Authenticating REST Webservices

AD13 · May 17, 2008, 9:04pm

Hello ,

I have an app that is RESTful where there is a CMS side and an API side using the same RESTful services, controllers, methods , etc. The issue is that the CMS requires traditional login (through restful_authentication) but API client requests would need to use HTTP BASIC AUth or something similar I would assume.

How are people solving this challenge with authenticating users to their app via the web and via REST client differently to accomplish this? I was thinking of going the API Key route and authenticating individual applications but wasnt sure the best approach.

Thanks

Adam

AndyV · May 18, 2008, 2:16am

The restful_authentication plugin handles both. Obviously it cannot distinguish the two types of users since they both just use http requests but what it does is authenticate against one of three known sources: cookie, http basic, and session (where session stands for a logged in user). By default the HTTP basic authentication authenticates against your user table so you can give individual admin access as necessary.

Topic		Replies	Views
RESTful Authentication for external clients rubyonrails-talk	1	87	May 29, 2008
RESTful authentication for REST web services. rubyonrails-talk	1	113	November 12, 2007
restful_authentication with web services rubyonrails-talk	0	121	April 5, 2007
Authentication, REST and XML rubyonrails-talk	0	132	October 31, 2006
http autentication and restful_authentication rubyonrails-talk	0	232	October 11, 2008

Authenticating REST Webservices

Related topics

More Resources