FWIW, I will give you my opinion.
CAVEAT: I'm not a rails guy so I'm coming at
this from nodejs/expressjs land.
There are many ways to skin this cat, but I'll
just say that you are headed in the right
direction. if you want to look at a very
opinionated way to do things (and one people might
hate) in node, see this: https://github.com/DaftMonk/fullstack-demo/blob/master/server/api/user/index.js.
here you see this bit:
var router = express.Router();
these routes correspond to calls to
http:/serverurl/api/user/ etc. obviously, these
are all checking authentication, but you could
easily create a resource route that didn't need to
check for authentication before passing control to
the controller and (eventually) sending back a
the approach this takes is to have middleware
on the server check for auth tokens to make sure
the client can call the api. without making you
look into the code too much, i'll just give you a
client(requests Auth)->server(approves passes
back token)->client(stores token)
client(requests api call sends token in
request)->server(passes request to middleware that
checks token to make sure its
kosher)->server(sends back resource and
token)->client(uses resource and stores token)
then the whole thing repeats.
as far as whether to have separate apis vs one
namespace, i don't have a very strong opinion. it
really depends on how you structure your app. if
you know in advance what resources will be public,
then its probably easy to create a namespaced api.
angular can easily adapt to multiple api calls.
you can create services for your public vs private
http calls (or whatever way you decide to call the
hope this was somewhat helpful! sorry its not
railsy! (but nodejs/express is awesome!)