This will establish an API for user token authenication via JSON. This is significantly different than cookie authentication and is the preferred solution. You will have to write the JavaScript end yourself.
Verb URI Pattern Controller#Action Description
GET /api/v1/users api/v1/users#index Returns JSON of all users
POST /api/v1/users api/v1/users#create
GET /api/v1/users/:id api/v1/users#show
If you want to test API requests using just the terminal you could use curl.
curl http://localhost:3000/api/v1/users
This an example of how you would access resources you want to protect:
curl -H "Authorization: Token token=my_first_user_token" http://localhost:3000/api/v1/users
curl -d "user[name]=john&user[password]=mysecurepassword&user[password_confirmation]=mysecurepassword&user[email][email protected]" -X POST localhost:3000/api/v1/users
In POST example example we are assuming that the model has name, password_digest, token, and email fields. The password_digest field was added according to bcrypt gem's usage, but encryption is not implemented yet for you.
Code very heavily borrowed and inspired by TangoSource's repo