Making a POST request to a Rails API Endpoint

Here's a rare super-technical blog post. I spent enough time struggling with this seemingly simple problem today, that I felt I should share the answer.

The problem: You're designing a REST API for your Rails app. You want to let people insert records in your application via a POST request. However they submit their POST request via their 3rd party application, and your app throws an InvalidAuthenticityToken exception. Why is this happening?

The background: Ruby on Rails stores an authenticity token for each session, and submits this token as a hidden form field in any POST request upon a form submission. It does this to authenticate that the request is actually coming as a form submission through the web site, as opposed to a random POST request generated from CURL or another tool. A 3rd party application developer certainly doesn't have a token assigned and therefore can't submit this via their API request.

The solution: Rails only checks for the authenticity token in the case of a form submission. If you submit your data as content-type application/xml or application/json, then the token is not required. As a result you can set the content type appropriately and encode your input parameters as either xml or json. See the below gist for a ruby example.

It was hard to find this solution via google. Anyone know a smoother solution? Does the API designer generally disable forgery protection in this scenario on POST endpoints for inserting data via an API? Let me know in the comments or on twitter @petkanics

Quora as a blog subsidy


There's been a lot of buzz lately about Quora, the question and answer startup from ex-facebook employees Charlie Cheever and Adam D'Angelo. The site has done an amazing job of quickly building up a strong community of users including many experienced startup founders, investors, and respected members of the tech ecosystem. I read an interview with the founders where they explained that they didn't exactly see it as a question and answer site that they were building, but instead it was more of a blogging platform where you are writing to an audience who's already opted in to read about what you're writing.

When you come to a question page on Quora and it’s blank there are a bunch of people waiting for the answer. An expert will look at it and say “there’s an audience here and I know exactly what they want to hear. And I actually know about this stuff, or know enough to research and produce a really interesting piece of content, and it’s going to go to the perfectly targeted audience who opted in to hearing about this."

This struck a chord. If you're looking for an audience for your writing, previously you would post to your blog. A few people might be subscribed. If you share a link to your post across your social graph, maybe 100 people will read your post. If it gets picked up by an aggregator or social news site, then maybe a few thousand people will read it. And if all of the above happens and you really hit the SEO jackpot on a previously unfulfilled popular search query, then you may get thousands of readers from search over time. But of course that all begins with an original creative idea.

Now consider the case of writing on Quora. The site has a large audience, with many followers on particular topics such as "startups" or "venture capital." There are plenty of unanswered questions, and if you happen to have some valuable information to contribute in answer to someone's question, you are almost guaranteed that what you write will be of interest to at least that person. And as you're taught very early on in school, if you have a question you should ask it, since someone else probably has the same question. Chances are many people are interested in what you have to say. Your writing is immediately distributed to a list of topic followers, and if what you said is really insightful, it will get voted up and bubble to the top of the answer listing.

There are many reasons to write a blog – writing helps formulate your ideas, you create a personal voice within the greater community, and active discussion follows from intelligent posts. In Quora, all of these advantages are maintained, with the added benefit of a built in audience. So this prompts the question: is your time better spent writing a personal blog, or answering questions on Quora?

I suppose there are two main advantages to a personal blog: If you want to write about a topic where there is no existing question on Quora then you have a place to do so, and on you blog you can include personal branding around your writing. On a blog you can add pictures, video, and other media to your post. However it would be nice to subsidize your blog content with your own Quora answers as well. When the Quora API is available I'd like to write an importer which optionally autoposts Quora answers as blog articles with the question as the title of the post and the answer as the body. This would create a nice steady stream of blog content with the addition of distribution of your voice to the Quora audience. Two birds with one stone. 

Now to figure out how to reduce the SEO hit on duplicate content…