Happy new year!
I have been toying around with a project where I allow users to post data to my API when they are running CI.
I would like users to be able to sign in, get an API-key and then include this data in their requests to my API. A similar example is when using for example Codecov.
I am writing this in Rails and currently Clearance for authentication but I do not quite know how to model the authentication.
You weren't the only one asking this question it seems, so I decided to write a full article to explain more about what's the best practice in security for api key authentication. It's a bit technical, but I'll throw it in here:
API authentication with api keys
Thank you for the blog post!
I have not quite figured it out yet...
I decided to use an approach closer to:
https://www.pluralsight.com/guides/token-based-authentication-with-ruby-on-rails-5-api
I really wish there was something like an authorization flow for Doorkeeper that would fit well for this, but I could not find it.