Currently I am working on a project which has both API and mobile apps. I had to implement authentication for the API. Since I have to implement the authentication for the non browser clients (iOS, Android) I won't be able to use session based authentication. So I started implementing token based authentication. I am using Devise gem for token based authentication.

Devise is a flexible authentication solution for Rails applications. If you search in ruby tool box you will see that Devise is the most popular rails authentication plugin. Devise supports token based authentication too.

Token based authentication means authentication using a token instead of a session cookie. Since non browser clients won't support session cookies we can't use session based authentication. There is another approach that is to embed a web browser.

By default devise won't support JSON. For that we have to add respond_to :json to the controller to override the default behavior. Even after adding respond_to to the controller some devise actions will do redirect instead of responding with proper json data. So we should override the devise controllers to implement custom json response.

I was searching for some sample application which implemented the Token based authentication for API using devise gem. But I couldn't find any sample working application. So I created one for future reference. Please let me know your feedback.