Configuring Rails as a JSON API

Configuring Routes for the API

Our JSON API will be authenticated using JWT tokens, so we wont need Rails's CSRF protection to throw an exception when the CSRF token is missing, we'll instruct Rails to use a null session instead. Since the JWT token must be added to requests manually using Javascript, we don't need to worry about the browser automatically sending cookies to our server (since we're not using cookies for sessions) to forge one of our user's sessions on a different domain.

CSRF is usually checked on non-GET requests, and by default if no CSRF token is provided Rails will throw an exception, causing our requests to fail. The :null_session setting will clear out our session variables instead of causing an exception to be thrown.

Finally, per the API spec we're adhering to, we want our clients to be able to submit their payloads using lowerCamelCase and our responses should be lowerCamelCase as well. Since we'll be using Jbuilder for rendering JSON responses, we can use an initializer to configure Jbuilder to output all JSON keys in lowerCamelCase.

Jbuilder.key_format camelize: :lower

In order to keep using snake_case throughout our app, we'll have to convert any incoming parameters in our application to snake_case. This can be achieved by using a before_action filter in application_controller.rb

  def underscore_params!
    params.deep_transform_keys!(&:underscore)
  end

  before_action :underscore_params!

Changing our parameters to snake_case has a couple advantages, it keeps our code looking clean and Ruby-ish (instead of having to reference lowerCamelCase parameters), and it allows us to pass our parameters to model methods like update_attributes on our models without having to worry about case conversion.

This configuration ensures our controllers will respond with the correct MIME type and enables 3rd party controllers in gems (like Devise controllers) to respond using JSON.