You can try to use rails4 with your API, it's providing more security and use devise 3.1.0rc

• In Rails 4.0, several features have been extracted into gems.

  • ActiveRecord::SessionStore

• Action Caching

• Page Caching

• Russian Doll-caching through key-based expiration with automatic dependency management of nested templates.
  http://blog.envylabs.com/post/41711428227/rails-4-security-for-session-cookies

• Devise 3.1.0.rc runs on both Rails 3.2 and Rails 4.0. http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/

• Devise is deprecation of TokenAuthenticatable in 3.1.0rc but you can build your own TokenAuthenticatable method for security issue. It's more reliable and secure.

For token, session store you can go through http://ruby.railstutorial.org/chapters/sign-in-sign-out and http://blog.bigbinary.com/2013/03/19/cookies-on-rails.html for more understable.

At last you should go through these kind of encryption and decryption "http://stackoverflow.com/questions/18535759/unable-to-decrypt-stored-encrypted-data" to get the more security.

You can try to use rails4 with your API, it's providing more security and use devise 3.1.0rc

• In Rails 4.0, several features have been extracted into gems.

  • ActiveRecord::SessionStore

• Action Caching

• Page Caching

• Russian Doll-caching through key-based expiration with automatic dependency management of nested templates.
  http://blog.envylabs.com/post/41711428227/rails-4-security-for-session-cookies

• Devise 3.1.0.rc runs on both Rails 3.2 and Rails 4.0. http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/

• Devise is deprecation of TokenAuthenticatable in 3.1.0rc but you can build your own TokenAuthenticatable method for security issue. It's more reliable and secure.

For token, session store you can go through http://ruby.railstutorial.org/chapters/sign-in-sign-out and http://blog.bigbinary.com/2013/03/19/cookies-on-rails.html for more understable.

At last you should go through these kind of encryption and decryption "https://stackoverflow.com/questions/18535759/unable-to-decrypt-stored-encrypted-data" to get the more security.

You can try to use rails4 with your API, it's providing more security and use devise 3.1.0rc

• In Rails 4.0, several features have been extracted into gems.

  • ActiveRecord::SessionStore

• Action Caching

• Page Caching

• Russian Doll-caching through key-based expiration with automatic dependency management of nested templates.
  http://blog.envylabs.com/post/41711428227/rails-4-security-for-session-cookies

• Devise 3.1.0.rc runs on both Rails 3.2 and Rails 4.0. http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/

• Devise is deprecation of TokenAuthenticatable in 3.1.0rc but you can build your own TokenAuthenticatable method for security issue. It's more reliable and secure.

For token, session store you can go through http://ruby.railstutorial.org/chapters/sign-in-sign-out and http://blog.bigbinary.com/2013/03/19/cookies-on-rails.html for more understable.

You can try to use rails4 with your API, it's providing more security and use devise 3.1.0rc

• In Rails 4.0, several features have been extracted into gems.

  • ActiveRecord::SessionStore

• Action Caching

• Page Caching

• Russian Doll-caching through key-based expiration with automatic dependency management of nested templates.
  http://blog.envylabs.com/post/41711428227/rails-4-security-for-session-cookies

• Devise 3.1.0.rc runs on both Rails 3.2 and Rails 4.0. http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/

• Devise is deprecation of TokenAuthenticatable in 3.1.0rc but you can build your own TokenAuthenticatable method for security issue. It's more reliable and secure.

For token, session store you can go through http://ruby.railstutorial.org/chapters/sign-in-sign-out and http://blog.bigbinary.com/2013/03/19/cookies-on-rails.html for more understable.

At last you should go through these kind of encryption and decryption "http://stackoverflow.com/questions/18535759/unable-to-decrypt-stored-encrypted-data" to get the more security.