I’ve done this before using the Token Authentication capabilities of devise (see https://github.com/plataformatec/devise ).

I found the following setup works:

• Create a user account for each api user.
• Configure devise for token authentication
• Set the Token Authentication configuration to require the token to be submitted with each request.

This will allow you to enable and disable individual users as well as to track every request back to the api user that made the call.

If you’re really interested in tracking usage you may want to consider also creating a database table where you track all api requests. This can be setup to belong_to the users table so that you easily find all requests from different users (e.g., @user.api_requests).

The count of all requests made by a user would be:

@user.api_requests.count

# or use a where clause to find how many of each type
@user.api_requests.where("api_request_type = ?", 'SomeAPICallType').count

One final note — I recently used the Grape library for building out an API. I thought it was pretty well done and it worked great for our needs. I especially like the ability it provided to version APIs. Details are here: https://github.com/intridea/grape/wiki