I have a Rails app with an iOS mobile client.
So far, I've had the iPhone client send HTTP requests to the normal URLs. I want to replace this with a proper API. I'm on Rails 3, and I'm using Authlogic for authentication.
I have watched the railscasts on versioned apis and securing APIs. But since I'm already using authlogic for authentication, I think reimplementing token creation would be unnecessary?
I created the API just as Ryan Bates suggests in this episode with a controller under app/controllers/api/v1/. I have corresponding views with RABL in views/api/v1.
My controller is
module Api
module V1
class RecordsController < ApplicationController
respond_to :json
def index
status = RecordStatus.where("name = ?", "processed").first
@records = current_user.records.where("record_status_id = ?", status.id)
end
def show
@record = Record.find(params[:id])
end
end
end
end
Basically, I've read a lot on the different options to implement (including a bunch of answers on SO) and I'm just really stumped as to what's the best way for me to implement authentication, securely. Should I go to oauth? Can I do it with authlogic? Which option would make it easy to use from the iOS side? Which option is easiest to implement?
Any guidance would be helpful.
Perhaps you could use the single access token stuff that's in authlogic already?