In the previous recipe, Adding authentication to REST services, we built a REST API using JSON for our PostsController
actions. With it, clients that utilize our REST services use a user account to validate their requests.
Without neglecting the need to authorize all requests, several companies take a different approach when publishing their APIs: the use of API tokens. The advantage of using API tokens is that our user accounts are not exposed in client scripts, so the authorization information can't be used to log in to the site.
In this recipe we will take our authenticated REST service system and enable the use of tokens to use the exposed API. We will also add a usage limit, so client API usage is only allowed within a certain time and number of uses threshold.
To go through this recipe, we need some JSON-based REST services implemented with authentication in place, so follow the previous recipe.