• watch on iTunes
• follow on Twitter
• follow on Facebook
• subscribe to RSS feed

• Browse Episodes
• RailsCasts Pro
• Notifications
• About

RailsCasts Pro episodes are now free!

Learn more or hide this

Yarin Kessler's Profile

GitHub User: ykessler

Comments by Yarin Kessler

Yarin Kessler on #352 Securing an API 2013-12-24 07:43:07

Note that authenticate_or_request_with_http_token will return 401 messages as text/html- not what you want for a JSON API.

I handled this by overriding request_http_token_authentication in the controller:

ruby

def request_http_token_authentication(realm = "Application")  
  self.headers["WWW-Authenticate"] = %(Token realm="#{realm.gsub(/"/, "")}")
  self.__send__ :render, :json => { :error => "HTTP Token: Access denied. You did not provide an valid API key." }.to_json, :status => :unauthorized
end