API JSON authentication with Devise

registrations_controller.rb

class Api::RegistrationsController < Api::BaseController
  
  respond_to :json
  def create

    user = User.new(params[:user])
    if user.save
      render :json=> user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201
      return
    else
      warden.custom_failure!
      render :json=> user.errors, :status=>422
    end
  end
end

sessions_controller.rb

class Api::SessionsController < Api::BaseController
  prepend_before_filter :require_no_authentication, :only => [:create ]
  include Devise::Controllers::InternalHelpers
  
  before_filter :ensure_params_exist

  respond_to :json
  
  def create
    build_resource
    resource = User.find_for_database_authentication(:login=>params[:user_login][:login])
    return invalid_login_attempt unless resource

    if resource.valid_password?(params[:user_login][:password])
      sign_in("user", resource)
      render :json=> {:success=>true, :auth_token=>resource.authentication_token, :login=>resource.login, :email=>resource.email}
      return
    end
    invalid_login_attempt
  end
  
  def destroy
    sign_out(resource_name)
  end

  protected
  def ensure_params_exist
    return unless params[:user_login].blank?
    render :json=>{:success=>false, :message=>"missing user_login parameter"}, :status=>422
  end

  def invalid_login_attempt
    warden.custom_failure!
    render :json=> {:success=>false, :message=>"Error with your login or password"}, :status=>401
  end
end

I get this error in rails
TypeError in Devise::ConfirmationsController#show
nil is not a symbol nor a string
Extracted source (around line #188):

186
187
188
189
190
191

# Handles <tt>*_was</tt> for +method_missing+.
def attribute_was(attr) # :nodoc:
  attribute_changed?(attr) ? changed_attributes[attr] : __send__(attr)
end

# Handles <tt>*_previously_changed?</tt> for +method_missing+.

@onetom:

namespace :api do
    namespace :v1 do
      devise_for :users, defaults: { format: :json }, as: :users
   end
end

 new_users_user_session GET    /api/v1/users/sign_in(.:format)  api/v1/sessions#new {:format=>:json}
 users_user_session POST   /api/v1/users/sign_in(.:format)  api/v1/sessions#create {:format=>:json}

Good example but confused about where you set token?

In this way failed_attempts, doesn't work.

@Avatarr in this instance, the tokens are probably set or generated by Devise. This was removed from Devise after 3 for security reasons, though you can use a basic implementation like this one to get the functionality back