By earnshae on

I am currently experimenting with Drupal 8 REST web services.

I would like to use the Drupal 8 REST web services to create a user, however I am having some trouble deciphering the documentation, blog posts, and forums posts.

I am trying the process using both curl from the shell and the DHC chrome extension.

Here is what I am doing:

I have not used many web-services services so please correct any of my assumptions.

First I get a X-CSRF-Token using the Rest Service.

curl --include http://test.xxyyzz.com/rest/session/token?_format=hal_json

This gives me .

Question 1

Should I be some how providing the username and password to this command?

Next I use this curl call to insert an article into the system.

curl --include --request POST --user username:password --header 'Content-type: application/hal+json' --header 'X-CSRF-Token: ' http://test.xxyyzz.com/entity/node?_format=hal_json --data-binary '{"_links":{"type":{"href":"http://test.xxyyzz.com/rest/type/node/article"}},"title":[{"value":"TITLE 1"}],"type":[{"target_id":"article"}]}'

This successfully creates the record in Drupal.

When I attempt to make the same call in DHC though I get stumped.

I think my problem is the Authorization Header which appears (based on my reading) to need a hashed username and password string...

Question 2
How do I generated a hashed user name and password string?

Following this I would like to adapt this approach to create a user using the web service

Question 3
How do I structure the call to create the user?

My assumption is that I would post to http://test.xxyyzz.com/entity/node?_format=hal_json but I am uncertain as to how to structure the json object to insert.

Question 4
What reference would I consult to gain this information?

Thank you very much for your help.

Categories: Drupal 8.x

Comments

earnshae’s picture

earnshae commented

Would anyone care to make a suggestion on how I could ask the correct question? I am totally stumped on this topic.

Jaypan’s picture

Jaypan commented

Drupal 8 is still fairly new - it's possible you're doing something that no one who is reading the forums has done yet. Your question seems to be quite detailed, so I don't think there is a problem with that.

click2tman’s picture

click2tman commented

Try installing https://www.drupal.org/project/rest_api_doc module to get more documentation on how to use your Rest endpoints.

The following links should also help you with more information
https://www.drupal.org/node/1972060
https://swsblog.stanford.edu/blog/drupal-8-rest-requests
https://drupalize.me/blog/201402/your-first-restful-view-drupal-8

mradcliffe’s picture

mradcliffe
he/him
Primary language English
commented

The User resource is going to require the "administer users" permission. So if you have an authorized user session that has the permission, then you can create users.

There are several ways to provide authorization:

- Session Authorization (pass in the valid Session Id / cookie of a user that is already logged in)
- Basic HTTP Authorization (i.e. pass in username:password in the URL which is insecure)
- simple_oauth
- oauth

However, if you want users to actually register themselves, then you want a Relaxed approach such as with services, which will allow you to use targeted actions or actions such as "login" and "connect".

slewazimuth’s picture

slewazimuth commented

Having the right documentation helps enormously. That link is a screen grab.

damien_th’s picture

damien_th commented

Prerequisites:

  • Rest Services module must be enabled
  • Rest UI module must be installed and enabled
  • Perform this as an administrator or adjust REST Services rights in Extend => Rest Services => Rights
  • In configuration => REST, enable resource "user" for POST with hal+json, and the authentication prefer you prefer. In my example below, it is Basic Authentication.

Here is my Query:
POST your.drupal.website/entity/user?_format=hal_json

Headers:

Content-Type: application/hal+json
X-CSRF-Token: <your_token_retrieved_from_your.drupal.website/rest/session/token>
Authorisation: Basic xxxxxxxxxxxxxxxxxxxxxxx

Body:

{
    "_links": {
      "type": {
        "href": "http://your.drupal.website/rest/type/user/user"
      }
    },
	"name":[{"value":"test"}],
	"mail":[{"value":"test@test.fr"}],
	"roles":[{"target_id":"administrator"}],
	"pass":"testpassword"
}
kcox’s picture

kcox commented

1) Replace "pass":"testpassword" with "pass":[{"value": "testpassword"}]
otherwise the password will be NULL in the DB and you won't be able to login.
2) Add this to the body: "status": [{"value": "1"}] to make the user "Active" otherwise the default is "Blocked" and they can't login.
3) On the querystring, the ?_format=hal_json is not needed. Content-Type: application/hal+json header is sufficient.

Vivek Panicker’s picture

Vivek Panicker commented

Thank you so much for the "status" key. Saved a lot of time for me!!!!

moxihang’s picture

moxihang commented

i create user through rest in drupal 8.3.0.only check cookies Authentication providers,info like list:
header:
Content-Type application/hal+json
X-CSRF-Token kqiE25aLNsBVrDXObnGD1BzT1nDoa5Hcj5jQPLRs2AE (from /rest/session/token)
post url:http://blacknas.ngrok.cc/drupal-8.3.0/entity/user?_format=hal_json
body:
{
"_links": {
"type": {
"href": "http://blacknas.ngrok.cc/drupal-8.3.0/rest/type/user/user"
}
},
"name":[{"value":"town1"}],
"mail":[{"value":"town1@town.com"}],
"roles":[{"target_id":"authenticated"}],
"pass":[{"value":"town123"}],
"status":[{"value":"1"}]
}

result:"message": "The 'administer users' permission is required."
when i add basic oauth is ok.
i don't know why create use need basic oauth.

slewazimuth’s picture

slewazimuth commented

It is not required when creating users using User registration REST resource where cookie authentication can be used.

wangjiaqi’s picture

wangjiaqi commented

1. enable restful endpoint User register
2. enable permission: Access POST on User registration resource
3. enable account settings:
"Who can register accounts?" -> visitor
disable "Require email verification when a visitor creates an account"
4. try create user on postman
header: X-CSRF-Token and Content-Type
post url: http://localhost.drupal-830.com/user/register?_format=hal_json
body:
{
"_links": {
"type": {
"href": "http://localhost.drupal-830.com/rest/type/user/user"
}
},
"name":[{"value":"test3"}],
"mail":[{"value":"test+3@test.com"}],
"pass":[{"value":"test"}]
}

keva’s picture

keva commented

Here is a blog post with visuals that explains the REST User Registration steps in 8.3.x:
https://areatype.com/blog/register-user-drupal-8-rest-api

stone_d’s picture

stone_d commented

Hi there,

i did by reading the instruction on your site and everything worked fine.

But: How does Drupal send the user an e-mail for verification? Register by "normal" form sends an e-mail for verification. But registering via REST doesnt do so. Any hints?

Thanks in advance

keva’s picture

keva commented

I did get the emails after REST registration - both with admin approval required and without. Installing the maillog module before your next test may provide a clue as to what's happening. (Maillog will only work if sending from your server, not sending via an external account & SMTP)

eyose’s picture

eyose commented

I followed each and every step in your blog but I don't get any success. What did I missed? I test the api using postman and it returns like this
Unexpected 'T'500 service unavailable error. Do u have any idea?

jarodms’s picture

jarodms commented

Great blog post and nice visuals.

With D 8.7.9, I received a 500 error: "InvalidArgumentException: Field _links is unknown."

I removed the _links field from the request and everything worked great. User created. Thanks!

Jarod Smith
JarodMS