6 Must Have Features to Create RESTful API with Drupal

6 Must Have Features to Create RESTful API with Drupal

RESTful API is an application program interface (API) that makes use of HTTP requests in order to GET, PUT, POST and DELETE the data. The RESTful API is specially designed to take advantage of all the existing protocols. The developers do not need to install the libraries to take advantage of RESTful API design. The usage of the RESTful API is because it is flexible to allow you to build an API that meets your requirements.

The API is basically based on Representational State Transfer (REST) technology which is a style to communications often used in web services development.

The below image represents the RESTful API with Drupal

RESTful API

In the above diagram, other applications make API calls to the Drupal website to perform CRUD operations (with the web server and database).

Key Features for Creating the Restful API with Drupal

1. Authentication

As the word itself means, authentication is the verification of the credentials of the connection attempt. Under this process, one can send credentials from the remote access client to the remote access server in various forms like plain text or encrypted form with the help of an authentication protocol

2. Authorization

Authorization is the verification that the connection attempt is allowed. Authorization is something that occurs after successful authentication.

3. API Key

  • API keys/secrets are usually a long series of random characters that are difficult to guess.
  • Require API keys for every request to the protected endpoint.
  • An API key is generated on the user’s successful login and is unique for each user’s login.
  • Without a valid API key, it is not possible to make an API call.
  • The user will be using the unique API key throughout the session.
  • Once the user logs out, the API key is deactivated.
  • When the API key is deactivated, that API key is no longer been used and it generates a new API key on login.

4. Device Token

  • The device token is used to send the push notification to the devices.
  • A device token is provided when a user logs in initially.
  • Each device will have a unique device token.
  • While the logging process is going on, it will save a unique API key for the device token.
  • Once the user logs out, the device token will be disabled and won’t be able to send a push notification to the device.

5. Custom Module

  • The custom module is created with the folder name for e.g. (custom_api) and adds below 3 files
    • info (it will contain information about the module)
    • module (it will contain the APIs defined)
    • inc (file to check the accessibility of the API)
  • inc file will check whether the API key and device token provided by the API callback are valid or not.
  • Create one menu of type “MENU_CALLBACK” and declare the page callback with the function where the API response is defined.
  • In the above-defined function, return the response to the API in JSON format.
  • Validation is defined for the API call to validate input and ensure proper processing of data.
  • Process data once validation is performed.

6. Push Notification

  • To send a push notification, the device token is required.
  • For Android, FCM is used to send a push notification
  • For IOS, below gateway is used
    • ssl://gateway.sandbox.push.apple.com:2195 — for sandbox
    • ssl://gateway.push.apple.com:2195 – for production
  • It also requires a certificate with the credentials to access it, which will be provided by the IOS developer.
  • Firewall configuration should be done to allow the server to access the above-mentioned gateway.