What is the best way to restrict use of the xml format by using an API key? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I''m guessing you would want to add a before_filter to your controllers and check the request parameters to validate the API key. Or possibly even combine that with your user authentication system so that you could validate the API key once for the session (assuming the services have state). On Jul 17, 8:04 am, "Mark A. Richman" <markarich...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> What is the best way to restrict use of the xml format by using an API > key?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Robert, I''ve seen many APIs that require the API key in the HTTP header itself, as opposed to a request param. How would I parse this out in a before_filter? If I have a client to a service that requires the same, how do I set the API key in the HTTP header of the request? Thanks, Mark On Jul 17, 9:52 am, Robert Walker <r0b3rt4...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I''m guessing you would want to add a before_filter to your controllers > and check the request parameters to validate the API key. Or possibly > even combine that with your user authentication system so that you > could validate the API key once for the session (assuming the services > have state). > > On Jul 17, 8:04 am, "Mark A. Richman" <markarich...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > What is the best way to restrict use of the xml format by using an API > > key? > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
The controller has a headers hash you can use. On 17 Jul 2008, at 20:10, Mark A. Richman wrote:> I''ve seen many APIs that require the API key in the HTTP header > itself, as opposed to a request param. How would I parse this out in a > before_filter?headers[''api_key'']> If I have a client to a service that requires the same, how do I set > the API key in the HTTP header of the request?headers[''api_key''] = ''put ur key here'' Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---