How to create custom REST method to protect your content from unauthorised use
In last few years, protecting data from an unauthorised use has become a challenging task. Recently, we came across a similar situation while working on a media and publishing industry project where most of the content was used through services. And we were requested to protect the content from unauthorised use and help in stopping such practices.
Here in this scenario, RESTful Web Services API played a significant role in overcoming the situation. However, in some cases, the default RESTful API doesn’t work effectively and leave the requirement unfulfilled. In this case, we will create a custom REST method that helps you to access nodes using API keys. Let’s see how we can achieve this?
Here we need to deal with two things:
- Create a View to export data with Rest API
- Create a custom Rest method to access nodes
I guess you would also like to take a look on our previous blogs where we have created Rest Resource for GET Method to enable other websites or applications to view, edit or update information; and Custom Rest Resources for POST methods to create an article in Drupal 8 website from an external application.
Follow the below steps to create a View to export data with Rest API followed by customizing Rest method to access nodes by using the API keys.
How to create a View to export data with Rest API?
Select the RESTful Web Services module and download REST UI dependency module. See the screenshot below for an example.
After Installing Web services, create a View to export data with Rest API following a few simple steps. Fill basic pieces of information then save and edit to create the REST pages.
Go to admin/structure/views and click on Add View Button. Follow the below steps.
- Create a View named “article view”
- In View setting, select the Type Article
- Select the “REST EXPORT SETTING”
In View page, you need to
Select the Serializer formatter
In Format, click on settings and select json format
Select Title and Description field
Expose the Content ID
In Path Setting, give path /json/article-id
Now let’s access the article node in browser using the path given and Content ID.
Now you can test using Rest Client by entering the Url. See the below screenshot.
How to create Custom Rest Method to Access Nodes by using the API keys?
Let’s create a Custom Rest Method to Access Nodes so we can create a custom module. We can also use Drupal Console to create a module.
The module name is “test_api”
See the screenshot below for an example of the folder structure.
Create a test_api.info.yml file and enter the following code.
name: Test API
description: Custom RESTful API module.
author: Sarada Prasad
For the below code to work, we need to create a TestAPIController.php file inside Controller folder.
Here, we are showing Get Method example.
Follow the codes to create a routing file test_api.routing.yml file to access the methods.
Let’s build a Form APIKeySettingsForm.php inside Form folder to create API Key to access the node.
You can also access the node with the API key created and test using Rest Client.
There you have it, now you can test using Rest Client
Customizing Web services programmatically has become a routine task in order to protect the company’s data. In this post, I haven’t covered a lot of basic things and explained how to create and customize Web services. The above-explained process will also help you in securing your client’s data.
Hope this blog will be helpful for you. If I have missed something or you want to add then please comment below. Whether you are Media and Publishing firm or a Drupaler, you can discuss with us the problems you are currently facing or any other service related issue anytime. You are just a click away.
Below given is a presentation on RestFul Web Services in Drupal 8.