Հայոց Русский

Extra Block Types (EBT) - New Layout Builder experience❗

Extra Block Types (EBT) - styled, customizable block types: Slideshows, Tabs, Cards, Accordions and many others. Built-in settings for background, DOM Box, javascript plugins. Experience the future of layout building today.

Demo EBT modules Download EBT modules

❗Extra Paragraph Types (EPT) - New Paragraphs experience

Extra Paragraph Types (EPT) - analogical paragraph based set of modules.

Demo EPT modules Download EPT modules

Scroll
  1. Home
  2. JsonDrop API Documentation
  3. Authentication, Security & Performance

Setup Basic Authentication with HTTP Basic Authentication module

11/04/2025, by Ivan

JsonDrop API Documentation

Authentication for CRUD Operations with JSON:API

When interacting with the JSON:API, tools such as Postman or cURL can be used to send requests. By default, requests made through these tools are treated as coming from an "anonymous" user, since they do not inherently manage user authentication. As a result, access to certain resources may be restricted based on the permissions configured for anonymous users in your Drupal site.

However, if your goal is to perform create, update, or delete (CRUD) operations via the JSON:API, relying on anonymous access alone is insufficient. These operations require authenticated access. Drupal supports multiple authentication methods, which can be enabled through various contributed and core modules.

One of the most commonly used methods is HTTP Basic Authentication, which is included in Drupal core. For more advanced use cases, modules like Drupal REST & JSON API Authentication offer extended authentication capabilities and customization options, allowing you to tailor the security model to your application’s needs.

Steps to make an authenticated request

  1. For this example make sure all operations are enabled
    json-api
  2. Enable the HTTP Basic Authentication module
    Enable module
     
  3. Create a role for API User
    API user
  4. Give necessary permission for the role. /admin/people/permissions/api_user
  5. For this example make sure to give *Article*: Create new content permission
  6. Create a user with the API User permission. /admin/people/create
    Roles
  7. Configure authorization in postman. User the newly created account
    postman
  8. Add Content-Type header application/vnd.api+json
    Postman headers
  9. Update the body: 
    {
         "data": {
           "type": "node--article",
           "attributes": {
             "title": "This page is created trough JSON:API",
             "body": {
               "value": "some body text",
               "format": "plain_text"
             }
           }
         }
        }
  10. Send the request and observe the response. If the status code is 201 you successfully made an authenticated request to your JSON:API and created a node with type article
    content
     

    JSON:API is a powerful and standardized specification that simplifies the process of building APIs in Drupal. Introduced as a core module in Drupal 8 and later, it allows developers to expose content and data through a consistent and well-defined API without the need for extensive custom development.

    By simply enabling the JSON:API module, you gain immediate access to a structured API that adheres to the JSON:API specification. This enables effortless interaction with your Drupal site's content using intuitive URL patterns and predictable response formats—ideal for frontend applications, integrations, and decoupled architectures.

    To explore more advanced capabilities and best practices, consult the Drupal JSON:API Module Documentation. The documentation provides comprehensive guidance on features such as pagination, filtering, sorting, file uploads, and more—helping you unlock the full potential of JSON:API within your Drupal project.