Add a note about APIs in token authenticatable, closes #1959

heartcombo · Jul 23, 2012 · 1da8490 · 1da8490
1 parent 6e79c5c
commit 1da8490
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,6 +1,6 @@
 * enhancement
   * Default minimum password length is now 8 (by @carlosgaldino).
-  * Confirmable now has a confirm_within option to set a period when the confirmation token is still valid (by @promisedlandt)
+  * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)
 
 * bug fix
   * Fix a regression introduced on warden 1.2.1 (by @ejfinneran)

diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb
@@ -18,6 +18,18 @@ module Models
     # If you want to delete the token after it is used, you can do so in the
     # after_token_authentication callback.
     #
+    # == APIs
+    #
+    # If you are using token authentication with APIs and using trackable. Every
+    # request will be considered as a new sign in (since there is no session in
+    # APIs). You can disable this by creating a before filter as follow:
+    #
+    #   before_filter :skip_trackable
+    #
+    #   def skip_trackable
+    #     request.env['devise.skip_trackable'] = true
+    #   end
+    #
     # == Options
     #
     # TokenAuthenticatable adds the following options to devise_for: