I am currently using Postman to test my REST API. I've built it using Ruby-On-Rails
, and using devise_token_auth
to manage users sessions. After a successful log in, my API is rendering a client
, an access-token
, a token-type
(BEARER) and an Uid
. These elements are needed for every request that requires the user to be logged in and have to be sent on the header.
Let's say I am creating an article using a POST. The first POST succeeds and creates the article but when I try to create another article, I get :
{
"errors": [
"Authorized users only."
]
}
I suspect either Postman is behaving as a different client after each request, or my API is creating an access-token
for the user after each request.
I finally managed to fix the issue:
According to devise_token_auth gem documentation, the
access-token
changes each time the client queries the API. Thus, I had to update theaccess-token
, on my headers, whenever I wanted to send a request to my API.To prevent the
access-token
from being changed after each request, add the following line toconfing/initializers/devise_token_auth.rb
: