Drupal REST API Authentication

Drupal  API Authentication module is used to authenticate the existing Drupal REST APIs using the below-given authentication methods. In this document, we will take you through the steps to configure and use each of the authentication methods that we provide in the miniOrage REST API Authentication module.

The example under each method demonstrates how you can call and authorize a Drupal API Authentication which allows you to either create a new user in Drupal or get the list of the article (We have used these two types of APIs just for demonstration purpose) our module support both the REST as well as the JSON API modules.

Each REST resource can be configured in its config entity: you can configure which HTTP methods, serialization formats & authentication mechanisms it supports. The same serialization formats and authentication mechanisms are then supported on all of its methods.

If you have any other custom APIs that you would like our module to support or in case you need any sort of assistance, please feel free to reach out to us at drupalsupport@xecurify.com Please click here to see the complete feature list.



 Basic Authentication

  • If you want to protect your Drupal REST APIs (eg. articles, pages and other REST APIs) with users login credentials, then you can opt for this method. In order to use any API with this method of authentication, you need to send a request with your base64 encoded username and password in the Authorization header.
  • Select Basic Authentication as shown below :
  • Drupal API Authentication select basic authentication method
  • Your Request should have the headers and the body parameters in the following manner respectively :
  • Drupal API Authentication send response
  • A successful response would look like this :
  • Drupal API Authentication response

 API Key Authentication

  • If go to generate an API token. (Please refer to the image below): If you want to protect your WP REST APIs(eg. articles, pages, and other REST APIs) from unauthenticated users but you don’t want to share users login credentials or client id, secret to authenticate the REST API, then you can use API Key authentication, which will generate a random authentication key for you. In order to use any API with this method of authentication, you need to send a request with your base64 encoded username:api_key in the Authorization header.
  • Select Api Key and then click on the Generate API Key button.
  • Drupal REST API Authentication select API key method
  • Your Request should have the headers and the body parameters in the following manner respectively :
  • Drupal REST API send response
  • A successful response would look like this :
  • Drupal REST API Authentication response

 JWT Authentication.

  • If you are looking to protect your REST APIs using the JWT token then you should go for JWT Authentication method. In this case, our Drupal REST API Authentication itself issues the JWT token and works as an API Authenticator to protect your REST APIs.
  • Select JWT and then click on the Save JWT Configuration button
  • Drupal REST API select JWT method
  • The first step is to retrieve an id token. You can do so by making a request to the the below endpoint(Refer to the example given below).
  • Drupal REST API token endpoint
  • In the Authorization header, you need to send the base64encoded value of your Drupal site’s username and password in order to authenticate yourself first.
  • A successful response would look like this :
  • Drupal REST API id token successful
  • After getting an id token successfully, send the id_token value as the Bearer Token in the Authorization header to access the Drupal REST APIs (refer to the image below).
  • Drupal REST API id  bearer token
  • A successful response would look like this :
  • Drupal REST API response

 OAuth 2.0 Authentication.

  • If you are looking for protecting your REST APIs using the access-token and at the same time you do not have any third party provider/identity provider, then you should go for OAuth 2.0 Authentication method. In this scenario, our Drupal REST API Authentication works as both OAuth Server and API Authenticator to protect your REST APIs.
  • Select OAuth and then Click on the Generate Client & Secret button to generate a new set of keys and save the configurations.(refer to the image below).
  • Drupal REST API select OAuth method
  • The first step is to retrieve an access token. You can do so by making a request to the the below endpoint(Refer to the example given below).
  • You can make a request using the following grant types :
  • Client Credentials Grant: In this method, you need to send the Grant Type, Username, Client Id and Client Secret as shown in the image below :
  • Drupal REST API client credetials
  • Password Grant: In this method, you need to send the Grant Type, Username, Client Id and the Password as shown in the image below :
  • Drupal REST API password
  • A successful response will contain the access token that you need to make calls to your Drupal REST APIs (Refer to the Image below).
  • Drupal REST API successful credentials
  • After getting an access token successfully, send the access_token value as the Bearer TOKEN in the Authorization header to access the Drupal REST APIs (refer to the image below).
  • Drupal REST API bearer token
  • A successful response would look like this :
  • Drupal REST API response

 Third Party Provider Authentication.

  • If you are looking for protecting/restricting access to your Drupal REST APIs using your OAuth Provider/Identity provider, then you should go for the Third Party Provider Authentication method. In this method, you just need to configure the module with the User Info Endpoint provided by your Identity Provider and you will be able to authenticate the API Request using the token provided by your provider. In addition to the User Info endpoint, you also need to set a Username Attribute as shown in the image below.
  • Select Third Party Provider and then click on the Save Configuration button.
  • Drupal REST API select Third Party Provider method
  • For this particular method, we will use an example of the API that allows you to update a Drupal User’s profile i.e. https:///user/{user id}?_format=json.
  • Drupal REST API user info header
  • A successful response would look like this :
  • Drupal REST API response

Additional Resources


Free Trial

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com