I needed to make a secure way to authenticate API requests for native apps without timing out or sending a new CSRF token every time a new view is loaded with a form. I created the following method to authenticate and started documenting it. The link is https://github.com/nextgenappsllc/devise_api_auth It uses devise for user authentication with a token posted in the header and for CSRF in non get requests it uses a date/salt/token hash. I would like people to contribute and help improve and make this a better gem! More info is in the link.
on 2016-11-29 22:23