ruby on rails - How do I avoid 401 (Unauthorized) when creating a new API endpoint for Solidus / Spree? -

i'm doing put "/api/shipments/h10372375236/ready_for_pickup", stops in spree::basecontroller#authenticate_user. put request not contain x-spree-token header required basecontroller#api_key

this code button:

 <%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "put", remote: true, id: "admin-ship-shipment" }) %>    <%= submit_tag spree.t(:ready_for_pickup), class: "ship-shipment-button" %>  <% end %> 

this routes:

spree::core::engine.routes.draw   namespace :api, defaults: { format: 'json' }     put '/shipments/:id/ready_for_pickup' => 'shipments#ready_for_pickup', as: :ready_for_pickup   end end  rails.application.routes.draw       mount spree::core::engine, :at => '/'  end 

rake routes available gist here. have created api key current user in admin interface. how make sure put request contain missing x-spree-token?

i in favor of that answer, set header in update action of controller so:

response.headers["x-spree-token"] = auth_token