1

I am new to Rails and am trying to figure out where I put my API Token for the external API I am using (one of Google's). I have worked with APIs in the past with Sinatra, but the directory structure of Rails has thrown me off with where I need to place it so I can access it in the controller. After I place my token somewhere, I plan on creating a create method in the controller and parsing the json data there so I can access it in my corresponding view. If someone could help guide me in the right direction as to where I put the token so I can access it (best practices), and if I'm on the right track to use the token in a method in the controller so I can access it in a view.

I know this question might be generic but from what I have Googled, many people new to Rails might benefit from this as to where to put things.

asked Feb 12, 2015 at 20:53

2 Answers 2

1

You can add your API Tokens under config/initializers. Although, you'll probably have a gem or directions from corresponding API docs telling you what the best way is to implement them. But if you were implement them via an initializer, it would be something like this -

GoogleApi.config do |config|
 config.client_id = "<Your Google API Client Id>"
 config.client_secret = "<Your Application Secret>"
 config.application_name = "<Your Application Name>"
end

And then you'll be able to use GoogleApi in your controllers.

A good example is this guide from heroku to access AWS

answered Feb 12, 2015 at 21:09
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you Aswin for your help and for showing a sample way to do it! Super helpful!
Do I need to create a new file for this or do I add it in an existing file inside the config/initializers?
I'd recommend creating a new file.
1

I would suggest loading your API keys via a rails initializer. The rails initializers exist in config/initializers and are plain ruby scripts that run after the servers starts up. Here you can do things like load configuration files etc. For example, config/initializers/google_oauth.rb could contain some plain ruby code to load up a config/.yml file holding your API credentials for non-production environments.

In non-production environments, you could load the API tokens from a yml file and in production you could utilize something like Figaro for Heroku or Dotenv for other environments (AWS, DigitalOcean, etc).

The important thing to ensure is that the local configuration file and your API token stay out of version control so as to avoid compromising your token and the security of your application.

answered Feb 12, 2015 at 21:05

2 Comments

Thank you very much for the help! Much appreciated. Will look into the Figaro. I had saw something about that earlier but I wasn't sure if it was what I was needing. Looks great.
Most definitely welcome! I wanted to stress making sure they're in a gitignore / ignoring.txt (svn) so that they don't leak into your production environments. Happy developing! :D

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.