Advertising sustains the DA. Ads are hidden for members. Join today

On this page

Services Quick Start Up Guide

Last updated on
30 April 2025

How to accept remote user login and CRUD operations.

In this guide, we will:

  1. Install the Services module
  2. Configure a REST server
  3. Obtain CSRF Token
  4. Use this CSRF Token to login
  5. List your Nodes
  6. Update a Node

Install Services Module

Installing the Services module is like any other contributed module within the Drupal ecosystem. Learn more about the installation of contributed modules.

Once you have completed the installation, activate the core Services module and the included REST Server module.

Configure a REST Service

Let's configure the Services module by adding a server endpoint. Located under Structure, select Services.

Configure by Selecting Services

Next, we're going to add a service. Do this by clicking add.

Select Add

You will see a number of fields. (Not all fields will be represented but the form will appear similar to what you see below.)

Services Add Fields

Use these settings:

  • Machine-readable name of the endpoint: (Give this a cool name.)
  • Server: REST
  • Path to endpoint: rest
  • Authentication: Session authentication

Save your new endpoint. After saving your endpoint, we want to configure it. To do this, we can review our services list (which you should be taken to once you've saved your new server.)

On the Services page, you will see a list of your endpoints. On the right hand side, you will see Edit Resources with a drop down arrow. Select the arrow and choose Edit Server.

Services config

User these settings:

  • Response formatters: Choose "json".
  • Request parsing: Select "application/json".

Of course, you may not want to use JSON exclusively. You may add other formatters for your purposes.

You will now want to configure the settings for node, user, or other resources under the Resources tab.

Obtain CSRF Token

To explore your new REST API, you can use a browser REST client (i.e REST client addon for Firefox browser). See screenshots for better understanding.

Add Content-Type: application/json as a header.

POST to the "user/token" endpoint to obtain the CSRF token:
POST {host}/{service_path_to_endpoint}/user/token.json

//www.drupal.org/files/ScreenHunter_01%20Feb.%2012%2015.58.jpg

Use this CSRF Token to login

Add this CSRF token as the value for a "X-CSRF-Token" header, e.g.
X-CSRF-Token: TB394tlB1E2n8lf93uWYuA7BInaYzs5kA0jem_aZjQg

Add a body to the POST request:

{
  "username": "joe",
  "password": "000000"
}

And login: POST {host}/{service_path_to_endpoint}/user/login.json

//www.drupal.org/files/ScreenHunter_02%20Feb.%2012%2015.59.jpg

Grab the "session_id" from the response of the login request, as you'll need that in the next step.

List your Nodes

Keep your "Content-Type: application/json" and "X-CSRF-Token: {token}" headers in place, and add a third header:

Cookie: {session_id}

Now you should be all set to CRUD content through your Drupal API. Test it by listing some nodes:

GET {host}/{service_path_to_endpoint}/node

Or to get nodes of a particular content type:

GET {host}/{service_path_to_endpoint}/node?parameters[type]=page

Update a Node

Here, we update a basic page content.

In the screenshot below, the title of the basic page content with nid = 11, is updated. (Make sure the user that you login with has the appropriate permissions to edit basic page node types.)

//www.drupal.org/files/ScreenHunter_03%20Feb.%2012%2015.59.jpg

Help improve this page

Page status: Not set

You can: