If nothing else at least for the RoR app / API backend calls.
At minimum the signin API call needs to be over HTTPS (and any other pages where the user submits their password). Ideally the whole site should be so that the token is passed securely as well.
If nothing else at least for the RoR app / API backend calls.
At minimum the signin API call needs to be over HTTPS (and any other pages where the user submits their password). Ideally the whole site should be so that the token is passed securely as well.