In the previous recipe, Adding authentication to REST services, we built a REST API using JSON for our
PostsController actions. With it, clients that utilize our REST services use a user account to validate their requests.
Without neglecting the need to authorize all requests, several companies take a different approach when publishing their APIs: the use of API tokens. The advantage of using API tokens is that our user accounts are not exposed in client scripts, so the authorization information can't be used to log in to the site.
In this recipe we will take our authenticated REST service system and enable the use of tokens to use the exposed API. We will also add a usage limit, so client API ...