In a previous screencast we set up a simple Rails web service for todos and deployed it to production. But right now there's no authorization on it, which means anyone can come along and modify our data.

Let’s see this problem by sending a POST request to create a todo. We will use the Postman client that we discussed in a previous screencast. Even though we didn't provide any kind of authentication, we were allowed to create a record. That’s a problem.

In this screencast, we’ll use the Doorkeeper gem makes it easy to add authentication to Rails APIs using the OAuth 2 standard.

After this screencast, you’ll be able to:

- Add authentication to your Rails API with very little code.

For the More Curious...

Doorkeeper Gem
Rails has_secure_password method
OAuth2 password grant
Postman client

Subscribers Only

Transcripts are for subscribers. Create an account today to access our collection of screencasts, skill packs, and more.

Subscribers Only

Project files are only available for subscribers. Create an account today to access our collection of screencasts, skill packs, and more.

Need Help?

If you get stuck, try starting a discussion with Big Nerd Ranch experts in the community tab.

Skill Pack

This screencast is part of a skill pack called Easy Backend APIs with Rails.

Related Screencasts

Explore other screencasts related to this topic.