This project is not covered by Drupal’s security advisory policy.

Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification. This module implements Hawk authentication protocol for Drupal giving an alternative schema for authentication other than Basic Auth and Cookie which come by default with Drupal.

Currently only compatible with Drupal 8.


  1. Put the module in drupal/modules directory
  2. Install composer_manager module and load the dependencies (see composer_manager's documentation for more details)
  3. Dependencies can be loaded by running composer drupal-update command while under the drupal/core directory, if you haven't initialised composer manager yet you can do so by running it's script or drush composer-manager-init command
  4. Enable Hawk Auth from Admin > Extend under Web Services section
  5. Grant required users permissions from Admin > People > Permissions to create hawk credentials
  6. Now the permitted users can generate hawk credentials from User > Profile > Hawk Credentials

Usage example

Hawk can be used with Drupal's REST services module amongst other things, the example here is one of the applications. See examples/example.php within the module for some code example

  1. Enable REST module (optional: get REST UI module from for easier management).
  2. Enable one of the routes (/node/ as an example) and enable hawk_auth as an authentication provider for the route and methods.
  3. Create a hawk credential from Profile > Hawk Credential, the ID here will be the Credential ID for Hawk.
  4. See for an example to see how to make requests as a client
  5. Perform GET and POST requests at /node/ using Credentials generated from the profile area.
Supporting organizations: 
Provided a platform and opportunity for the project to get built

Project information