OAuth authentication

The OAuth module allows to authenticate Drupal resources through the OAuth 1.0 protocol.

Below are the steps to configure OAuth so it can authenticate requests in Drupal 8.


Read installation instructions on PECL's OAuth extension.

The easiest way to install this extension is through PEAR using the following command:

pear install HTTP_OAuth


Download and install OAuth module from the project page.

If you see an error during installation regarding PECL's OAuth extension, please read the installation instructions in the Requirements section.

Set up

Follow these steps to configure OAuth Authentication for requests:

1. Set OAuth authentication for a REST resource.
2. Adust permissions.
3. Obtain a pair of OAuth consumer and secret keys.
4. Test the resource.

Set OAuth authentication for a REST resource

GET on content entities

Follow these steps to expose resources to GET requests:

  1. Add the configuration
  2. Set permissions
  3. Test with a GET request


  1. Make sure that REST module is enabled.
  2. Copy all of the files in your active config directory to your staging directory
  3. Make the needed changes to your rest.settings.yml file as shown below
  4. Go to admin/config/development/configuration to sync the configuration
  5. Clear caches

# Example configuration for enabling REST resources.
  # Enable the node resource.
        - json
        - basic_auth
  # Enable the taxonomy term resource.
        - json
        - basic_auth

Setting permissions

Bash script example for custom services action with session authentification

Here is Bash script example how to work with custom services action that requires session authentification.

Endpoint requirements :

  • Set "Authentification" as "Session authentication"
  • Set "Response formatters" as "json"

REST: exposing data as RESTful web services

NOTE: This covers configuration for the EntityResource, a REST plugin that core provides for content entities. Development of other REST services is covered elsewhere; see for example the Develop for Drupal guide Working with REST Server.

What is REST?

Web Services make it possible for other applications to read and update information on your site via the Web. REST is one of a number of different ways of making Web Services available on your site. In contrast to other techniques such as SOAP or XML-RPC, REST encourages developers to rely on HTTP methods (such as GET and POST) to operate on site resources.

If you are new to REST, you can find out more about HTTP methods, and other REST topics such as media types, and hypermedia, in the More info on REST section.

REST in Drupal 8 Core

In Drupal 8 core, interactions with content entities are supported via a REST interface. The REST module is extensible, and modules that wish to offer other services can implement Resource Plugins. Such extension is not covered here.

By default, the supported HTTP methods for entities are GET, POST, PATCH and DELETE.

Services Content Lock Documentation


services_content_lock adds Services support to the community module called content_lock that will prevent two users from editing the same node concurrently. This module exposes the main operations of content_lock through Services as a resource, so that content locking can be done over a web service API such as REST. The main operations it currently implements are retrieve, create, and delete. This page will document how to use the operations in this resource.


The operations this resource implements for content_lock are:

  • retrieve - Find out if a node is locked and get info about a lock e.g. who owns the lock and when it was created.
  • create - Create a new content lock on a node. Locks a node preventing other users from editing it.
  • delete - Deletes an existing lock on a node. Only the lock owner may delete the lock.

Below each operation is documented in detail, including example CURL commands.




Subscribe with RSS Subscribe to RSS - rest