I am currently using Postman to test my REST API. I've built it using Ruby-On-Rails, and using devise_token_auth to manage users sessions. After a successful log in, my API is rendering a client, an access-token, a token-type(BEARER) and an Uid. These elements are needed for every request that requires the user to be logged in and have to be sent on the header.
Let's say I am creating an article using a POST. The first POST succeeds and creates the article but when I try to create another article, I get :
{
"errors": [
"Authorized users only."
]
}
I suspect either Postman is behaving as a different client after each request, or my API is creating an access-token for the user after each request.
I finally managed to fix the issue:
According to devise_token_auth gem documentation, the access-token changes each time the client queries the API. Thus, I had to update the access-token, on my headers, whenever I wanted to send a request to my API.
To prevent the access-token from being changed after each request, add the following line to confing/initializers/devise_token_auth.rb:
config.change_headers_on_each_request = false