Skip to content


Repository files navigation


A simple rails API practiced creating API itself, authentication with JWT token, and authorization with Pundit.

  • All users must log in and get a jwt token before visiting any other URL
  • Only the admin user can access all users / books (full-empowerment of CRUD)
  • Non-admin users can access user and book data under their own account (limited CRUD)

System dependencies:

  • Ruby 3.0.3
  • Rails 7.0.3
  • PostgreSQL 14.3
  • jwt
  • bcrypt
  • Pundit

Initial Setup

After git clone, please run bundle install & bin/rails db:setup & bin/rails server

db:setup stands for db:create & db:migrate & db:seed

  • seed.rb has config 3 users and 3 books, user 1 owns one book, user 2 owns 2 books, user 3 is an admin user without any book

Generate a User Login Token

  • please use POST method to send a request to URL https://localhost:3000/auth/login
  • request params with the test account
    • user 2: username: Joshua 2 & password: password2 OR
    • admin user: username: Joshua 3 & password: password3
  • then you can get a token in the response body which will expire in 48 hours

Play with the app

with Admin token

  • with an admin token, you can create a new user or a new book and also update users or book data. Here will show you a few examples, more URLs, and methods please check routes.rb / controllers

  • GET all users

    • visit URL https://localhost:3000/api/v1/users in your browser or in postman with GET method, and get the response of a JSON:
        "id": 1,
        "username": "Joshua 1",
        "password": "password1",
        "created_at": "2022-06-21T16:24:01.413Z",
        "updated_at": "2022-06-21T16:24:01.413Z",
        "admin": false
        "id": 2,
        "username": "Joshua 2",
        "password": "password2",
        "created_at": "2022-06-21T16:24:01.458Z",
        "updated_at": "2022-06-21T16:24:01.458Z",
        "admin": false
        "id": 3,
        "username": "Joshua 3",
        "password": "password3",
        "created_at": "2022-06-21T16:24:01.458Z",
        "updated_at": "2022-06-21T16:24:01.458Z",
        "admin": true
  • GET all books
    • by pasting this URL https://localhost:3000/api/v1/books in your browser or in postman with GET method, and get the response of a JSON:
          "id": 1,
          "user_id": 1,
          "book": "Testing Book 1",
          "likes_books": 1,
          "created_at": "2022-06-21T16:24:01.490Z",
          "updated_at": "2022-06-21T16:24:01.490Z"
          "id": 2,
          "user_id": 1,
          "book": "Testing Book 2",
          "likes_books": 2,
          "created_at": "2022-06-21T16:24:01.523Z",
          "updated_at": "2022-06-21T16:24:01.523Z"
          "id": 3,
          "user_id": 2,
          "book": "Testing Book 3",
          "likes_books": 3,
          "created_at": "2022-06-21T16:24:01.528Z",
          "updated_at": "2022-06-21T16:24:01.528Z"
          "id": 4,
          "user_id": 2,
          "book": "Testing Book 4",
          "likes_books": 4,
          "created_at": "2022-06-21T16:24:01.534Z",
          "updated_at": "2022-06-21T16:24:01.534Z"

with User2 token

  • GET all books belong to user_id: 2
    • visit URL https://localhost:3000/api/v1/books in your browser or in postman with GET method, and get the response of a JSON:
            "id": 2,
            "user_id": 2,
            "book_name": "Testing Book 2",
            "likes": 2,
            "created_at": "2022-06-27T14:33:39.157Z",
            "updated_at": "2022-06-30T09:14:14.840Z"
            "id": 3,
            "user_id": 2,
            "book_name": "Testing Book 3",
            "likes": 3,
            "created_at": "2022-06-27T14:33:39.164Z",
            "updated_at": "2022-06-27T14:33:39.164Z"


No releases published


No packages published