thanks in advance, this forum/list has always been very insightful.
Best regards,
– Felipe.