Authentication, REST and XML

restful_authentication uses forms and cookies for standard web requests but offers http authentication for api calls. eg, the default access_denied method is:

def access_denied

respond_to do |accepts|

accepts.html do

store_location

redirect_to :controller => ‘sessions’, :action => ‘new’

end

accepts.xml do

headers[“Status”] = “Unauthorized”

headers[“WWW-Authenticate”] = %(Basic realm=“Web Password”)

render :text => “Could’t authenticate you”, :status => ‘401 Unauthorized’

end

end

false

end

So you shouldn’t need to define a key etc, restful authentication and http have it covered.

James.