-
Notifications
You must be signed in to change notification settings - Fork 172
3. Authentication
RESTful provides two authentication methods out-of-the-box; cookie-based, or token-based. Which you choose depends on a number of factors.
The cookies authentication will only work if your client will be served from the same domain as Drupal is running on.
If your client is fully-decoupled (e.g. served from a different domain, or running as an app on a device), you will need to use token-based authentication. You must then consider the security implications of storing this token on the device. For example, it may not be wise to store this token in a browser's local storage.
You will need to have Drupal give you an authentication cookie either by manually logging in to your Drupal site, or via the api/v1.0/login endpoint (see more).
Once your client has the auth cookie, it can send that back with every request and Drupal will know the REST request has come from an authenticated user.
The RESTful project comes with the optional RESTful token authentication module, which allows you to authenticate a REST call using a token.
The endpoint for this is api/login-token (read more).
Once your client has obtained the authentication token, it can send that back with each request, so that Drupal knows the request is from the authenticated user.
Example written in Angular: https://github.com/Gizra/angular-restful-auth