REST and Web Services are not a primary development focus at the Drupal Developer level, but Acquia includes this module to verify that you:
- Understand Drupal’s core web services capabilities
- Know when REST is appropriate
- Do not over-engineer simple use cases
Most questions in this module are conceptual and decision-based, not code-heavy.
What REST means in Drupal (simple definition)
REST allows external systems to:
- Read data from Drupal
- Create data in Drupal
- Update or delete data in Drupal
This communication typically happens using JSON over HTTP.
Drupal acts as:
- A data provider
- A data consumer
Core REST capabilities in Drupal
Drupal provides REST functionality through core modules.
Important core modules:
- REST
- Serialization
- HAL (older, less common)
Exam signal:
If REST is mentioned, enabling core modules is the first step.
Common REST use cases (exam-focused)
Typical Drupal REST use cases:
- Headless or decoupled frontends
- Mobile applications
- External system integrations
If content is only used inside Drupal, REST is usually unnecessary.
REST resources in Drupal
Drupal exposes REST resources for entities such as:
- Nodes
- Users
- Taxonomy terms
- Custom entities
Resources define:
- What operations are allowed (GET, POST, PATCH, DELETE)
- Authentication requirements
- Serialization format
HTTP methods (basic awareness)
Common methods:
- GET: retrieve data
- POST: create data
- PATCH: update data
- DELETE: remove data
Exam signal:
If the question mentions creating or updating content via API, REST is relevant.
Authentication and permissions
Drupal REST relies on:
- User permissions
- Authentication providers
Common authentication methods:
- Cookie-based (logged-in users)
- Basic Auth
- OAuth (advanced)
Exam signal:
If security is mentioned, authentication is required.
REST vs Views (very common exam trap)
Use Views when:
- Displaying content inside Drupal
- Building listings or pages
Use REST when:
- External systems need data
- Frontend is decoupled
If the UI is Drupal-based, Views is usually correct.
Serialization formats
Drupal supports multiple formats:
- JSON
- XML
- HAL+JSON
JSON is the most common and exam-safe answer.
Site Builder perspective
Site builders:
- Enable REST modules
- Configure permissions
- Choose which resources are exposed
They do not write API code.
Frontend developer perspective
Frontend developers:
- Consume REST endpoints
- Handle JSON responses
- Authenticate requests
They rely on backend configuration.
Backend developer perspective
Backend developers:
- Configure REST resources
- Create custom REST resources if needed
- Secure endpoints
Custom REST resources are advanced and rarely required in exam scenarios.
Architect perspective
Architects decide:
- REST vs decoupled vs traditional Drupal
- Security strategy
- Performance implications
REST introduces complexity and must be justified.
Performance and caching
REST responses can be cached.
Drupal integrates REST with:
- Cache metadata
- HTTP caching
Exam signal:
If performance is mentioned, caching applies to REST as well.
Common exam traps in Module 2.9
- Using REST for simple listings
- Building APIs when Views is sufficient
- Ignoring authentication
- Exposing sensitive data
Correct answers favor minimal complexity.
Real scenario walkthrough
Scenario:
A mobile app needs to read and create Event content in Drupal.
Correct solution:
- Enable REST and Serialization modules
- Configure node REST resources
- Secure with authentication
Incorrect solution:
- Custom database endpoints
Key exam takeaways
- REST is for external systems
- Views is for Drupal UI
- Core modules handle most REST needs
- Security and permissions matter
- JSON is the common format
Practice check
- External app needs content: REST
- Drupal page listing: Views
- API security: authentication
- Data format: JSON