Services in Drupal 8


Published on

Published in: Technology

Services in Drupal 8

  1. 1. Services in Drupal 8 Andrei Jechiu
  2. 2. Definitions Web Services A method of communication between two applications over the World Wide Web. REST (Representational State Transfer) An architecture style for designing networked applications.
  3. 3. Components of the REST request Base Format HTTP Verbs URI Media Type (MIME type)
  4. 4. REST request Base Format
  5. 5. REST request HTTP Verbs GET - retrieve whatever data is identified by the URI. POST - create a resource. PATCH - update a resource. DELETE - remove a resource. /node/3/get GET /node/3 /node/add POST /node
  6. 6. REST request URI Resource Post /endpoint {id:1} Link Relation
  7. 7. REST request Media Type (MIME type) application/json application/hal+json node/3.json node/3.hal_json Headers Accept: application/json Content-Type: application/json
  8. 8. Richardson Maturity Model
  9. 9. Services Drupal 7 Endpoint concept with custom URL paths Caters for RPC and SOAP also Uses drupal_form_submit() for write operations Only covers hard coded entities like nodes, comments, users Explicit authentication info hooks. No hypermedia controls
  10. 10. RESTWS and Services Entity API Drupal 7 RESTWS Relies on Entity API and metadata about entities No endpoints: uses /node/1.json or /node/1.xml No configuration: exposes any entity type out of the box Access control on top of Entity API and Field API Standard user authentication over session cookies or HTTP Basic Auth submodule Services Entity API Combines approaches from Services and RESTWS Configurable endpoints + Entity API for data management
  11. 11. Modules in Drupal 8 core RESTful Web Services (REST module) Serialization HAL
  12. 12. Resources and operations A resource is the object of interest. Example: the node resource. An operation is an action to read or manipulate a resource. Operation HTTP request method path Create POST /entity/node Read GET /entity/node/1 Update PATCH /entity/node/1 Delete DELETE /entity/node/1
  13. 13. REST in core New Entity API with field metadata REST API support can be enabled for any content entity known to the system Access control on the entity level Access control on the field level
  14. 14. Configure permissions
  15. 15. Fetch the node with cURL With cURL from PHP
  16. 16. Fetch the node with Guzzle
  17. 17. The node response { "_links": "self": "href": }, "type": "href": }, { { "http://drupal8.loc/node/1" { "http://drupal8.loc/rest/type/node/article" … "body": [ { "value": "<p>Article used for REST web services tests.</p>rn", "format": "basic_html", "summary": "" } ] }
  18. 18. Drupal 7 routing based on paths (menu_get_item($path)) tied up with menu links (tables menu_router, menu_links)
  19. 19. Drupal 7 routing hook_menu() hook_menu_alter()
  20. 20. Drupal 8 routing mymodule.routing.yml
  21. 21. Dynamic routes Example: Generate dynamic routes for various block pages.
  22. 22. Dynamic routes Route subscribers have to be registered in the dependency injection container by adding an entry in
  23. 23. Routing Drupal 7 Path only Tied with menu links Drupal 8 Heavily used Symfony Mime type Http method ...
  24. 24. Resource plugins DrupalmodulenamePluginrestresource Classes where specially named methods correspond to HTTP methods (get, post, patch, delete, ...) Annotation with id and description
  25. 25. Resource plugin example
  26. 26. Serialization
  27. 27. Serialization
  28. 28. Normalizers ImageItemNormalizer EntityReferenceItemNormalizer FieldItemNormalizer FieldNormalizer EntityNormalizer
  29. 29. CSRF protection Each non-safe call (not GET, HEAD, OPTIONS, TRACE methods) should be done with ‘X-CSRF-Token’ header with token
  30. 30. Services in Drupal 8 Own plugin (extends Resources from REST). Each method as own route (not tied with http method names). Use annotations to describe your routes. Validation of arguments.
  31. 31. Services example
  32. 32. Authentication No more dependent on Cookie Session Authentication providers Access check if authentication provider allowed Multiple authentication providers - 400 Bad Request
  33. 33. Resources
  34. 34. Thank You!