CakePHP - combine ACL with REST API

Question

i created an application with some models, after that, i used ACL and created some ACOs to protect my Application.

Now i wanted to add a RESTful API to my application, so i edited routes.php with something like that

Router::mapResources('routes');
Router::parseExtensions();

this also works fine, for example going to http://localhost/myapp/routes.json gives me a json object of my routes if i'm already logged in

shure, somebody cannot do a login with a web-form when he is using my API, so i want to know if it is possible to send the regular login informations with the request using REST Auth Basic (or Digest) and use the working ACL in my App to authenticate and show the result object (or if its wrong, send the right header)

any ideas?

if something is unclear, PLEASE leave a comment

i used the newest cake php version 1.3.3

Answer 1

If you look at other API based services, usually they use token to identify user. For example if there is username matt and he has token 123456, you can give him access to url http://localhost/myapp/123456/routes.json. Then, in your controller, you can authenticate the user by using token.