If your site is like most, API keys are handed out to users. So it would probably be best to just store the key on the user model, and then do a User.find_by_api_key(..etc...) in your before_filter.
--Matt Jones On May 30, 6:02 am, Neil Cauldwell <[email protected]> wrote: > I'm trying to get my head round offering up an API for a RESTful app; is > it just a matter of; > > 1. adding an api_key column to the resource on which incoming requests > will made (the app has a User model but I think the API authentication > will need to be done on the Site model to which Users belong), > > 2. generating the API key using Digest::SHA1 or similar (the last dev > used SHA1 for the passwords), > > 3. authenticating via API keys in a filter (perhaps something along the > lines of option 2 > herehttp://www.whatcodecraves.com/articles/2008/11/25/how_to_make_an_api_...). > > Unfortunately, the authentication lib is custom (I would much prefer to > be working with one of the community adopted plugins such as Authlogic, > which appears to have API key authentication anyway). > > Am I missing anything or does that sound like a reasonable starting > point? > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
