I've enable token based authentication (token_authenticatable) in devise in my rails app and it's working well. Now I'm making an android application that uses the web service provided by this rails app. It stores the devise auth_token after first login and uses it to make subsequent requests so that user does not have to log in later. The problem is that I get InvalidAuthenticityToken error when I call the update action from the android app. I don't want to make an extra call to the server to get the authenticity token or remove protect_from_forgery from the update action. Any suggestions?
Look into using stateless tokens. They should be just what you need. Rails. Devise and Stateless tokens.