| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 24 Jul 2025 02:23:50 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-robots-tag: none
etag: W/"5eb7622283e2102205dc73607ee86377"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=LHy%2BhNNqbIPuemr7jpe6Y3sEeYw%2F5tcbdQc2auDWCy7cTgYKarBKP9qwn66GFp3hfbCp8M6VPFGrJKH4Z3LNdr5P%2BJmyrOkeYTT%2BU1TP6IJZyELgyoAPwvUS7i99XqASlxMvzYBjN0c%2F%2BS4Ap8LaQxgPJgfXrRyFr%2F5qZr%2BVA0YAbYK9e4ocaMtmUIbyhPrko4gsM7qEDQIucARK4FTaV0EV94VXFPaIhePdf1UXQb4ClrDy6T%2BatW%2BxK%2FbeM0pqujFMF7o%2BD3YjXfRDLYlOtQ%3D%3D--j8Ad3%2FwyS46NYkKb--eeY%2F%2BmeBpDXHx9GpiJmkBA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1909003809.1753323829; Path=/; Domain=github.com; Expires=Fri, 24 Jul 2026 02:23:49 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 24 Jul 2026 02:23:49 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: BE60:12F48D:1220633:15F7E1F:68819935
Using API Guard with Devise · Gokul595/api_guard Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 26
Using API Guard with Devise
Joe Masilotti edited this page Mar 19, 2021
·
5 revisions
We need to do below customizations for using API Guard with Devise by which we can authenticate the APIs with API Guard and browser sessions with Devise.
Note: The below instructions are written assuming your app already have a model for the resource (E.g. User) and configured with devise authentication.
As the routes generated by Devise and API Guard are mostly same we need to separate the API Guard default routes (sign up, sign in, etc.) from Devise generated routes.
This can be done by several ways but below two ways are easy to setup,
- Defining path prefix
- Keeping routes in separate subdomain
Add prefix to the API Guard routes.
scope path: 'api' do
api_guard_routes for: 'users'
endThis will add prefix api/ for all the API Guard routes.
Add API Guard routes under a subdomain.
constraints subdomain: 'api' do
api_guard_routes for: 'users'
endImportant Note: The above code should be added above devise routes in the routes.rb file.
This will make the API Guard routes available only in api subdomain.
As we already have Devise installed we can use the authentication strategy provided by Devise instead of using has_secure_password. We just need to define an instance method in the resource model (E.g. User) as below for API Guard authentication to work.
class User < ApplicationRecord
def authenticate(password)
valid_password?(password)
end
endFor this, we don't need to add a column named password_digest in the resource model as we should already have column for storing the encrypted password using Devise.
You can’t perform that action at this time.