decoupling drupal 8.x: drupal’s web services today and tomorrow

Download Decoupling Drupal 8.x: Drupal’s Web Services Today and Tomorrow

If you can't read please download the document

Post on 08-Apr-2017

107 views

Category:

Software

0 download

Embed Size (px)

TRANSCRIPT

Decoupled Drupal 8.xDrupals web servicestoday and tomorrowPreston SoDevelopment Manager, Acquia LabsMarch 29, 2017

2016 Acquia Inc. Confidential and Proprietary

Welcome!Preston So (@prestonso) has been a web developer and designer since 2001, a creative professional since 2004, and a Drupal developer since 2007. As Development Manager of Acquia Labs, Preston leads new open-source and research initiatives at Acquia. Preston has presented keynotes at conferences on three continents in multiple languages and speaks around the world about diverse topics such as decoupled Drupal, responsive design, front-end development, and user experience.

drupal.org/u/prestonsopreston.so@acquia.com

2016 Acquia Inc.

Welcome!

2016 Acquia Inc.

What well coverDrupal web services at a glanceDrupal 8.0: WSCII and foundationsDrupal 8.2: CORS, configuration entities, and DXDrupal 8.3: User registration and DXWhats ahead in Drupal 8.5+JSON API, GraphQL, and RELAXed Web ServicesEpilogue: The wider web services landscape

2016 Acquia Inc.

Drupal web services at a glance

2016 Acquia Inc.

Why are web services important?Web services enable communication between Drupal and other systems, most commonly decoupled front ends or other back ends.Decoupled Drupal, or API-first Drupal, is the process of employing Drupal as a data service which exposes data for consumption by other applications.A REST API is a common entry point for other applications.

2016 Acquia Inc.

Why are web services important?

HTTP requestHTTP response (JSON, XML)

Site or repository built in DrupalDecoupled applicationWeb services

Decoupled applicationSoftware development kit (SDK)

2016 Acquia Inc.

Drupal web services at a glanceDrupals web services can be split into three categories:Core REST (internal storage or HAL normalization)Contributed REST (JSON API, RELAXed, Services)Non-REST web services (GraphQL)

2016 Acquia Inc.

Drupal web services at a glance

2016 Acquia Inc.

Drupal 8.0: WSCII and foundations

2016 Acquia Inc.

WSCIIThe Web Services and Context Core Initiative (WSCII), led by Larry Garfield, enabled RESTful web services in Drupal.The original goal was to enable server-to-server communication, but in recent years actual usage has evolved more toward server-to-client.The default REST API available out of the box in Drupal 8 core is fully REST-compliant.

2016 Acquia Inc.

The API-first initiativeThe API-first initiative (WSCII), led by Wim Leers, is the successor to WSCII and aims to expand Drupals web services capabilities.The API-first initiative captures use cases that are applicable to both fully decoupled and progressively decoupled (in-Drupal) issues.Meetings are held monthly on the third Monday of every month from 6-7pm GMT, and core conversations often take place at DrupalCon.

2016 Acquia Inc.

Core RESTThe core REST modules allow for all content entities (nodes, users, taxonomy terms, comments) to be exposed as JSON+HAL or as JSON representing Drupals internal storage, and Views natively supports REST export as a new display type.There are many issues with REST in core; please consider contributing to RX (REST experience) tagged issues.

2016 Acquia Inc.

Core REST modulesSerialization is able to perform serialization by providing normalizers and encoders. First, it normalizes Drupal data (entities and their fields) into arrays with a particular structure. Any normalization can then be sent to an encoder, which transforms those arrays into data formats such as JSON or XML.RESTful Web Services allows for HTTP methods to be performed on existing resources including but not limited to content entities and views (the latter facilitated through the REST export" display in Views) and custom resources added through REST plugins.

2016 Acquia Inc.

Core REST modulesHAL builds on top of the Serialization module and adds the Hypertext Application Language normalization, a format that enables you to design an API geared toward clients moving between distinct resources through hyperlinks.Basic Auth allows you to include a username and password with request headers for operations requiring permissions beyond that of an anonymous user. It should only be used with HTTPS.

