1. Services in Drupal 8
Andrei Jechiu
andrei.jechiu@gmail.com
http://wearepropeople.com
2. Definitions
Web Services
A method of communication between two applications
over the World Wide Web.
REST (Representational State Transfer)
An architecture style for designing networked
applications.
3. Components of the REST request
Base Format
HTTP Verbs
URI
Media Type (MIME type)
5. REST request
HTTP Verbs
GET - retrieve whatever data is identified by the URI.
POST - create a resource.
PATCH - update a resource.
DELETE - remove a resource.
/node/3/get
GET /node/3
/node/add
POST /node
9. Services Drupal 7
http://drupal.org/project/services
Endpoint concept with custom URL paths
Caters for RPC and SOAP also
Uses drupal_form_submit() for write operations
Only covers hard coded entities like nodes, comments, users
Explicit authentication info hooks.
No hypermedia controls
10. RESTWS and Services Entity API Drupal 7
RESTWS http://drupal.org/project/restws
Relies on Entity API and metadata about entities
No endpoints: uses /node/1.json or /node/1.xml
No configuration: exposes any entity type out of the box
Access control on top of Entity API and Field API
Standard user authentication over session cookies or HTTP Basic
Auth submodule
Services Entity API http://drupal.org/project/services_entity
Combines approaches from Services and RESTWS
Configurable endpoints + Entity API for data management
11. Modules in Drupal 8 core
RESTful Web Services (REST module)
Serialization
HAL
12. Resources and operations
A resource is the object of interest. Example: the node resource.
An operation is an action to read or manipulate a resource.
Operation
HTTP request method
path
Create
POST
/entity/node
Read
GET
/entity/node/1
Update
PATCH
/entity/node/1
Delete
DELETE
/entity/node/1
13. REST in core
New Entity API with field metadata
REST API support can be enabled for any content entity
known to the system
Access control on the entity level
Access control on the field level
29. CSRF protection
Each non-safe call (not GET, HEAD,
OPTIONS, TRACE methods) should be done
with ‘X-CSRF-Token’ header with token
30. Services in Drupal 8
Own plugin (extends Resources from REST).
Each method as own route (not tied with http
method names).
Use annotations to describe your routes.
Validation of arguments.
32. Authentication
No more dependent on Cookie Session
Authentication providers
Access check if authentication provider allowed
Multiple authentication providers - 400 Bad Request