# Authenticate Api using Devise

Devise is authentication solution for Rails. Before going any further i would like to add quick note on API. So API does not handle sessions (is stateless) which means one that provide response after you request, and then requires no further attention, which means no previous or future state is required for the system to work hence whenever we requesting to the server need to pass authentication details with all API and should tell Devise not to store authentication details.

# Getting Started

So first we will create rails project and setup device

create a rails application

rails new devise_example

now add devise to gem list

you can find a file named 'Gemfile' at the root of rails project

Then run bundle install

Next, you need to run the generator:

rails generate devise:install

Now on console you can find few instructions just follow it.

Generate devise model

rails generate devise MODEL

Then run rake db:migrate

For more details go to: Devise Gem (opens new window)

# Authentication Token

Authentication token is used to authenticate a user with a unique token, So Before we proceed with the logic first we need to add auth_token field to a Devise model


rails g migration add_authentication_token_to_users

class AddAuthenticationTokenToUsers < ActiveRecord::Migration
  def change
    add_column :users, :auth_token, :string, default: ""
    add_index :users, :auth_token, unique: true

Then run rake db:migrate

Now we are all set to do authentication using auth_token

In app/controllers/application_controllers.rb

First this line to it

respond_to :html, :json 

this will help rails application respond with both html and json


protect_from_forgery with: :null

will change this :null as we are not dealing with sessions.

now we will add authentication method in application_controller

So, by default Devise uses email as unique field we can also use custom fields, for this case we will be authenticating using user_email and auth_token.

 before_filter do
    user_email = params[:user_email].presence
    user       = user_email && User.find_by_email(user_email)

    if user && Devise.secure_compare(user.authentication_token, params[:auth_token])
      sign_in user, store: false

Note: Above code is purely based on your logic i am just trying to explain the working example

On line 6 in the above code you can see that i have set store: false which will prevent from creating a session on each requests hence we achieved stateless re