In creating a consumable REST API, authenticating users is a must. I'm using the rails-api gem, which removes a lot of the extra rails components you have no need for in an API-only application. The API will be consumed by a separate web app (powered by Ember JS in this case), or mobile application.
I'm going to say it. I really wanted to use Devise to handle my authentication. It has most everything you could want built right in. Others, such as Omni-Auth support to handle Google and Facebook, are easily added. All in all, Devise is a great solution if you're running a full blown rails app. When using the rails-api gem, it seemed as if I was fighting Devise every step of the way, and spending way too much time doing so. In the end, I decided to ditch Devise for this API.
Luckily, I found this great resource from Eric Berry that was an excellent start for me. You can find my project (changes / features are listed on the GitHub project page), as well as a few resources I found along the way, below.
Rails-Api project | gem that strips down your rails installation to only the basics needed for an API-only application
Scott W. Bradley, Revisited: Adding Filters to Stock Devise Controllers | method for inserting a
before_filterto a Devise (or other gem) controller (I was attempting to use this method to add CORS header support to Devise)
Eric Berry, Authentication With EmberJS | walkthrough on creating both a back-end API (with authentication) and Ember application to consume it
Brian Cardarella, Building an Ember app with RailsAPI | another walkthrough for creating an API and Ember application
You can find the project on GitHub. It's using Unicorn, and ready to be deployed to Heroku.
If you see anything I did blatantly wrong, I'd love to hear about and learn from it!