# Authenticate Api using Devise
Devise is authentication solution for Rails. Before going any further i would like to add quick note on API. So API does not handle sessions (is stateless) which means one that provide response after you request, and then requires no further attention, which means no previous or future state is required for the system to work hence whenever we requesting to the server need to pass authentication details with all API and should tell Devise not to store authentication details.
# Getting Started
So first we will create rails project and setup device
create a rails application
rails new devise_example
now add devise to gem list
you can find a file named 'Gemfile' at the root of rails project
Next, you need to run the generator:
rails generate devise:install
Now on console you can find few instructions just follow it.
Generate devise model
rails generate devise MODEL
For more details go to: Devise Gem (opens new window)
# Authentication Token
Authentication token is used to authenticate a user with a unique token, So
Before we proceed with the logic first we need to add
auth_token field to a Devise model
rails g migration add_authentication_token_to_users class AddAuthenticationTokenToUsers < ActiveRecord::Migration def change add_column :users, :auth_token, :string, default: "" add_index :users, :auth_token, unique: true end end
Now we are all set to do authentication using
First this line to it
respond_to :html, :json
this will help rails application respond with both html and json
protect_from_forgery with: :null
will change this
:null as we are not dealing with sessions.
now we will add authentication method in application_controller
So, by default Devise uses email as unique field we can also use custom fields, for this case we will be authenticating using user_email and auth_token.
before_filter do user_email = params[:user_email].presence user = user_email && User.find_by_email(user_email) if user && Devise.secure_compare(user.authentication_token, params[:auth_token]) sign_in user, store: false end end
Note: Above code is purely based on your logic i am just trying to explain the working example
On line 6 in the above code you can see that i have set
store: false which will prevent from creating a session on each requests hence we achieved stateless re