How to create a secure Rails REST Api for my application?

Question

How to create a secure Rails REST Api for my application?

So, I am making an Android app that needs a web server. The website is built on Ruby on Rails. It has a client side (pretty HTML pages), but I also want it to be able to pass information to my Android application via JSON. However, I do not want the whole world to be able to get this JSON, because it contains some, possibly dangerous information. How to lock pages in JSON format and make them accessible from an Android application?

For the record, I use Rails 3.1 has_secure_passwordto authenticate with the site, and I would like to have several routes open for HTML requests but blocked for JSON (e.g. /usersurl should be accessible as HTML, but as JSON it should be accessible only from my application with some security method).

Is there a way to do this, or should the API be a separate application (which would be very inconvenient with setting up the database, etc.)?

CLARIFICATION: Basically, I want to create a secure token-based JSON API from my Rails application, and I don't want to use Devise or anything that would make me change how I already store user / skip information.

+5

android authentication rest ruby-on-rails

Sam sttern Jul 01 '12 at 3:37

source share

1 answer

Christophe Biocca · Answer 1 · 2012-09-22T09:03:22+0000

, , response_to, JSON, HTML URL-. , JSON, , , JSON

def with_access_check()
  if allowed # Or any verification you want.
    yield
  else
    # Raise a 403 maybe?
  end
end

# Then in every method that needs a check:
respond_to :json { with_access_check { render :json => @stuff } }

, json html ( , URL- ), , / HTML.

How to create a secure Rails REST Api for my application?

More articles: