Drupal as a Web Service

Drupal Camp ChattanoogaNovember 9, 2013

Saturday, November 9, 13

RESTful Web Services

✓REST, which stands for REpresentational State Transfer, is a simple, stateless architecture that runs over common web communication protocols (HTTP)

✓RESTful Web services are websites for machines

Saturday, November 9, 13

RESTful Web Services

✓Has four defined aspects

- The base URI (http://www.example.com/api)

- The hypertext standard data type supported (JSON, XML, etc)

- Supported operations utilize HTTP methods

- Hypertext driven

Saturday, November 9, 13

REST/HTTP Verbs

✓CRUD (Create, Retrieve, Update and Delete) Verbs:

- POST -- Create a new item(s)

- GET -- Retrieve an existing item(s)

- PUT -- Update an existing item(s)

- DELETE -- delete an existing item(s)

Saturday, November 9, 13

REST/HTTP Verbs

✓PATCH -- used for partial updates

✓OPTIONS -- used to return information about the communication options for a given resource

✓HEAD -- returns metadata in the form of HTTP headers, with no message-body in the response (should return the same headers as a GET request to the same resource)

Saturday, November 9, 13

REST/HTTP Verbs

✓TRACE -- used to invoke a loop-back of the request message, typica(y for diagnostic or testing purposes

✓CONNECT -- reserved for use with a proxy that can be dynamica(y switched to use tunneling (like SSL)

Saturday, November 9, 13

ResourcesIn REST, a resource is a body of information

Clients request representations of resources )om servers, and servers respond to requests for resources, via URIs (Drupal ca(s these “endpoints”)

When a client receives a representation of a resource )om a server, including attached metadata, it should receive enough data to be fu(y informed about the resource represented

Saturday, November 9, 13

HTTP Response Codes

✓Most common ones seen in Drupal Services

- 200/201 -- OK, successful response

- 401 -- unauthorized

- 404 -- not found

- 406 -- not acceptable

Saturday, November 9, 13

Drupal REST Web Services

✓ Is provided in Drupal 7 with the Services 3.x module.

- Current release is 3.5

✓Utilizes the CRUD verbs for REST

- Can consume and provide XML or JSON

✓Comes with defined resources for users, nodes, taxonomy, comments and files

Saturday, November 9, 13

Dependencies

✓Drupal Contrib modules:

- Chaos Tools

- Libraries

✓Other useful modules:

- Devel

Saturday, November 9, 13

Self Explanatory Resources

✓Self-explanatory

- Comments

- Node

- Taxonomy_term

- Taxonomy_vocabulary

- User

Saturday, November 9, 13

And the others…..

✓System

- Provides endpoints to perform functions that don’t fa( clearly under the purview of the other resource categories

✓Get, Set and Delete Variables (get_variable, set_variable, del_variable)

✓Check the current user connection (connect)

Saturday, November 9, 13

And the others…..

✓File -- handles file uploads and file resource management, even files that are part of nodes

- Generates a file resource that can be used as part of a node or user resource

Saturday, November 9, 13

And one undocumented...

✓ /services/session/token

✓Created in the Services release 7.x-3.4 to address a CSRF vulnerability identified on June 5, 2013

✓Returns a plain-text response containing a token that needs to be included in the headers as X-CSRF-Token

- Token is also available on a User resource endpoint

Saturday, November 9, 13

Permissions

✓ In general, the Services endpoints utilize Drupal’s permissions system to determine access to information

- General Rule: If your user does not have permission to access a requested resource through the UI, then your user should not have permission through the web service either.

Saturday, November 9, 13

Request Processing✓Once a request has been accepted through a Services API

endpoint as a valid request, the request goes through the same channels as a request through the user interface.

- User registration/creation/updates, login/logout uses the same processes as UI registration/management, login/logout

- Node creation/updates happen through the Forms API, as does Taxonomy and comments

Saturday, November 9, 13

What does this mean?✓Fields added to the user profile wi( be available through

the User endpoints

✓Custom content types, including custom fields, are available through the Node endpoints

✓Custom fields added to Taxonomy term structure are available through the Taxonomy_term endpoints

...IN THEORY

Saturday, November 9, 13

What’s reality?

✓Using the Forms API to process requests made through the API doesn’t always result in a clean, logical data structure for the API request

✓Not a( field types work properly through Services

✓Documentation on the required format for data is in poor, or nonexistent shape for many of the field types other than text and text area

Saturday, November 9, 13

Well Supported Field Types

✓Text, Long Text (with or without Summary)

✓ Integer, Float, Decimal

✓Address Field, Email, Phone, Hidden

✓Entity/Term Reference (single value, select or radio)

✓ Image / File fields (complex process, but supported)

✓Date fields -- ISO format only

Saturday, November 9, 13

Problematic field types

✓Boolean fields

✓Taxonomy and Entity Reference fields utilizing Autocomplete or multi-value (like Tags)

✓ Integer or Float based List fields, List fields using checkboxes, or mult-value List fields (Select/checkbox)

✓Date fields other than ISO

Saturday, November 9, 13

Demo

✓Feature Source code available on GitHub

- https://github.com/spartansystems/DrupalWebServices

✓Need REST client browser plugin

- RESTClient for Firefox, POSTMAN for Chrome

✓Demo site at http://svc.drupalws.com

✓Firefox Plugin -- Tamper Data -- also helpful

Saturday, November 9, 13

Demo

Saturday, November 9, 13

My Contact Info

✓Lisa Ridley, Project Manager and Web/iOS developer, Spartan Systems LLC

✓ lisa@spartansystems.co

✓ skype: lhridley

✓Twitter: lhridley

✓LinkedIn: www.linkedin/in/lisahridley

Saturday, November 9, 13