I'm trying to get my head round offering up an API for a RESTful app; is it just a matter of;
1. adding an api_key column to the resource on which incoming requests will made (the app has a User model but I think the API authentication will need to be done on the Site model to which Users belong), 2. generating the API key using Digest::SHA1 or similar (the last dev used SHA1 for the passwords), 3. authenticating via API keys in a filter (perhaps something along the lines of option 2 here http://www.whatcodecraves.com/articles/2008/11/25/how_to_make_an_api_for_a_rails_app/). Unfortunately, the authentication lib is custom (I would much prefer to be working with one of the community adopted plugins such as Authlogic, which appears to have API key authentication anyway). Am I missing anything or does that sound like a reasonable starting point? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---