On this page
Example REST server for node.create with session authentication (JSON & PHP cURL)
Last updated on
30 April 2025
Endpoint requirements :
- Set "Authentication" as "Session authentication"
- Set "Response formatters" as "json"
- Check resources "User > Login" and "Node > Create"
User requirements :
- Add permission to create content type "page" for user role
/**
* Create a token for non-safe REST calls.
**/
function mymodule_get_csrf_header() {
$curl_get = curl_init();
curl_setopt_array($curl_get, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'http://your-drupal/services/session/token',
));
$csrf_token = curl_exec($curl_get);
curl_close($curl_get);
return 'X-CSRF-Token: ' . $csrf_token;
}
/*
* Server REST - user.login
*/
// REST Server URL
$request_url = 'http://your-drupal/rest_server_endpoint/user/login';
// User data
$user_data = array(
'username' => 'user_name',
'password' => 'user_password',
);
$user_data = http_build_query($user_data);
// cURL
$curl = curl_init($request_url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json', mymodule_get_csrf_header())); // Accept JSON response
curl_setopt($curl, CURLOPT_POST, 1); // Do a regular HTTP POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $user_data); // Set POST data
curl_setopt($curl, CURLOPT_HEADER, FALSE); // Ask to not return Header
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_FAILONERROR, TRUE);
$response = curl_exec($curl);
$http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
// Check if login was successful
if ($http_code == 200) {
// Convert json response as array
$logged_user = json_decode($response);
}
else {
// Get error msg
$http_message = curl_error($curl);
die($http_message);
}
/*
* Server REST - node.create
*/
// REST Server URL
$request_url = 'http://your-drupal/rest_server_endpoint/node';
// Node data
$node_data = array(
'title' => 'A node created with services 3.x and REST server',
'type' => 'page',
'body[und][0][value]' => '<p>Body</p>',
);
$node_data = http_build_query($node_data);
// Define cookie session
$cookie_session = $logged_user->session_name . '=' . $logged_user->sessid;
// cURL
$curl = curl_init($request_url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json', mymodule_get_csrf_header())); // Accept JSON response
curl_setopt($curl, CURLOPT_POST, 1); // Do a regular HTTP POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $node_data); // Set POST data
curl_setopt($curl, CURLOPT_HEADER, FALSE); // Ask to not return Header
curl_setopt($curl, CURLOPT_COOKIE, "$cookie_session"); // use the previously saved session
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_FAILONERROR, TRUE);
$response = curl_exec($curl);
$http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
// Check if login was successful
if ($http_code == 200) {
// Convert json response as array
$node = json_decode($response);
}
else {
// Get error msg
$http_message = curl_error($curl);
die($http_message);
}
print_r($node);
If Successful
Response code: 200 OK
return node nid and node uri as json
If Unsuccessful
Response codes
401 Unauthorized: Wrong username or password, or user doesn't have right permission.
406 Title field required / type field is required
NOTE: Many get the 401 error, but this example seems to work for many: https://www.drupal.org/node/1334758#comment-8656123
Help improve this page
Page status: Not set
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
