Drupal REST & JSON API Authentication
Drupal REST & JSON API Authentication modules restrict and secure unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication, API Key Authentication, JWT Authentication, OAuth Authentication, Third-Party Provider Authentication, etc
Supported Authentication Methods
Basic Authentication
Users can authenticate themselves using their username and password using basic authentication.
API Key Authentication
When users authenticate using an API, a unique token is generated to verify the user’s identity during the first login attempt.
OAuth 2.0 Authentication
Users can use the OAuth 2.0 authentication protocol to authorise one application to interact with another on their behalf without having to provide their password.
JWT Authentication
To allow users to authenticate the web application should send a Json Web Token (JWT) in the authorization header of an HTTP request to your Server-side.
Third-Party Provider Authentication
Users will be able to authenticate their existing identities from third-party identity providers such as Google, Facebook, and LinkedIn without entering their password.
Key Features
Support for Headless Drupal
Support for integrating SSO for a decoupled Drupal site i.e. allowing your users to login to the Drupal backend as well as the front-end application
Role based access to Drupal REST APIs
Based on user's Drupal roles/capabilities users can get access to his Drupal Dashboard and REST APIs for that site.
Custom Token Expiry
Default token expiry time provided is 1 hour. Using this feature admin can change the token expiry date as per his requirement.
Signature Validation
Provide the Signature Verification and Validation along with JWT Token Validation. Also, an option to select the Signing Algorithm to validate the JWT token.
Exclude REST APIs
Default all the Drupal REST APIs will be protected. Using this feature admin can make some APIs to publicly accessible without authentication.
Custom Header
Default Authorization Header will be used to authenticate the requests. Using this feature admin can change Authorization header to any other header accordingly.
Licensing Plans
Free
Supports JSON API module
Supports default REST APIs
API Key Authentication
Basic Authentication
Premium
No. of instances:*
For more, Contact Us
Supports JSON API module
Supports default REST APIs
API Key Authentication
Basic Authentication
Access Token-Based Authentication
JWT Based Authentication
3rd Party/External IDP Token-Based Authentication
Generate separate API Keys for every user
Supports restriction of custom APIs
Custom Authentication Header
Configurable Token Expiry Time
Whitelist or Blacklist APIs
IP Address-Based Restriction
Role Based Restriction
Premium GoTo Meeting Support
* What is an instance?
A Drupal instance refers to a single installation of a Drupal site. It refers to each individual website where the module is active. In the case of multisite/subsite Drupal setup, each site with a separate database will be counted as a single instance. For eg. If you have the dev-staging-prod type of environment then you will require 3 licenses of the module (with additional discounts applicable on pre-production environments). Contact us at drupalsupport@xecurify.com for bulk discounts.
Get Full - Featured Trial
Free Trial for 7 Days
Explore all the features the module has to offer in a sandbox environment.
Integrate with any platform of your choice.
A hands-on POC to help you make an informed decision.
24*7 support to help you with the setup.
Thank you for your response. We will get back to you soon.
Something went wrong. Please submit your query again
Knowledge Base
Frequently Asked Questions
- Does miniOrange store any user data?
- miniOrange does not store or transfer any data out of your systems. All* the modules are completely on premise. All the data remains within your premises / server.
- Does miniorange provide developer license for paid module?
- We do not provide the developer license for our paid module and the source code is protected. It is strictly prohibited to make any changes in the code without having written permission from miniOrange. There are hooks provided in the module which can be used by the developers to extend the module's functionality.
- Does miniOrange offer technical support?
- Yes, we provide 24*7 support for all and any issues you might face while using the module, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted for. You can check out the different Support Plans here.
Payment Methods
Credit cards (American Express, Discover, MasterCard, and Visa) - If the payment is made through Credit Card/International Debit Card, the license will be created automatically once the payment is completed.
Check out what our customers have to say about us
" I have tested the module and even though I was struggling to get it to work, due to my own fault, I requested the support of the team and their help was amazing. So I'll highly recommend this module and for us as community to be able to support the team behind it. Thank you miniOrange Team. "
Why Customers Choose Us?
Extensive Setup Guides
Easy and precise step-by-step instructional videos and setup guides to help you configure the module within minutes.
Customizable Solutions
If you require any customizations in the module, we offer custom built solutions to meet the specific needs of our clients and organizations.
Reliable
Frequent security updates and a consistent 99% uptime, makes this module highly reliable and stable.
24*7 Active Support
A dedicated support team at your disposal, 24*7. Get instant help or have debugging sessions with our engineers to take a look at your sites.
Need Help? We are right here!
I have tested the module and even though I was struggling to get it to work, due to my own fault, I requested the support of the team and their help was amazing. So I'll highly recommend this module and for us as community to be able to support the team behind it. Thank you miniOrange Team.