API

How to make an API for a Rails application?

Hello. Please tell me the api algorithm for the rail application. The bottom line is this:
There is a rails application with a devise authentication system. The application can create a variety of entities in the database. To work, you must be able to create, modify and delete this data without the help of a browser, but with the help of a script that will send requests.
The user cannot access any page until he logs in, because in all controllers I have a line And the main question is how to do all this? There seem to be several solutions, depending on how badly coded they are: 1) You can create an "API" controller that will accept requests likebefore_filter :authenticate_user!

{login: 'oleg', password:'123456', action:'create_item', data:{idem_name:'item'}}

- login and password are compared, if everything matches - we call the 'create_item' method created in the same place and pass the data there: data. Yes, you can send login and password 1 time - generate a token / write it to the 'all_allowed_tokens' table, send the next request already with a token, search for it in the database - did you find it? => perform actions. It is possible and so, but these are conventions, the methods still need to be duplicated.
2) The second option is based on the fact that devise authentication is based on cookies. The scheme is the same as in option 1, BUT in the place of the token, we somehow (I don’t know how yet) log in the user whose data we are passing, and return his cookies. In all subsequent requests, we will simply put these cookies, as if this is a user. Minus - if we log out - the cookie will no longer be valid.
I do not like both options, but how to do it right - xs. Tell me how you can make api in a civilized way