Hello all,

I am developing a Ruby on Rails web application using Devise for authentication. Most of the functionality has been built out and usable from a web browser, and I'm in the process of building out the API for iOS apps.

There are blog posts, code samples in gists, and Stack Overflow threads that discuss how to use Devise to secure the API, but I haven't run into a solution that I am comfortable with.

I am looking for something that will let me keep Devise for the web-side of things, and use the same user database for the API.

I know Apigee provides authentication, scalability (caching/throttling), and analytics. If I build an API proxy between the iOS apps and the Rails API, what would authentication look like?

I can protect the Rails API using Devise with Basic Auth, or a session/cookie based approach. Not sure what the authentication flow between the iOS apps, API proxy, and Rails API would be like.

Any suggestions would be appreciated. FYI I have built an a127 based proxy, which is consumed by a server. But not for iOS apps.

Thanks, Chris