Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple Auth Token security for RoR API Endpoint
class Api::V1::ApplicationController < ActionController::API
include ActionView::Rendering
include ActionController::HttpAuthentication::Token::ControllerMethods
before_action :restrict_access
before_action :allow_cross_domain_access
respond_to :json
def options
render plain: { ok: :ok }.to_json, status: :ok, content_type: 'application/json'
end
private
def restrict_access
return if request.method == "OPTIONS"
authenticate_or_request_with_http_token do |token, options|
token == "YOUR_SECRET_TOKEN_HERE"
end
end
def allow_cross_domain_access
response.headers["Access-Control-Allow-Origin"] = "*"
response.headers["Access-Control-Allow-Credentials"] = "true"
response.headers["Access-Control-Allow-Methods"] = "*"
response.headers['Access-Control-Request-Method'] = '*'
response.headers["Access-Control-Allow-Headers"] = "X-Zendesk-App-Installation-Id, X-CSRF-Token, X-Zendesk-App-Id, Origin, X-Requested-With, Content-Type, Accept, Authorization, Referer, DNT, User-Agent"
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment