API authentication

Hi,
My application has an API server which supports an rails application and
an iPhone application, I am confused how to authenticate the api
requests, wether I have to generate some API tokens for every user and
send it with each request and I don't know how to use the access/secret
keys for authentications.

Please help me out

You can have a short-look at OAuth2 protocol, it's simple but should
have many implementations on ruby.
Here is http://tools.ietf.org/html/draft-ietf-oauth-v2-20 really
boring doc, but once you have read it, you'll know everything about
this secret/keys :wink:

John Senthil wrote in post #1011816:

Hi,
My application has an API server which supports an rails application and
an iPhone application, I am confused how to authenticate the api
requests, wether I have to generate some API tokens for every user and
send it with each request and I don't know how to use the access/secret
keys for authentications.

There are likely a few ways you could handle this. However, given this
is an iPhone app, NSURLConnection has full support for HTTP cookies, so
you could authenticate the user exactly like a browser would. That is by
sending the username and password to the sessions controller (over
HTTPS, of course).

Once authenticated NSURLConnection will send the session cookie back to
the server with every subsequent request. This could be completely
transparent to the user of the device. That is once they sign in for the
first time at which point the iPhone app stores their login credentials
in the secure keychain. If you get a session timeout then
re-authenticate with the username/password stored the keychain.

http://s3.amazonaws.com/pragmaticstudio/iPhoneOnRails.pdf