DrupalDevDays is one of the most important events for Drupal Developers because it is the place where they can meet, know each other and work together to help Drupal to be a better CMS from all points of view.

This year at the event the participants were involved in Contribution Sprints in 3 rooms, many interesting sessions in other 3 rooms and also workshops for DevOps.

The community contribution sprints were organized in initiatives for:

  • Media
  • Configuration 2.0
  • Search API
  • Drupal Commerce
  • Druplicon and bridges
  • Encryption
  • MongoDB
  • Redesign Admin UI
  • Workflow
  • Organic Groups
  • PHPUnit initiative

One of the main discussion about the future of Drupal at the DevDays Lisbon was about making it API First, meaning that information stored and managed by Drupal can be used anywhere by other systems and can be displayed in the desired way. For this to be accomplished, it is very important to make a step forward with Drupal’s web services: REST, JSON API, GraphQL, OAuth 2.0

I will tell you a bit about each of these in the following lines.


First of all, it is included in Drupal 8 core. REST is one of a possible way of making Web Services available on your site. In contrast to other techniques, REST encourages developers to rely on HTTP methods (such as GET and POST) to operate on information managed by Drupal.

For serializing data it depends on the Serialization module and it allows you to interact with any content entity: nodes, users, taxonomies...


The JSON API module is a implementation of the JSON API specification.

The API that the JSON API module makes available is centered around the Drupal's entity types and bundles. Every bundle receives its own, unique URL path, which all follow a shared pattern.

What is different from the Drupal Core REST module is that these paths are not configurable and are all enabled by default. Unlike core REST the JSON API is not simply a format like JSON or HAL+JSON. It encompasses a much broader set of rules about how your API will work. It dictates which HTTP methods should be used, what HTTP response codes should be returned under specific circumstances, the format of your response body, and the linkage between resources.

As a comparison between REST and JSON API:

  • REST module allows for anything (any format, any logic, any HTTP method) and extreme configurability. Powerful but complex.
  • JSON API focuses on exposing Drupal's biggest strength (entities/data modeling) in a coherent manner. Simple yet sufficiently powerful for most use cases.


JSON API and GraphQL are preferred over traditional REST because of their ability to provide nested entity relationships. GraphQL goes a step further than JSON API by facilitating explicitly client-driven queries, in which the client dictates its data requirements.

As described in the module page, “You can use this module as a foundation for building your own schema through custom code or you can use and extend the generated schema using the plugin architecture and the provided plugin implementations form the sub-module”.

OAuth 2.0 bearer token

One of the issues that many decoupled applications are facing is large number of authorization options when working with Drupal's REST API. Here comes OAuth2, that  seems a logical next step for Drupal sites that need to authenticate requests. Because it is more secure than what is available in core REST's basic authentication, OAuth2 would help developers build more secure decoupled Drupal architectures and allow us to deprecate the other less secure approaches.

Because of the hard work of the many contributors involved, the API-first initiative is progressing a lot. There are plans to add the JSON API module in the Drupal 8.7 release and somewhere in the future also GraphQL.


My Sources:


This is relevant for …

Drupal, API First, rest, JSON API

Post a comment