Delve into creating, optimizing, and securing a Rails API from scratch. Gain insights into building a full-fledged, efficient Rails API, ready for immediate use.

rails.tar.gz

Routes changes

validating_the_user_model

unit_tests

show_user

migration_file

create_tokens

feed_the_database

presentation_of_JSON_API

validating_the_order_model

list_orders

decrementing_product_quantity

extending_the_placement_model

feed_the_database-2

feed_the_database-3

Setting Up the Authentication Token

validating_the_product_model

unit_tests_for_order_model

the_placement_model

decrementing_product_quantity-2

activation_of_CORS

This course is a comprehensive tutorial that will teach you the best way to build your next API with Rails. You’ll learn to create a Rails API from scratch and to optimize and secure a Rails API. By the end of this course, you’ll have a full-fledged Rails API ready to be used.

Building your own API with Rails

In this lesson, we'll discuss one final problem often encountered when working with an API.

When we first request an external site (via an AJAX request, for example), we will encounter an error of this kind:
> "Failed to load https://example.com/ No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin "https://anfo.pl" is therefore not allowed access. If an opaque response serves your needs, set the request’s mode to "no-cors" to fetch the resource with CORS disabled."

But what does "Access-Control-Allow-Origin" mean? This behavior is caused by the effect of the CORS implementation of browsers. Before the CORS standardization, there was no way to call an API terminal
under another domain for security reasons. This has been (and still is to some extent) blocked by the same-origin policy.

**CORS** is a mechanism that aims to allow requests made on our behalf while at the same time blocking some requests made by dishonest scripts. It is triggered when we make an HTTP request to any of the following:

- A different field
- A different sub-domain
- A different port
- A different protocol



Learn how to make our API accessible through different domains and protocols.

Activation of CORS

Getting Started

The API

User Model

Authenticating the Users

User's Products

Building JSON

Placing Orders

Improving Orders

Optimizations

Wrap up

Appendix

Activation of CORS