re: Guide to devise_token_auth: Simple Authentication in Rails API VIEW POST


You actually can use session cookies for API long as the API client is a web browser. Given that caveat, I thought this approach was interesting because it takes advantage of the battle-tested CSRF protection already built into Rails.


Thank you for your comment! Perhaps I should've specified - I meant Rails API with no front-end when I was talking about not being able to use sessions.

code of conduct - report abuse