Drupal 8 REST WTF? miro.michalicka Miro Michalicka
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Drupal 8 REST WTF?
miro.michalickaMiro Michalicka
Drupal enthusiast @Cheppers5+ years experience with web development
whoami
CONTENTMy story with headless Drupal
API best practises
Decoupling options in Drupal 8
Decoupling
WHAT IS IT?
DECOUPLING
PROS
flexible front-end
lack of Drupal specialists
multivendor back-end
strengths of Drupal back-end
and back office
CONS
loose some Drupal capabilities
multiple requests for resources
growth of teams
API BEST PRACTISES
DOCUMENTATION
stability and consistency
flexibility
security
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
DOCUMENTATION
DOCUMENTATION
Self Documenting REST API
API BEST PRACTISES
documentation
SCALABILITY AND CONSISTENCY
flexibility
security
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
GET http://mysite.com/entity/node/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }SCALABILITY
AND CONSISTENCY
GET http://mysite.com/api/v2/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/api/v1/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
GET http://mysite.com/api/v1/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/api/blog/2?_version=1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
API BEST PRACTISES
documentation
scalability and consistency
FLEXIBILITY
security
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
FLEXIBILITY
API BEST PRACTISES
documentation
stability and consistency
flexibility
SECURITY
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
SECURITY
cookiesbasic authown authentication provider
OWN AUTHENTICATION PROVIDER
<?php/** * @file * Contains \Drupal\pin_auth\Authentication\Provider\PinAuth. */namespace Drupal\pin_auth\Authentication\Provider; use Drupal\Core\Authentication\AuthenticationProviderInterface; use Drupal\Core\Entity\EntityTypeManagerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; /** * HTTP Basic authentication provider. */class PinAuth implements AuthenticationProviderInterface { /** * The entity type manager. * * @var \Drupal\Core\Entity\EntityTypeManagerInterface */ protected $entityTypeManager; /** * Constructs a HTTP basic authentication provider object. * * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager * The entity manager service. */ public function __construct(EntityTypeManagerInterface $entity_type_manager) { $this->entityTypeManager = $entity_type_manager; }
}
SECURITY
public function applies(Request $request) { if (!empty($request->headers->get('pin')) && !empty($request->headers->get(‘number'))) { return TRUE; } return FALSE; } public function authenticate(Request $request) { $pin = $request->headers->get('pin'); $number = $request->headers->get('number'); $user = NULL; $user = $this->entityTypeManager->getStorage('user') ->getQuery() ->condition('field_phone_number', $number) ->condition('field_pin',$pin) ->range(0,1) ->execute(); if (!empty($user)) { return $user; } else { throw new AccessDeniedHttpException(); } }
OWN AUTHENTICATION PROVIDER
SECURITY
Solve using RouteSubscriber
https://docs.google.com/presentation/d/1wN7zICkTXcQp8d8UKMQz6oaMM_C2b58AC4oN_sywRCU
SECURITY
OWN REST END-POINTSViews
API BEST PRACTISES
documentation
stability and consistency
flexibility
security
EASE OF ADOPTION
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
EASE OF ADOPTION
DECOUPLING OPTIONSIN DRUPAL 8
REST in core
RELAXed
Services
DECOUPLING OPTIONSIN DRUPAL 8
GraphQL
JSON API
DECOUPLING OPTIONSIN DRUPAL 8
THANK YOUQUESTIONS?
Related Documents
![[Marco Capobussi] - DevOps: strumenti di automazione per Drupal8](https://static.cupdf.com/doc/110x72/58e4b2281a28ab1c1f8b4fef/marco-capobussi-devops-strumenti-di-automazione-per-drupal8.jpg)
