re: Guide to devise_token_auth: Simple Authentication in Rails API VIEW POST

FULL DISCUSSION
 

You actually can use session cookies for API authentication...as long as the API client is a web browser. Given that caveat, I thought this approach was interesting because it takes advantage of the battle-tested CSRF protection already built into Rails.

pragmaticstudio.com/tutorials/rail...

 

Thank you for your comment! Perhaps I should've specified - I meant Rails API with no front-end when I was talking about not being able to use sessions.

code of conduct - report abuse