How to accept remote user login and CRUD operations.
In this guide, we will:
- Install the Services module
- Configure a REST server
- Obtain CSRF Token
- Use this CSRF Token to login
- List your Nodes
- Update a Node
Install Services Module
Installing the Services module is like any other contributed module within the Drupal ecosystem. Learn more about the installation of contributed modules.
Once you have completed the installation, activate the core Services module and the included REST Server module.
Configure a REST Service
Let's configure the Services module by adding a server endpoint. Located under Structure, select Services.
Next, we're going to add a service. Do this by clicking add.
You will see a number of fields. (Not all fields will be represented but the form will appear similar to what you see below.)
Use these settings:
- Machine-readable name of the endpoint: (Give this a cool name.)
- Server: REST
- Path to endpoint: rest
- Authentication: Session authentication
Save your new endpoint. After saving your endpoint, we want to configure it. To do this, we can review our services list (which you should be taken to once you've saved your new server.)
On the Services page, you will see a list of your endpoints. On the right hand side, you will see Edit Resources with a drop down arrow. Select the arrow and choose Edit Server.
User these settings:
- Response formatters: Choose "json".
- Request parsing: Select "application/json".
Of course, you may not want to use JSON exclusively. You may add other formatters for your purposes.
You will now want to configure the settings for node, user, or other resources under the Resources tab.
Obtain CSRF Token
To explore your new REST API, you can use a browser REST client (i.e REST client addon for Firefox browser). See screenshots for better understanding.
Add Content-Type: application/json
as a header.
POST to the "user/token" endpoint to obtain the CSRF token:
POST {host}/{service_path_to_endpoint}/user/token.json
Use this CSRF Token to login
Add this CSRF token as the value for a "X-CSRF-Token" header, e.g.
X-CSRF-Token: TB394tlB1E2n8lf93uWYuA7BInaYzs5kA0jem_aZjQg
Add a body to the POST request:
{
"username": "joe",
"password": "000000"
}
And login: POST {host}/{service_path_to_endpoint}/user/login.json
Grab the "session_id" from the response of the login request, as you'll need that in the next step.
List your Nodes
Keep your "Content-Type: application/json" and "X-CSRF-Token: {token}" headers in place, and add a third header:
Cookie: {session_id}
Now you should be all set to CRUD content through your Drupal API. Test it by listing some nodes:
GET {host}/{service_path_to_endpoint}/node
Or to get nodes of a particular content type:
GET {host}/{service_path_to_endpoint}/node?parameters[type]=page
Update a Node
Here, we update a basic page content.
In the screenshot below, the title of the basic page content with nid = 11, is updated. (Make sure the user that you login with has the appropriate permissions to edit basic page node types.)
Attachment | Size |
---|---|
ScreenHunter_01 Feb. 12 15.58.jpg | 47.78 KB |
ScreenHunter_02 Feb. 12 15.59.jpg | 81.33 KB |
ScreenHunter_03 Feb. 12 15.59.jpg | 61.89 KB |
2016-05-19 11_40_34-services.png | 1.72 KB |
2016-05-19 11_44_38-services-add.png | 5 KB |
2016-05-19 11_48_29-services-add-fields.png | 15.07 KB |
2016-05-19 12_23_25-services-edit-server.png | 4.12 KB |
Comments
In my case, the 3rd request
In my case, the 3rd request PUT would fail unless I remove the Cookie param
Pass image to REST
Can you tell me how can I pass a image file ( or a file ) to REST service to create or update a entity?
I have be born to be mankind
How to use it in custom module?
Hi,
I am having some issue with this....I have done every step and it works for nodes....How can I use it in a custom module?
I have a data in an array in a method, and needs to produce a json response through an REST API.
Can you please help me with this?
Thank you :)
Some edit for the solution (drupal 7.53) services (7.x-3.7)
Thanks everyone for the support, please find below my comments after implementing this solution:
1. I skipped "Obtain CSRF Token" step. In my case services api retrieved a token, session_id and session_name once I issued a request to login without the need to obtain a token first.
example in curl:
2. To include the Cookie header, I had to assign session_name and session_id to the Cookie (
Cookie: session_name=sessid
) in order for the server to verify the session. Example using curl to retrieve a node:spent over a day on this then
spent over a day on this then i saw your comment, item 2 on the Cookie. now i can go to bed. thanks
Cheers mate that's the way.
Cheers mate that's the way.
Thank you
Thank you very much, I appreciate it alot.
Refused to set Unsafe Header
I tested this in Postman, now I was writing a single page app and trying to set a Cookie header, but I got the message "Refused to set Unsafe Header: Cookie" from the browser. Is there a way to use the token or sesson id without sending a Cookie header, or how did you guys get around this little surprise?
Solution
I thinks you can find something here
https://www.drupal.org/project/services/issues/1133084