AuPair provides token-based authentication and versioning for Rails API applications.
In your Gemfile:
gem 'au_pair'
AuPair's authentication functionality allows you to limit access to your API to those clients that provide registered names and associated tokens through their request, either via headers or path variables.
For header-based authentication, clients must set the x-api-vendor and x-api-token headers.
For path-based authentication, clients pass in api_token and api_vendor parameters through the request.
To set up tokens, create a configuration file in config/initializers/au_pair.rb to specify client apps and their associated auth tokens:
AuPair.configure do |config|
config.tokens = {
'my_sample_app' => '12345'
}
end
(Note that for security reasons, you probably want to read in the tokens from an environment variable as opposed to storing them in your source code.)
Then in your application controller, or in individual controllers if you want to limit authentication to certain actions:
class ApplicationController < ActionController::Base
include AuPair::Authenticates
before_filter :authenticate!
end
Even after including the above code, you may optionally disable authentication. This may be useful if you didn't want authentication to occur in certain environments. To do so, simply add the following to your config:
AuPair.configure do |config|
# config.tokens = ...
config.authentication_disabled = true #or read from an environment variable
end
Specify groups of routes per API version In your routes file:
constraints(AuPair::ApiConstraint.new('v1')) do
resources :widgets
end
Client apps can then specify the API version that they want to use by passing in an x-api-version header or an api_version URL parameter.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request