Module 2.9 – REST / Web Services

REST and Web Services are not a primary development focus at the Drupal Developer level, but Acquia includes this module to verify that you:

  • Understand Drupal’s core web services capabilities
  • Know when REST is appropriate
  • Do not over-engineer simple use cases

Most questions in this module are conceptual and decision-based, not code-heavy.


What REST means in Drupal (simple definition)

REST allows external systems to:

  • Read data from Drupal
  • Create data in Drupal
  • Update or delete data in Drupal

This communication typically happens using JSON over HTTP.

Drupal acts as:

  • A data provider
  • A data consumer

Core REST capabilities in Drupal

Drupal provides REST functionality through core modules.

Important core modules:

  • REST
  • Serialization
  • HAL (older, less common)

Exam signal:
If REST is mentioned, enabling core modules is the first step.


Common REST use cases (exam-focused)

Typical Drupal REST use cases:

  • Headless or decoupled frontends
  • Mobile applications
  • External system integrations

If content is only used inside Drupal, REST is usually unnecessary.


REST resources in Drupal

Drupal exposes REST resources for entities such as:

  • Nodes
  • Users
  • Taxonomy terms
  • Custom entities

Resources define:

  • What operations are allowed (GET, POST, PATCH, DELETE)
  • Authentication requirements
  • Serialization format

HTTP methods (basic awareness)

Common methods:

  • GET: retrieve data
  • POST: create data
  • PATCH: update data
  • DELETE: remove data

Exam signal:
If the question mentions creating or updating content via API, REST is relevant.


Authentication and permissions

Drupal REST relies on:

  • User permissions
  • Authentication providers

Common authentication methods:

  • Cookie-based (logged-in users)
  • Basic Auth
  • OAuth (advanced)

Exam signal:
If security is mentioned, authentication is required.


REST vs Views (very common exam trap)

Use Views when:

  • Displaying content inside Drupal
  • Building listings or pages

Use REST when:

  • External systems need data
  • Frontend is decoupled

If the UI is Drupal-based, Views is usually correct.


Serialization formats

Drupal supports multiple formats:

  • JSON
  • XML
  • HAL+JSON

JSON is the most common and exam-safe answer.


Site Builder perspective

Site builders:

  • Enable REST modules
  • Configure permissions
  • Choose which resources are exposed

They do not write API code.


Frontend developer perspective

Frontend developers:

  • Consume REST endpoints
  • Handle JSON responses
  • Authenticate requests

They rely on backend configuration.


Backend developer perspective

Backend developers:

  • Configure REST resources
  • Create custom REST resources if needed
  • Secure endpoints

Custom REST resources are advanced and rarely required in exam scenarios.


Architect perspective

Architects decide:

  • REST vs decoupled vs traditional Drupal
  • Security strategy
  • Performance implications

REST introduces complexity and must be justified.


Performance and caching

REST responses can be cached.

Drupal integrates REST with:

  • Cache metadata
  • HTTP caching

Exam signal:
If performance is mentioned, caching applies to REST as well.


Common exam traps in Module 2.9

  • Using REST for simple listings
  • Building APIs when Views is sufficient
  • Ignoring authentication
  • Exposing sensitive data

Correct answers favor minimal complexity.


Real scenario walkthrough

Scenario:
A mobile app needs to read and create Event content in Drupal.

Correct solution:

  • Enable REST and Serialization modules
  • Configure node REST resources
  • Secure with authentication

Incorrect solution:

  • Custom database endpoints

Key exam takeaways

  • REST is for external systems
  • Views is for Drupal UI
  • Core modules handle most REST needs
  • Security and permissions matter
  • JSON is the common format

Practice check

  • External app needs content: REST
  • Drupal page listing: Views
  • API security: authentication
  • Data format: JSON