Rails API with a single access key

Question

After searching S/O, I haven't found anything that directly answers my question, so I'll ask:

I want to have a front-end web application (just Javascript) powered by a separate back-end Rails server. So, in order to get and store data, the web app sends requests to the Rails server. My question:

How can I ensure that requests to the server are only given a successful response if the request comes from the web application? Then, how do I implement this with Rails? (The second part I can probably figure out, the first question is the most important.)

Edit: I think this part may be unclear after reading responses -- I only have one client for the server. That is,

I want the server to only accept responses from the front-end web app and from no other sources (that is, someone should not be able to type in a url in their browser and get a successful response from the server).

Answer 1

You can implement some sort of authentication. Devise could help with this, storing authentication information in the users session. Then in your controllers you can use something like before_filter :authenticate_user!

If your server is available over the open internet, you either need named user authentication (useful for other things besides auth, like tracking users) or run it as a public api not caring if users hit it (but then you need rate limiting to avoid unintentional ddos, adding another layer of complexity).

Answer 2

create some sort of authentication system.. so that ServerApp knows that request is coming from trusted source.

After storing data.. based on success or failure you can return back Json/Xml data with appropriate message.

not sure what else you are asking for, let me know if you need further assistance with this.