Drupal8 REST WTF?

Drupal 8 REST WTF?

miro.michalickaMiro Michalicka

Drupal enthusiast @Cheppers5+ years experience with web development

whoami

CONTENTMy story with headless Drupal

API best practises

Decoupling options in Drupal 8

Decoupling

WHAT IS IT?

DECOUPLING

PROS

flexible front-end

lack of Drupal specialists

multivendor back-end

strengths of Drupal back-end

and back office

CONS

loose some Drupal capabilities

multiple requests for resources

growth of teams

API BEST PRACTISES

DOCUMENTATION

stability and consistency

flexibility

security

ease of adoption

Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api

http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api

DOCUMENTATION

DOCUMENTATION

Self Documenting REST API

API BEST PRACTISES

documentation

SCALABILITY AND CONSISTENCY

flexibility

security

ease of adoption



GET http://mysite.com/entity/node/1

{ “title”: “My first node”, “body”: “Lorem ipsum…” }

SCALABILITY AND

CONSISTENCY

GET http://mysite.com/article/1


SCALABILITY AND

CONSISTENCY

GET http://mysite.com/article/1

{ “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }SCALABILITY

AND CONSISTENCY

GET http://mysite.com/api/v2/article/1

{ “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }

SCALABILITY AND

CONSISTENCY





SCALABILITY AND

CONSISTENCY

GET http://mysite.com/api/blog/2?_version=1


API BEST PRACTISES

documentation

scalability and consistency

FLEXIBILITY

security

ease of adoption



FLEXIBILITY

API BEST PRACTISES

documentation


flexibility

SECURITY

ease of adoption



SECURITY

cookiesbasic authown authentication provider

OWN AUTHENTICATION PROVIDER

<?php/** * @file * Contains \Drupal\pin_auth\Authentication\Provider\PinAuth. */namespace Drupal\pin_auth\Authentication\Provider; use Drupal\Core\Authentication\AuthenticationProviderInterface; use Drupal\Core\Entity\EntityTypeManagerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; /** * HTTP Basic authentication provider. */class PinAuth implements AuthenticationProviderInterface { /** * The entity type manager. * * @var \Drupal\Core\Entity\EntityTypeManagerInterface */ protected $entityTypeManager; /** * Constructs a HTTP basic authentication provider object. * * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager * The entity manager service. */ public function __construct(EntityTypeManagerInterface $entity_type_manager) { $this->entityTypeManager = $entity_type_manager; }

}

SECURITY

public function applies(Request $request) { if (!empty($request->headers->get('pin')) && !empty($request->headers->get(‘number'))) { return TRUE; } return FALSE; } public function authenticate(Request $request) { $pin = $request->headers->get('pin'); $number = $request->headers->get('number'); $user = NULL; $user = $this->entityTypeManager->getStorage('user') ->getQuery() ->condition('field_phone_number', $number) ->condition('field_pin',$pin) ->range(0,1) ->execute(); if (!empty($user)) { return $user; } else { throw new AccessDeniedHttpException(); } }

OWN AUTHENTICATION PROVIDER

SECURITY

Solve using RouteSubscriber

https://docs.google.com/presentation/d/1wN7zICkTXcQp8d8UKMQz6oaMM_C2b58AC4oN_sywRCU

SECURITY

OWN REST END-POINTSViews

https://drupal.org/node/2228141

ViewsOWN REST END-POINTS

SECURITY

https://drupal.org/node/2228141

API BEST PRACTISES

documentation


flexibility

security

EASE OF ADOPTION



EASE OF ADOPTION

DECOUPLING OPTIONSIN DRUPAL 8

REST in core

RELAXed

Services


GraphQL

JSON API


THANK YOUQUESTIONS?

Drupal8 REST WTF?

Technology

Drupal8 REST WTF?