First of all you will need to use http basic authentication for programatically authorising users especially if you want to take full advantage of RESTfull routes (i.e. get json or xml responses) because curl or url or api ommands that access your site will not be able to handle the redirects that occur when using non http basic authorisation.
I shoul add a caveat here in that my knowledge is not that extensive when it comes to authlogic (I roll my own authorisation, it's far easier) so there is a slim chance that above may be incorrect.
is the way to pass username and passwords in urls
Note httpS If you don't use httpS then there is no point whatsoever in having any authentication,
This is kindfa covered in this railscast http://railscasts.com/episodes/352-securing-an-api
and here http://railscasts.com/episodes/270-auth
and here http://railscasts.com/episodes/95-more-
Hope this goes someway towards answering your question
What you want and what you need are too often not the same thing!
When your head is hurting from trying to solve a problem, stop standing on it. When you are the right way up you will see the problem differently and you just might find the solution.
(Quote by me 15th July 2009)