This project is not covered by Drupal’s security advisory policy.

Extend Services module authentication.

This module allows authentication towards a web service, using API keys parameters for the service requests.
API Keys authentication: check if the provided keys are valid, they exist and belong to the right user (role and permission).
Individual API keys can be generated for each user and API keys authentication can be controlled on a per role basis.

This module requires the following modules:

Install as you would normally install a contributed drupal module.
See: for further information.

  • Enable "API keys authentication" for a Service Endpoint.
  • Authentication (tab) for the Service Endpoint
    3 API keys available : API key, token, extra key (optional).
    Foreach API key there are some settings that could be configured:
    • Parameter type: How this API key should be sent in the request,
      for example: GET, POST, HTTP Header.
    • Identifier: What identifier do you want to use in the service request for this key.
    • Generate option: User will be able to update this key - generate new key.
    • Enable Extra key (for Extra key only): to enable a third key if needed.
  • Resources (tab) for the Service Endpoint settings
    Foreach operations there will be some settings available to extend the API keys authentication:
    • Disable API keys authentication: there will be no API keys authentication for this service request.
    • Owner login: Atfer the authentication the owner of the API keys becomes current user.
    • Access - Deny Access: available foreach user role with the "Use API keys authentication" permission.
      It will deny access for the selected user roles.
  • User Services API keys (user tab): User API keys management page.
    Foreach service enpoint with "API keys authentication" enabled, we have:
    • Generate API Keys (button): available only if there is no API keys were defined yet.
    • API Keys: current API keys values and settings.
    • Operate on existing API keys: Extra checkbox for user to validate that it wants to edit/delete/generate the API keys.
    • Generate new API key (button) : available only for the API keys that have this option enabled.
    • Delete API keys: empty the API keys for the given service endpoint, equivalent of disabling the service from user.
    • Edit manually: checkbox to allow manual editing of the API keys.
    • Edit (manually) API Keys (subform): a sub(form) for editing manually the existing API keys.
      This is available only if the "Edit manually" checkbox is checked.
      Every API key element has validation so the values should meet be as the one generated.
      @see drupal_hash_base64().

Authenticate with User API keys based on the existing configuration.
There could be 3 cases for the service endpoint request:
  • No authentication: if it is disabled for the request.
  • API Keys authentication: check if the provided keys are valid, they exist and belong to the right user (role and permission).
    Owner login: there is an option to login for the API keys owner/user.
  • Access denied: no access if the Deny access is set for the service request and user role.

nothing yet.

Some Credits: Services Token Access module was used as starting point.
Similar modules:
  • Services Token Access
    This module allows site users to authenticate towards a web service, using an access token.
  • Services API Key Authentication
    Enables a Services authentication option to add an API Key for an Endpoint and select a user to perform Endpoint tasks as.

Supporting organizations: 

Project information