RESTful API, an application program interface (API) that makes use of HTTP requests in order to GET, PUT, POST and DELETE the data. The RESTful API is specially designed to take an advantage of all the existing protocols. The developers do not need to install the libraries to take advantage of RESTful API design. The usage of the RESTful API is because it is flexible to allow you to build an API which meets your requirements.
The API is basically based on Representational State Transfer (REST) technology which is a style to communications often used in web services development.
Below image represents the RESTful API with Drupal
In the above diagram, other applications make API call to the Drupal website to perform CRUD operation (with the web server and database).
Below mentioned are some of the key features for creating the Restful API with Drupal.
As the word itself means, authentication is the verification of the credentials of the connection attempt. Under this process, one can send credentials from the remote access client to the remote access server in various forms like plain text or encrypted form with the help of an authentication protocol
Authorization is the verification that the connection attempt is allowed. Authorization is something that occurs after successful authentication.
- API keys/secrets are usually a long series of random characters that are difficult to guess.
- Require API keys for every request to the protected endpoint.
- API key is generated on the user’s successful login and is unique for each user’s login.
- Without valid API key, it is not possible to make an API call.
- The user will be using the unique API key throughout the session.
- Once the user logs out, the API key is deactivated.
- When API key is deactivated, that API key is no longer been used and it generates a new API key on login.
- Device token is used to send the push notification to the devices.
- Device token is provided when a user logs in initially.
- Each device will have a unique device token.
- While the logging process is going on, it will save unique API key for the device token.
- Once the user logs out, the device token will be disabled and won’t be able to send a push notification to the device.
- Custom module is created with the folder name for e.g. (custom_api) and add below 3 files
- info (it will contain information about the module)
- module (it will contain the APIs defined)
- inc (file to check the accessibility of the API)
- inc file will check the API key and device token provided by the API callback are valid or not.
- Create one menu of type “MENU_CALLBACK” and declare the page callback with the function where the API response is defined.
- In the above-defined function, return the response to the API in JSON format.
- Validation is defined for the API call to validate input and ensure proper processing of data.
- Process data once validation is performed.
- To send a push notification, the device token is required.
- For Android, FCM is used to send a push notification
- For IOS, below gateway is used
- ssl://gateway.sandbox.push.apple.com:2195 — for sandbox
- ssl://gateway.push.apple.com:2195 – for production
- It also requires a certificate with the credentials to access it, which will be provided by the IOS developer.
- Firewall configuration should be done to allow the server to access to the above-mentioned gateway.
Dev Information Technology Limited [DEV IT] is a public listed company on NSE Emerge. [NSE: DEVIT]. DEV IT specializes in providing tightly integrated end-to-end IT services in areas of enterprise applications, IT Infrastructure management services, custom application development, cloud development and many more.
Latest posts by Bhagyashree Parmar (see all)
- How to Host Serverless Applications to Save Costs in Your Node.js Development - October 21, 2022
- How to Build a Microservices Architecture with React and Node.js - August 28, 2022
- 6 Must Have Features to Create RESTful API with Drupal - August 20, 2018