API + tokens?

Hi all,

This is almost certainly a noob question, but I've hit a wall
developing my rails3 app.

I am looking to integrate various sections with a legacy system based
on PHP. I had envisaged this being fairly straight forward, using curl
to send POST requests for example. The issue / dilema I have is that
all requests are met with an InvalidAuthenticityToken error. I don't
want to lose this security feature, but am not sure how to proceed in
terms of providing a secure API for the integration.

Is it possible to send a set token along with all requests, or am I
missing something here?

Any pointers would be much appreciated!

Cheers,

Paul Taylor

Which direction are you curling in? From PHP to Rails, or vice-versa?

Walter

From PHP to rails currently, I will need to work in both directions
however going forward but could possibly just use MySQL queries from
Rails to the PHP app if required

Thanks,

Paul

paulo wrote:

Hi all,

This is almost certainly a noob question, but I've hit a wall
developing my rails3 app.

I am looking to integrate various sections with a legacy system based
on PHP. I had envisaged this being fairly straight forward, using curl
to send POST requests for example. The issue / dilema I have is that
all requests are met with an InvalidAuthenticityToken error. I don't
want to lose this security feature, but am not sure how to proceed in
terms of providing a secure API for the integration.

For API calls, you probably don't want the authenticity token. That's
only for Rails-generated forms, as a measure of protection against
spoofed requests. It's meaningless for APIs. If you want a secure API,
you'll better off using OAuth or HTTP-Basic authentication, not the
Rails authenticity token.

A quick Google search turned up
http://www.patricktulskie.com/2010/04/skip-rails-authenticitytoken-check-sometimes/
for turning off the token check sometimes.

Is it possible to send a set token along with all requests,

I don't believe so.

or am I
missing something here?

Any pointers would be much appreciated!

Cheers,

Paul Taylor

Best,

Right, will start looking in that direction then, thanks for that
Marnen

Paul