Before you get too excited and run rails new thecoolest --api on your terminal, it might be a good idea to take some time to consider what your needs are.
How different is a Rails API-only from a full-stack Rails app? As you can see in the image below, the API-only is a lighter version of a full stack Rails app:
The reason why it’s lighter is because Rails API-only won’t render HTML pages, handle user sessions & cookies, nor display any assets....
5 Ways to Handle Your Rails API Authentication
Which authentication strategy should you use for Rails API? How to implement a secure authentication strategy is by the far the most confusing part of building an API.
It’s important to evaluate your app requirements before choosing any strategy in the first place to avoid any security implications.
To help you figure out which authentication strategy is the best for your case, here are 5 possible solutions for you:
Rails API-only If your API is running as a standalone app and you don’t need a web interface of any sort, then a header-based token auth might be enough....
