I've got an app that I make API requests to using token_authenticatable. After I start up the server the first request I make to the server returns a 401 status, even with the right auth details. Subsequent requests work fine.
I've put together a really basic demo app (data included) that shows the problem. Request examples using curl in the README.md file.
I tried out your demo app and it definitely exhibits the issue you state, however it isn't limited to devise requests. You can issue any request whether it succeeds or not (just visit localhost:3000/anything in your browser for example) and all follow-up requests with the auth token will succeed. I'm kind of stumped honestly. Based on that investigation, I'd wager it's something to do with the order in which things are loaded.
In fact, based on that hunch, I just tested running the app in production mode and it does not exhibit the issue.
This isn't devise specific. Its just how Basic Auth works where even with good authentication, the auth mechanism forces to send second request with credentials, with the first request ending up as 401.
Good to know! Thanks @vipulnsward !
Basic Auth does not have a challenge stage, so there is no reason for this to be the case. The URL referenced is true for browsers, but not the case for curl.