I have a Rails web application that also exposes a few RESTful web services. The main application is secured and obviously uses its own security mechanism whereas the web services would be best authenticated with HTTP authentication.
To be very DRY, the controllers behind the web services are shared by the controllers in the main application. That is, returning a customer's details to the main application goes through the same controller as returning a customer via the web service. The difference is the return type; requests to the main application will expect HTML whereas a web service request expects JSON. However, to make things difficult, I can't rely on the return type to determine if a particular request is a web service request (and therefore to authenticate differently) as some normal application requests expect a JSON response (i.e AJAX requests etc.).
Are there any best practices for this type of integration? I would rather not have to create separate controllers just for the web services given that they are identical except for the return type but I'm not sure how to distinguish web service request from a normal application request.