2

I'm building a REST api using Rails 4 to be used in a mobile application. I'm using devise for Users. Api operations will only be accesible by logged in users.

I've been looking how to perform this. 1. The first solution I see is using token_authentication but it has been disabled by devise. 2. If I try to log-in using normal controllers I get a "Can't verify CSRF token authenticity"

How should I proceed?

Improve this question
1
  • If you're using HTTP API calls, you don't need to include CSRF authentication. Commented Oct 1, 2014 at 16:20

1 Answer 1

Reset to default
2

Add skip_before_filter :verify_authenticity_token to your API controller. But true way for this case it's https://github.com/doorkeeper-gem/doorkeeper

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.