restful_authentication uses forms and cookies for standard web requests but offers http authentication for api calls. eg, the default access_denied method is:
def access_denied
respond_to do |accepts|
accepts.html do
store_location
redirect_to :controller => ‘sessions’, :action => ‘new’
end
accepts.xml do
headers[“Status”] = “Unauthorized”
headers[“WWW-Authenticate”] = %(Basic realm=“Web Password”)
render :text => “Could’t authenticate you”, :status => ‘401 Unauthorized’
end
end
false
end
So you shouldn’t need to define a key etc, restful authentication and http have it covered.
James.