Authentication for Ruby On Rails API

As we all know, Rails 5 is a great framework for API application, just with rails new name_app --api and Rails will setup everything for us but what is the easiest way to implement authentication in Ruby On Rails?

Photo by Jason Blackeye on Unsplash

Table of Content

  • Setup project
  • Sign Up
  • Sign In

Ok let’s start!

Setup our project

First, create new rails api app

rails new rails-api --api

And add two new gems at Gemfile

gem "devise"
gem "simple_token_authentication", "~> 1.0"

devise is a flexible authentication solution for Rails and simple_token_authentication

Install new gems

bundle install

Install devise and Generate new model by Devise — I will call it User

rails g devise:install
rails generate devise User
rails db:migrate

Add authentication_token column into User table by creating migration field.

- rails g migration add_authentication_token_to_users "authentication_token:string{30}:uniq"
- rails db:migrate

Define which model will be token authenticatable. In this case, it’s User model. Add acts_as_token_authenticatable at user.rb file.

class User < ActiveRecord::Base

Finally define which controllers will handle token authentication ( application_controller.rb)

class ApplicationController < ActionController::API
acts_as_token_authentication_handler_for User

Route for API

Rails.application.routes.draw do
devise_for :users

namespace :api, defaults: {format: :json} do
namespace :v1 do
devise_scope :user do
post "sign_up", to: "registrations#create"
post "sign_in", to: "sessions#create"

So basically, after enter rails routes on terminal, we will have: (Our URL will be like http://localhost:3000/api/v1/sign_up)

Let’s start with sign up function first.

Sign Up

First, create new folder app/controllers/api/v1 (v1 is version one of Api. Because in the future may be we will have v2 or v3…)

And now create new controller named registrations_controller.rb

Test with Postman

You can download Postman here.

We will create a POST request to localhost:3000/api/v1/sign_up with params are user[email] and user[password] (in the body of request)

The server will return user’s information if your params are correct.

Ok looks good. Let’s move to Sign In.

Sign In

Basically, when user sign in, we will create new session for that user. So, create new controller named sessions_controller.rb under app/controller/v1 folder.

Test with Postman

We will create a POST request to localhost:3000/api/v1/sign_in with params are sign_in[email] and sign_in[password]

And what’s happen if you try to sign in with wrong password ? Of course you will get 401-Unauthorized error!


Ruby On Rails with great community and gems, elegant syntax of ruby, is not just awesome framework for web development but also good for API server.

Do you want to learn more about Ruby On Rails for API, please check out my Udemy course. Refund within 30 days if you dont’t like it.



Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store