Topic: RESTful API and authentication
The company I work for has it's own internal ticketing system and some customers want an api to view/create/update their tickets programmatically.
I'm new to making public API's and I'd like to make a RESTful one. I don't know how to go about handling authentication. Do they post their username/password and I send them an authenticity_token which they have to pass back to me for every GET and POST? Or is there some other way?
Any pointers/articles/etc would be helpful.