API key based authentication strategy for devise
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


A device strategy for api key based authentication.

Clients supply a client identifier which is issued a unique and reusable api key for each user who authenticates from that client. The rails application may then allow users to manage their authorized api keys in order to control which clients are allowed to access their account.

Clients are expected to communicate with the rails application via a JSON api. This api will respond with JSON payloads rather than redirects if a user in not authenticated or fails authentication in order to better support mobile clients on high latency connections where following redirects to reach an authentication action is expensive.

It is the rails application's responsibility to define an appropriate storage mechanism for valid api keys such as persistant storage in a database or temporary storage in a session store.