Once building API end points, it is good practice to authorize incoming requests just like we do with our application.
As a Rails developer, I’ve also involved in building API end points along with test coverage, too. We use
devise for application authorization, and
devise_token_auth for API authorization.
So far, we use Postman to test our API, you may use the same or a different one. However, the three main Headers which is required to request authorized resources are: access-token, uid, and client.
In order to get these Headers, we do need to send a post request to sign in a user first. If you signed in successfully, we will get a User object in the Body tab, and we can find our three main headers in Headers tab.