There is a devise configuration called :token_authenticatable. So if you add that to the devise method in your "user", then you can authenticate in your API just by calling

有一个名为:token_authenticatable. 因此，如果您将其添加到“用户”中的设计方法中，那么您只需调用即可在您的 API 中进行身份验证

"/api/v1/recipes?qs=sweet&auth_token=[@user.auth_token]"

You'll probably want this in your user as well:

您可能也希望在您的用户中使用它：

before_save :ensure_authentication_token

UPDATE(with API authorization code)

UPDATE（带API授权码）

The method you're looking for are:

您正在寻找的方法是：

resource = User.find_for_database_authentication(:login=>params[:user_login][:login])
resource.valid_password?(params[:user_login][:password])

here's my gist with a full scale JSON/API login with devise

这是我的要点，使用设计进行全面的 JSON/API 登录

I would recommend reading through the Devise Wiki, as Devise natively supports token authentication as one of it's modules. I have not personally worked with token authentication in Devise, but Brandon Martin has an example token authentication example here.

我建议阅读Devise Wiki，因为 Devise 本身支持令牌身份验证作为它的模块之一。我没有亲自在 Devise 中使用令牌身份验证，但 Brandon Martin 有一个示例令牌身份验证示例here。

Devise is based on Warden, an authentification middleware for Rack.

Devise 基于 Warden，这是 Rack 的身份验证中间件。

If you need to implement your own (alternative) way to authenticate a user, you should have a look at Warden in combination with the strategies that ship with Devise: https://github.com/plataformatec/devise/tree/master/lib/devise/strategies

如果您需要实现自己的（替代）方式来验证用户身份，您应该结合 Devise 附带的策略查看 Warden：https: //github.com/plataformatec/devise/tree/master/lib /设计/策略

If token auth just isn't what you want to do, you can also return a cookie and have the client include the cookie in the request header. It works very similar to the web sessions controller.

如果令牌身份验证不是您想要做的，您还可以返回一个 cookie 并让客户端在请求标头中包含该 cookie。它的工作原理与 Web 会话控制器非常相似。

In an API sessions controller

在 API 会话控制器中

class Api::V1::SessionsController < Devise::SessionsController

  skip_before_action :authenticate_user!
  skip_before_action :verify_authenticity_token

  def create
    warden.authenticate!(:scope => :user)
    render :json => current_user
  end

end

In Routes

在路线中

namespace :api, :defaults => { :format => 'json' } do
  namespace :v1 do
    resource :account, :only => :show
    devise_scope :user do
      post :sessions, :to => 'sessions#create'
      delete :session, :to => 'sessions#destroy'
    end
  end
end

Then you can do this sort of thing (examples are using HTTPie)

然后你可以做这种事情（例子是使用HTTPie）

http -f POST localhost:3000/api/v1/sessions user[email][email protected] user[password]=passw0rd

The response headers will have a session in the Set-Cookie header. Put the value of this in subsequent requests.

响应标头将在 Set-Cookie 标头中有一个会话。将 this 的值放在后续请求中。

http localhost:3000/api/v1/restricted_things/1 'Cookie:_my_site_session=<sessionstring>; path=/; HttpOnly'