Let’s say your Rails app has an ActiveRecord data type, Post, and you want to only authorize the creator of that Post, who is of type User, to update or delete the record. One way to prevent the wrong User from editing the Post is to keep track of the creator with a foreign key,Continue reading “How Do I Authorize Only the Creator of a Post to Update or Delete it?”
Monthly Archives: February 2018
How do you get Devise working with your Rails API?
Let’s say you’re building an app on iOS, and you’ve already built an API and you’ve chosen Devise, but you’re stuck because you cannot authorize your user like you can in your web browser. What do you do? One area where where Devise seems to be lacking support is API authentication, especially with HTTP requestsContinue reading “How do you get Devise working with your Rails API?”
3 Ways to Authenticate a Client on Your API
Here are 3 ways to authenticate a client with an API that you are designing. 1. Basic HTTP Auth This is as simple as it gets. Every request includes a username and password in the API request. The API server authenticates, and will return the correct response, or will return a 403 Unauthenticated error. YouContinue reading “3 Ways to Authenticate a Client on Your API”
Rails apps past CRUD
I know how to build a blog in Rails with CRUD, what’s next? You’re a beginner, and you feel like you’ve reached a plateau. You’ve done all the tutorials, like how build a blog, and you want some more intermediate ideas for what to try next. You’re might also looking for a type of problemContinue reading “Rails apps past CRUD”