You actually can use session cookies for API authentication...as long as the API client is a web browser. Given that caveat, I thought this approach was interesting because it takes advantage of the battle-tested CSRF protection already built into Rails.
Thank you for your comment! Perhaps I should've specified - I meant Rails API with no front-end when I was talking about not being able to use sessions.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.