2016 Acquia Inc.

Setting up RESTful Drupal$ drush en -y hal basic_auth serialization rest$ drush dl restui && drush en -y restui

2016 Acquia Inc.

Fetching an individual nodeGET /node/1?_format=json HTTP/1.1Host: drupal-backend.dd:8083Accept: application/jsonCache-Control: no-cachePostman-Token: 6c55fb8b-3587-2f36-1bee-2141179d1c9c

2016 Acquia Inc.

Creating a new nodePOST /entity/node HTTP/1.1Host: drupal-backend.dd:8083Accept: application/jsonAuthorization: Basic YWRtaW46YWRtaW4=Content-Type: application/jsonCache-Control: no-cachePostman-Token: 7776d489-e9bb-cad2-d289-24aa76f8f8a6

2016 Acquia Inc.

Creating a new node{ "type": [ {"target_id": "article"} ], "title": [ {"value": "Lorem ipsum dolor sit amet adipiscing"} ], "body": [ {"value": "This is a totally new article"} ]}

2016 Acquia Inc.

Updating an individual nodePATCH /node/23 HTTP/1.1Host: drupal-backend.dd:8083Accept: application/jsonAuthorization: Basic YWRtaW46YWRtaW4=Content-Type: application/jsonCache-Control: no-cachePostman-Token: c1e4df7e-b17b-2256-75c8-55629c8329c7

2016 Acquia Inc.

Updating an individual node{ "nid": [ {"value": "23"} ], "type": [ {"target_id": "article"} ], "title": [ {"value": "UPDATE UPDATE UPDATE UPDATE"} ], "body": [ {"value": "Awesome update happened here"} ]}

2016 Acquia Inc.

Cross-origin resource sharing (CORS)# Apache 2Header set Access-Control-Allow-Origin "*"

2016 Acquia Inc.

Cross-origin resource sharing (CORS)$ drush dl cors && drush en -y cors*|http://localhost:3003$ drush cr

2016 Acquia Inc.

Waterwheel SDK ecosystemWaterwheel is a collection of SDKs which make it easier for developers to build Drupal-backed applications in various technologies.The Waterwheel module includes resource discovery (content schema exports to the client side) and generated Swagger API documentation.github.com/acquia/waterwheel.jsgithub.com/acquia/waterwheel.swiftdrupal.org/project/waterwheel

2016 Acquia Inc.

Drupal 8.2: CORS, configuration entities, and DX

2016 Acquia Inc.

Changes in Drupal 8.2Configuration entity GET supportOpt-in CORS supportRPC endpoints for login, status, logout, and password resetREST configuration converted to configuration entitiesComments can be updated via RESTVarious developer experience benefits

2016 Acquia Inc.

Configuration entity GET supportConfiguration entities can now be retrieved via GET, meaning you can now view labels of configuration entities like Vocabularies and Content Types, which is particularly helpful for client-side visibility.curl --user admin:admin --request GET "http://drupal.d8/entity/taxonomy_vocabulary/tags?_format=json"curl --user admin:admin --request GET "http://drupal.d8/contact/feedback?_format=json"

2016 Acquia Inc.

Opt-in CORS supportFully decoupled applications on domains distinct from the Drupal back end are blocked from issuing asynchronous requests to Drupal due to the same-origin policy unless cross-origin resource sharing is enabled.In the past, this was done either via Apache 2 configuration or via the CORS module, but there is now core support.This is not enabled by default due to security consequences of allowing other domains to access Drupal.

2016 Acquia Inc.

Opt-in CORS support: default.services.ymlcors.config: enabled: false # Specify allowed headers, like 'x-allowed-header'. allowedHeaders: [] # Specify allowed request methods, specify ['*'] to allow all possible ones. allowedMethods: [] # Configure requests allowed from specific origins. allowedOrigins: ['*'] # Sets the Access-Control-Expose-Headers header. exposedHeaders: false # Sets the Access-Control-Max-Age header. maxAge: false # Sets the Access-Control-Allow-Credentials header. supportsCredentials: false

2016 Acquia Inc.

RPC endpoints for user operationsYou can now log into Drupal, check a users status, log out, and reset a password entirely through RPC endpoints.

2016 Acquia Inc.

RPC endpoints for login, status, logout, and resetcurl --header "Content-type: application/json" --request POST \ --data '{"name":"admin", "pass":"admin"}' \ http://drupal.d8/user/login?_format=json

curl --header "Content-type: application/json" --request GET \http://drupal.d8/user/login_status?_format=jsoncurl --header "Content-type: application/json" --request POST \http://drupal.d8/user/logout?_format=json

2016 Acquia Inc.

REST configuration before: rest.settingsresources: entity:node: GET: supported_formats: - hal_json supported_auth: - basic_auth POST: supported_formats: - hal_json supported_auth: - basic_auth PATCH: supported_formats: - hal_json supported_auth: - basic_auth DELETE: supported_formats: - hal_json supported_auth: - basic_auth

2016 Acquia Inc.

REST configuration after: rest.resource.entity.nodeid: entity.nodeplugin_id: 'entity:node'granularity: methodconfiguration: GET: supported_formats: - hal_json supported_auth: - basic_auth POST: supported_formats: - hal_json supported_auth: - basic_auth PATCH: supported_formats: - hal_json supported_auth: - basic_auth DELETE: supported_formats: - hal_json supported_auth: - basic_au

Recommended

View more >