Last updated February 25, 2016. Created on September 23, 2013.
Edited by kay_v, Wim Leers, bigjim, likewhoa. Log in to edit this page.

Follow these steps to expose resources to GET requests:

  1. Configuration
  2. Test with a GET request


See Getting started: REST configuration & REST request fundamentals — Configuration

Sample requests below assume this configuration:

        - hal_json
        - basic_auth
        - cookie

Test with a GET request

You can use many clients to test requests.




$response = \Drupal::httpClient()
  ->get('', [
    'auth' => ['username', 'password'],

$json_string = (string) $response->getBody();


  url: '',
  method: 'GET',
  success: function (comment) {

Dev HTTP Client

An easy way to test is using a browser extension such as Dev HTTP Client. This exposes options for all of the HTTP headers that you may need to use.

GET request with Dev HTTP client

dev-http-client.png329.03 KB
DHC_by_Restlet.png136.9 KB

Looking for support? Visit the forums, or join #drupal-support in IRC.


somes’s picture

Currently the docs are rather confusing with all the changes to 7,8 and 8.2 for restful services
I haven’t seen a clear outline of getting cookies to function - maybe the setup is simple and no docs are required!!! I have manage to use postman to connect to my drupal api to view resources under anonymous roles but on a live site this is not practical and Ive struggle to get authenticated roles to access api content

Ive managed to get Basic Authentication to work but having a user to enter a password each time they require access to a resource is not going to work going forward

What appears to be happening in my case is that my user is getting logged out of content when making a get call for resources. Im running 8.2 and grabbing the CSRF token
using something like this in jQuery

Here is the ajax call Im using

url: 'http://localhost/drupal82x/node/1?_format=hal_json',
method: 'GET',
headers: {
'Content-Type': 'application/hal+json',
'X-CSRF-Token': csrftok,
'Accept': 'application/json'
success: function () {

any suggestions – Am I missing headers like xhr

MKorostoff’s picture

When I curl I get a 403 response, even though the node is published.

edit: I also had to enable access for anonymous users from /admin/people/permissions

joos’s picture

Im also confused. Unauthenticated GET requests works like a charm but when the user is authenticated I get a 403 response.
Permission settings i checked.

Have you figured it out yet?

MKorostoff’s picture

Like I said, the problem in my case was permissions. Note, the user needs the "View published content" permission and the "Access GET on YourResourceName resource" permission. Sorry if that doesn't help, that's the only problem I had.