Last updated April 8, 2014. Created by klausi on August 29, 2013.
Edited by juampy, linclark, clemens.tolboom. Log in to edit this page.

In the previous examples, we have used HTTP Basic authentication for all requests. You can also use other authentication protocols.

Core includes:

Contrib provides:

Enabling supported_auth

The auth method must be enabled for the specific resource and method. For example:

resources:
  'entity:node':
    GET:
      supported_formats:
        - json
      # Support both the core provided auth protocols.
      supported_auth:
        - cookie
        - http_basic

POST example with Guzzle and session cookies

Using session authentication for a POST request is a bit more complicated than HTTP Basic Authentication, because we need to provide a CSRF protection token. This is necessary to protect web browser users from malicious sites that could trigger RESTful POST requests on the user's behalf.

Example of POSTing a node with Guzzle:

<?php
use Guzzle\Http\Client;
use
Guzzle\Plugin\Cookie\CookiePlugin;
use
Guzzle\Plugin\Cookie\CookieJar\ArrayCookieJar;
$cookiePlugin = new CookiePlugin(new ArrayCookieJar());
$client = new Client('http://drupal-8.localhost');
$client->addSubscriber($cookiePlugin);
$client->post('user', null, array(
 
'name' => 'klausi',
 
'pass' => 'secret',
 
'form_id' => 'user_login_form',
))->
send();
// $client holds a session cookie now. All future $client requests
// will send the cookie along
// Extra GET request to retrieve the CSRF protection token.
$token = $client->get('rest/session/token')->send()->getBody(TRUE);
$node = array(
 
'_links' => array(
   
'type' => array(
     
'href' => 'http://drupal-8.localhost/rest/type/node/page'
   
)
  ),
 
'title' => array(0 => array('value' => 'New node title')),
);
$data = json_encode($node);
$response = $client->post('entity/node', array(
 
'Content-type' => 'application/hal+json',
 
'X-CSRF-Token' => $token,
),
$data)->send();
if (
$response->getStatusCode() == 201) {
  print
'Node creation successful!';
}
?>

GET example with cURL and HTTP Basic

Using HTTP Basic authentication for a GET request is quite straightforward. Given the following resource configuration, which allows GET access on nodes through HTTP Basic authentication and supports hal+json format:

resources:
  'entity:node':
    GET:
      supported_formats:
        - hal_json
      supported_auth:
        - basic_auth

Note: make sure that hal and basic_auth modules are enabled.

If a node is created, its nid is 1 and the Authenticated role has the permission Access GET on Content resource, we can make the following cURL request:

curl --request GET --user myusername:mypassword --header 'Accept: application/hal+json' \
http://d8.local/node/1

And the response should be something like this:

{"_links":{"self":{"href":"http:\/\/d8.local\/node\/1"},"type":{"href":"http:\/\/d8.local\/rest\/type\/node\/page"},"http:\/\/d8.local\/rest\/relation\/node\/page\/uid":[{"href":"http:\/\/d8.local\/user\/1","lang":"en"}],"http:\/\/d8.local\/rest\/relation\/node\/page\/revision_uid":[{"href":"http:\/\/d8.local\/user\/0"}]},"uuid":[{"value":"f8e0ab5f-8066-49cf-815e-94f8f38b172b"}],"type":[{"target_id":"page"}],"langcode":[{"value":"en"}],"title":[{"value":"asdfasdf","lang":"en"}],"_embedded":{"http:\/\/d8.local\/rest\/relation\/node\/page\/uid":[{"_links":{"self":{"href":"http:\/\/d8.local\/user\/1"},"type":{"href":"http:\/\/d8.local\/rest\/type\/user\/user"}},"uuid":[{"value":"d3fdfeaf-926f-4258-a905-5fe88f1065e2"}],"lang":"en"}],"http:\/\/d8.local\/rest\/relation\/node\/page\/revision_uid":[{"_links":{"self":{"href":"http:\/\/d8.local\/user\/0"},"type":{"href":"http:\/\/d8.local\/rest\/type\/user\/user"}},"uuid":[{"value":"2cb087e9-60f5-4bf9-9905-5d3dd34483c4"}]}]},"status":[{"value":"1","lang":"en"}],"created":[{"value":"1396992603","lang":"en"}],"changed":[{"value":"1396992608","lang":"en"}],"promote":[{"value":"0","lang":"en"}],"sticky":[{"value":"0","lang":"en"}],"revision_timestamp":[{"value":"0"}],"log":[{"value":"","lang":"en"}],"body":[{"value":"<p>asdfasfd<\/p>\r\n","format":"basic_html","summary":""}]}

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.