config.action_controller.session :secret how can I check against it ?

checking against the secret key is performed whenever a POST is sent
to my webservice

but how can I perform such control for other REST actions like GET

I can pass the secret key as a parameter, but it's not secret
anymore ....