I want to setup an api for my web app, but i had a few question on the best way to do this. I was hoping for some input from you experienced individuals and rails rock stars. 1) Is there a way to implement a login in feature so that api methods cant be called without proper authorization? This is so i can log activity and use of the api from different people and so
on 2006-04-14 04:56
on 2006-04-14 18:34
No, there is none, unless you are using something like wss4r. But I think it is an overkill for most of the projects.
on 2006-04-14 18:51
For the part about securing yourn API methods, pretty much any of the authorization plugins and engines out there can do this. You simply put a check for authorization on the controllers or individual methods or calls you want to protect. That's what they were written for. However, many of the existing schemes, like LoginEngine/UserEngine do the logins through web forms. You may need one that does server auth or will accept user credentials as part of the request. I'm sure some of the other current ones already do this, or you could always look at the code in Bruce Perens's unfortunately abandoned ModelSecurity generator, which IIRC does server auth and can fall back to a webform. It might just be easier to write your own authorization method, put it in application.rb or application_helper.rb, and apply it as a before_filter in the relevant controllers. Google's API, for instance, simply seems to check a non-secret key against the IP address of the host calling it, since they issue API accounts on a per-server basis. Your needs may be different. Manish Shah wrote: > I want to setup an api for my web app, but i had a few question on the > best > way to do this. I was hoping for some input from you experienced > individuals and rails rock stars. > > 1) Is there a way to implement a login in feature so that api methods > cant > be called without proper authorization? This is so i can log activity > and > use of the api from different people and so