Authentication
To create leads via api/v1/leads, the request must be authenticated with a token that is associated with an Apikey instance. In regards to the Apikey, access can be limited in terms of:
- model and action via
Apikey#permisssions. - whitelisted ip addresses via
Apikey#whitelisted_ips.
api/v1/leads_controller.rb
Section titled “api/v1/leads_controller.rb”before_action :authenticate_with_token!application_controller.rb
Section titled “application_controller.rb”def authenticate_with_token! authenticate_or_request_with_http_token do |token, _options| @apikey = Apikey.find_by(token: token) next false unless @apikey
model_class = params[:controller].split('/').last.singularize permission_string = params[:action] == 'request_score' ? 'request_score:credit_scores' : "#{params[:action]}:#{model_class}" whitelisted_ip = @apikey.whitelisted_ips.blank? || @apikey.whitelisted_ips.include?(request.remote_ip) has_permission = @apikey.permissions.blank? || @apikey.permissions.include?(permission_string)
whitelisted_ip && has_permission endendproduction console
Section titled “production console”dealer-studio(prod)> Apikey.find_by(name: 'Demo')=>#<Apikey:0x00007efde7dc5460 id: 86, token: "THIS IS NOT THE REAL TOKEN", created_at: "2024-11-07 01:45:15.947513000 +0000", updated_at: "2024-12-11 21:41:44.290333000 +0000", name: "Demo", permissions: [], whitelisted_ips: [], default_lead_provider: "Demo", default_lead_source: "Manufacturer", default_car_source: nil>