API authentication with clearance

I’m using clearance for username/password (cookie) authentication in my app.

I’d like to also support token authentication, so that the same controllers can be used for user HTML and API JSON.

I would like to detect an incoming token in a header and set @current_user based on that. I would like some, but not all, controller actions to be able to be accessed via either cookie auth or token auth.

I’m a bit surprised to not see much discussion of this around the web. Maybe I’m missing something fundamental — like maybe folks don’t typically use clearance for API authentication?

Is there a supported or recommended way to implement token authentication for apis?