Using API Keys with REST

What is the best way to restrict use of the xml format by using an API
key?

I'm guessing you would want to add a before_filter to your controllers
and check the request parameters to validate the API key. Or possibly
even combine that with your user authentication system so that you
could validate the API key once for the session (assuming the services
have state).

Robert,

I've seen many APIs that require the API key in the HTTP header
itself, as opposed to a request param. How would I parse this out in a
before_filter?

If I have a client to a service that requires the same, how do I set
the API key in the HTTP header of the request?

Thanks,
Mark

The controller has a headers hash you can use.

I’ve seen many APIs that require the API key in the HTTP header
itself, as opposed to a request param. How would I parse this out in a
before_filter?

headers[‘api_key’]

If I have a client to a service that requires the same, how do I set
the API key in the HTTP header of the request?

headers[‘api_key’] = ‘put ur key here’

Best regards

Peter De Berdt