Successfully reported this slideshow.
Your SlideShare is downloading. ×

Drupal8 REST WTF?

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Decoupled Drupal 8 and IoT
Decoupled Drupal 8 and IoT
Loading in …3
×

Check these out next

1 of 31 Ad

Drupal8 REST WTF?

Download to read offline

Frontend techonologies are changing faster than we are releasing new Drupal versions. Decoupled Drupal might be way for frontenders to be happy working with Drupal. But is it really possible? In this session I will talk about:
- API design best practises
- Drupal 7 & Drupal 8 decoupling capabilities
- Practical application of Drupal 8 RESTful capabilities

Frontend techonologies are changing faster than we are releasing new Drupal versions. Decoupled Drupal might be way for frontenders to be happy working with Drupal. But is it really possible? In this session I will talk about:
- API design best practises
- Drupal 7 & Drupal 8 decoupling capabilities
- Practical application of Drupal 8 RESTful capabilities

Advertisement
Advertisement

More Related Content

Similar to Drupal8 REST WTF? (20)

Advertisement

Recently uploaded (20)

Drupal8 REST WTF?

  1. 1. Drupal 8 REST WTF? miro.michalickaMiro Michalicka
  2. 2. Drupal enthusiast @Cheppers 5+ years experience with web development whoami
  3. 3. CONTENT My story with headless Drupal API best practises Decoupling options in Drupal 8
  4. 4. Decoupling
  5. 5. WHAT IS IT?
  6. 6. DECOUPLING PROS flexible front-end lack of Drupal specialists multivendor back-end strengths of Drupal back-end and back office CONS loose some Drupal capabilities multiple requests for resources growth of teams
  7. 7. API BEST PRACTISES DOCUMENTATION stability and consistency flexibility security ease of adoption Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
  8. 8. DOCUMENTATION
  9. 9. DOCUMENTATION Self Documenting REST API
  10. 10. API BEST PRACTISES documentation SCALABILITY AND CONSISTENCY flexibility security ease of adoption Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
  11. 11. GET http://mysite.com/entity/node/1 { “title”: “My first node”, “body”: “Lorem ipsum…” } SCALABILITY AND CONSISTENCY
  12. 12. GET http://mysite.com/article/1 { “title”: “My first node”, “body”: “Lorem ipsum…” } SCALABILITY AND CONSISTENCY
  13. 13. GET http://mysite.com/article/1 { “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }SCALABILITY AND CONSISTENCY
  14. 14. GET http://mysite.com/api/v2/article/1 { “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] } SCALABILITY AND CONSISTENCY GET http://mysite.com/api/v1/article/1 { “title”: “My first node”, “body”: “Lorem ipsum…” }
  15. 15. GET http://mysite.com/api/v1/article/1 { “title”: “My first node”, “body”: “Lorem ipsum…” } SCALABILITY AND CONSISTENCY GET http://mysite.com/api/blog/2?_version=1 { “title”: “My first node”, “body”: “Lorem ipsum…” }
  16. 16. API BEST PRACTISES documentation scalability and consistency FLEXIBILITY security ease of adoption Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
  17. 17. FLEXIBILITY
  18. 18. API BEST PRACTISES documentation stability and consistency flexibility SECURITY ease of adoption Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
  19. 19. SECURITY cookies basic auth own authentication provider
  20. 20. OWN AUTHENTICATION PROVIDER <?php
 
 /**
 * @file
 * Contains Drupalpin_authAuthenticationProviderPinAuth.
 */
 
 namespace Drupalpin_authAuthenticationProvider;
 
 use DrupalCoreAuthenticationAuthenticationProviderInterface;
 use DrupalCoreEntityEntityTypeManagerInterface;
 use SymfonyComponentHttpFoundationRequest;
 use SymfonyComponentHttpKernelExceptionAccessDeniedHttpException;
 
 /**
 * HTTP Basic authentication provider.
 */
 class PinAuth implements AuthenticationProviderInterface {
 
 /**
 * The entity type manager.
 *
 * @var DrupalCoreEntityEntityTypeManagerInterface
 */
 protected $entityTypeManager;
 
 /**
 * Constructs a HTTP basic authentication provider object.
 *
 * @param DrupalCoreEntityEntityTypeManagerInterface $entity_type_manager
 * The entity manager service.
 */
 public function __construct(EntityTypeManagerInterface $entity_type_manager) {
 $this->entityTypeManager = $entity_type_manager;
 } } SECURITY
  21. 21. public function applies(Request $request) {
 if (!empty($request->headers->get('pin')) && !empty($request->headers- >get(‘number'))) {
 return TRUE;
 }
 return FALSE;
 }
 
 public function authenticate(Request $request) {
 $pin = $request->headers->get('pin');
 $number = $request->headers->get('number');
 $user = NULL;
 $user = $this->entityTypeManager->getStorage('user')
 ->getQuery()
 ->condition('field_phone_number', $number)
 ->condition('field_pin',$pin)
 ->range(0,1)
 ->execute();
 
 if (!empty($user)) {
 return $user;
 }
 else {
 throw new AccessDeniedHttpException();
 }
 } OWN AUTHENTICATION PROVIDER SECURITY
  22. 22. Solve using RouteSubscriber https://docs.google.com/presentation/d/1wN7zICkTXcQp8d8UKMQz6oaMM_C2b58AC4oN_sywRCU SECURITY OWN REST END-POINTS Views
  23. 23. https://drupal.org/node/2228141 Views OWN REST END-POINTS SECURITY
  24. 24. API BEST PRACTISES documentation stability and consistency flexibility security EASE OF ADOPTION Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
  25. 25. EASE OF ADOPTION
  26. 26. DECOUPLING OPTIONS IN DRUPAL 8 REST in core RELAXed Services
  27. 27. DECOUPLING OPTIONS IN DRUPAL 8 GraphQL JSON API
  28. 28. DECOUPLING OPTIONS IN DRUPAL 8
  29. 29. THANK YOU QUESTIONS?

×