Drupal REST API Tutorial: Build & Consume APIs in Drupal 10/11

Drupal REST API Tutorial: Build and Consume APIs

Drupal provides a powerful REST API system that allows developers to expose content and data in JSON or XML format.
This tutorial will guide you through creating and consuming REST APIs in Drupal 10/11.

1. Enable RESTful Web Services

Drupal comes with core modules that provide REST functionality. To get started:

• Go to Extend in the admin menu
• Enable the following modules:
  • RESTful Web Services
  • Serialization (for JSON/XML responses)
  • HAL (optional, for hypermedia support)

2. Configure REST Resources

After enabling modules, configure which content types or entities can be accessed via REST:

• Navigate to Configuration → Web services → REST
• Enable the methods you need (GET, POST, PATCH, DELETE)
• Select the formats (JSON is recommended)

3. Set Permissions

Assign proper permissions to roles to control API access:

• Go to People → Roles → Edit
• Enable permissions like Access GET on Article resource
• Restrict POST, PATCH, DELETE for non-admin roles to secure your API

4. Test Your API

Use tools like Postman or cURL to test API endpoints:

• GET request: https://yourdrupalsite.com/node/1?_format=json
• POST request: https://yourdrupalsite.com/entity/node?_format=json (requires authentication)

5. Authentication Methods

For secure APIs, authentication is essential:

• Basic Auth: Simple username/password header (not recommended for production)
• OAuth 2.0: Secure token-based authentication for apps and external services
• Cookie-based: Uses Drupal session cookies for logged-in users

6. Consume Drupal REST API

You can consume Drupal REST API from any frontend or external application:

• JavaScript / AJAX: Fetch data using fetch() or axios
• Mobile apps: Use REST endpoints to read/write content
• Other CMS or systems: Integrate Drupal content seamlessly

Best Practices for Drupal REST API

• Always use HTTPS for API requests
• Enable only necessary endpoints
• Use authentication for any write operations
• Cache API responses using Drupal’s cache system
• Document your endpoints for developers

By following this tutorial, you can expose Drupal content as a REST API and integrate it with any frontend, mobile app, or external system efficiently and securely.