What is the best way to restrict use of the xml format by using an API key?
I'm guessing you would want to add a before_filter to your controllers and check the request parameters to validate the API key. Or possibly even combine that with your user authentication system so that you could validate the API key once for the session (assuming the services have state).
Robert,
I've seen many APIs that require the API key in the HTTP header itself, as opposed to a request param. How would I parse this out in a before_filter?
If I have a client to a service that requires the same, how do I set the API key in the HTTP header of the request?
Thanks, Mark
The controller has a headers hash you can use.
I’ve seen many APIs that require the API key in the HTTP header itself, as opposed to a request param. How would I parse this out in a before_filter?
headers[‘api_key’]
If I have a client to a service that requires the same, how do I set the API key in the HTTP header of the request?
headers[‘api_key’] = ‘put ur key here’
Best regards
Peter De Berdt