- Prerequisite
- Create an Open API
- Test API using CURL
- Add authentication in API
user user_educations user_workplaces friends pictures status videos comments
- Install Ruby 2.7.0
- Install Rails 6.0.4
rails new test_api --api
CURL - client URL Request. It is CLI tool to receiving data from URL
-X - It denotes HTTP verb -H - It will denote Header (Content-Type: appication/json)
curl -X GET http://0.0.0.0:3000/users/1
curl -X POST -d "user[name]=honesttest&user[password]=iiiiii" http://0.0.0.0:3000/users
curl -X PUT -d "user[name]=honesttest&user[password]=iiiiii" http://0.0.0.0:3000/users/1
curl -X DELETE http://0.0.0.0:3000/users/10
-
HTTP Basic Authentication http_basic_authenticate_with name: "me", password: "@home" - Use at controller
-
Authenticate with Username and password
SHA1(digest/sha1) and bcrypt algorithms for Encryption
-
Authentication as a Service (AZURE and AWS providing IAM) Authentication handed over trusted third party like FB, Google and so on. It will happen via OAuth
-
Token Authentication - JWT(Json Web token)
-
CSRF Token Authentication - It will avoid CSRF attack from hacker
-
LDAP Authentication (Light Directory Access Protocol) -> This is suitable for database will store authentication information
-
Add Below Gems
gem 'rack-cors' # It prevents api call from unknown origin .Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible gem 'bcrypt' # Hasing the password for user. (Encryption Library) Use Active Model has_secure_password gem 'jwt'