Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

4
Token strategy for API
Post Body

Hi there !

I need to protect a small API (B2B).

I'm thinking to use this approach:

  1. One token per account.
  2. Validate this token in each api request. ex: Authentication header.
  3. The only way to expire a token is delete it (or reset it) from admin painel.

Is this safe?

I mean, should I change the strategy to use something like authentication JWT?

I'm looking for the simplest approach.

EDIT:

After surf on the internet, I found this link from Devise's author. Any problem with this approach?

I appreciate any suggestion.

Author
Account Strength
80%
Account Age
4 years
Verified Email
Yes
Verified Flair
No
Total Karma
179
Link Karma
8
Comment Karma
171
Profile updated: 6 days ago
Posts updated: 1 week ago
Vivid-Tap821

Subreddit

r/rails

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
3 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/rails/comme...