I need to design a RESTful API for Rails, which will enable login from

Question

0

Asked: June 14, 20262026-06-14T10:06:02+00:00 2026-06-14T10:06:02+00:00

I need to design a RESTful API for Rails, which will enable login from

0

I need to design a RESTful API for Rails, which will enable login from web browser, smart phone, tablet, etc. When I do login it always require X-CSRF-Token, so everytime I need to use session or cookie info. However the REST api should be stateless, which means shouldn’t use cookies. Is there a way to get rid of that? Any suggestion for that?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T10:06:02+00:00

Here’s how I dealt with this in an app that responds with both HTML and JSON. I want the CSRF check except if it’s an API call from a trusted source, so

application_controller.rb

class ApplicationController < ActionController::Base
  protect_from_forgery
  # has to come after the protect_from_forgery line
  skip_before_filter :verify_authenticity_token, :if => :api_request?

  # but don't just accept any URL with a .json extension, you need something else to
  # ensure your caller is trusted (in this case I test for a valid API key being passed)
  before_filter :api_key_valid?, :if => :api_request?

  def api_request?
    request.format == 'application/json'
  end

  # ... etc
end

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I need to design a RESTful API for Rails, which will enable login from

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply