Closed Ardnived closed 4 years ago
At some point we will need to worry about authentication and rate limiting for the API.
This articles gives a good simple solution for API keys, CORS, and rate limiting. Mostly using existing gems. https://sourcey.com/articles/building-the-perfect-rails-api
Additionally we might want to authenticate internal requests differently using csrf, which Rails has support for. https://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf
Alternatively we could look at JWT. I'm not so familiar with it though, and it looks a bit more advanced. https://medium.com/binar-academy/rails-api-jwt-authentication-a04503ea3248
At some point we will need to worry about authentication and rate limiting for the API.
This articles gives a good simple solution for API keys, CORS, and rate limiting. Mostly using existing gems. https://sourcey.com/articles/building-the-perfect-rails-api
Additionally we might want to authenticate internal requests differently using csrf, which Rails has support for. https://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf
Alternatively we could look at JWT. I'm not so familiar with it though, and it looks a bit more advanced. https://medium.com/binar-academy/rails-api-jwt-authentication-a04503ea3248