Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.


Devise Token Auth

Gem Version
Build Status
Code Climate
Test Coverage
Backers on Open Collective
Sponsors on Open Collective
Join the chat at

Simple, multi-client and secure token-based authentication for Rails.

If you’re building SPA or a mobile app, and you want authentication, you need tokens, not cookies.
This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.
Also, it maintains a session for each client/device, so you can have as many sessions as you want.

Main features

This project leverages the following gems:


Add the following to your Gemfile:

gem 'devise_token_auth'

Then install the gem using bundle:

bundle install


Need help?

Please use StackOverflow for help requests and how-to questions.

Please open GitHub issues for bugs and enhancements only, not general help requests. Please search previous issues (and Google and StackOverflow) before creating a new issue.

Please read the issue template before posting issues.


Contributors wanted!

See our Contribution Guidelines. Feel free to submit pull requests, review pull requests, or review open issues. If you’d like to get in contact, Zach Feldman has been wrangling this effort, you can reach him with his name @gmail. Further discussion of this in this issue.

We have some bounties for some issues, check them out!

Live Demos

Here is a demo of this app running with the ng-token-auth module and AngularJS.

Here is a demo of this app running with the Angular-Token service and Angular.

Here is a demo of this app using the jToker plugin and React.

The fully configured api used in these demos can be found here.



Thank you to all our backers! 🙏 [Become a backer]


Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]


This project uses the WTFPL