As an encoding scheme, JSON (JavaScript Object Notation) is designed to eliminate the need for an ad-hoc code that communicates with servers. It aims to improve the efficiency of the friction of requests that takes place between the clients and the servers.
How a client should request the resources to be fetched and how a server should respond to the requests is what the entity based JSON:API dictates. However, it does not take care of business tasks like registering a new account, logging in a user, or requesting a new password.
Let’s decode the journey of JSON:API with Drupal in this blog!
Contributed Modules: GraphQL, Simple OAuth, Open API, Consumers, RELAXed Web Services, Subrequests, etc.
Decoupled Distributions: Contenta CMS, Reservoir, and Headless Lightning
Out of these, JSON:API contributed module made its way to Drupal core!
Essentially created and maintained by Mateu Aguiló Bosch (e0ipso), the module was applauded by Dries Buytaert and he recommended the contributed module for Drupal 8 core in 2017. He sought Wim Leers and Gabe Sullice’s help in getting the module ready for it.
28 months, 450 commits, 32 releases, and more than 5,500 test runs later, the JSON:API was committed to Drupal 8.7 branch.
Important: The contributed module will be discontinued soon as the users of the JSON:API 8.x-2.x contributed module on Drupal 8.5 or 8.6 can now update to Drupal 8.7 without any hassles, according to Wim Leers.
How JSON:API Module Works
JSON:API enables a great authoring experience by making the Drupal entities (blog posts, users, comments and more) available via a web service API. It generated URLs to access the entity types and bundles using HTTP methods. It facilitates and empowers you to:
Fetch the selected entity fields only (for example, blog titles)
Include relationships (for example, blog authors) and avoid additional requests
Filter and sort the resource collections
Do the pagination of the resource collections
Here’s a JSON:API demo shared by Dries:
JSON vs REST
While many go forward with Core's REST module which allows for extreme configurability, JSON:API is a module that focuses on exposing Drupal's biggest strength - entities/data modeling only. REST is a complex and fragile module to handle and can be a task to work with for many.
Relatively powerful for most use cases, JSON:API let you keep your process clarified. Internet giants like Google, Twitter, and Facebook work with JSON for it is self-descriptive, easy to understand and simple.
The Best Implementation in Existence
With the best of characteristics, the JSON:API module for Drupal and its implementation support the following features:
1.0 specification out-of-the-box.
Every Drupal entity (a resource object in JSON: API terminology) is automatically available through JSON:API.
Existing access controls for both reading and writing are respected.
Both translations and revisions of entities are made available.
Querying entities (filtering resource collections in JSON:API terminology) is possible without any configuration (e.g. setting up a "Drupal View")
Given the Drupal’s decade-old Entity API, Field API, Access APIs, and the incredibly robust foundation, the data can be available via web service APIs.
JSON:API related Modules
#1 The Key auth module which provides simple key-based authentication utilizes JSON:API as it requires no additional configuration and it becomes ideal for sites that expose consumer-facing APIs.
#2 Using the normal Drupal database update system, the Lightning API allows for easy ingestion of content by other applications by providing a standard API with authentication and authorization. It utilizes JSON:API and OAuth2 standards via the JSON:API and Simple OAuth modules.
#3 You can also use JSON:API Extras to customize your API generated by the JSON:API module. You can override and grant limited configurations to the default zero-configuration implementation provided by the JSON:API module. The Extras module enables and disable resources, enhances field output and overwrites the path and name of a resource.
JSON:API Security Considerations
The JSON:API has a quick resolve time for the security vulnerabilities of the stable modules on Drupal.org. However, custom modules or non-stable contributed modules are at their own risk. Therefore, consider these security checks:
You can disable specific resource types via a PHP API that you can implement in a custom module, or you use the JSON:API Extras contrib module, which provides a UI for disabled resource types and fields.
You can enable JSOn:API’s read-only mode for mitigating the risks from hypothetical, as-yet-unknown bugs in preexisting validation constraints and write logic.
In order to reduce the effectiveness of automated attacks, you can change the base path for JSON:API.
Limitations
JSON:API cannot perform actions that can be “CRUD”. It falls short in registering a new account, logging in or requesting a new password. These are not a part of JSON:API abilities.
Conclusion
With the rise of web-based APIs, this data-interchange format is a better alternative than XML. However, we can only wait for time to unveil what’s in store for JSON:API in 2020.
A BIG SHOUT OUT to the bloggers and evangelists willing to impart their knowledge with their writing.
Share your experience and opinion with us and let the world be the stage to your ideas and work. Share your piece with us at [email protected]. We also welcome ideas in the planning phase.
What Do We Expect?
The content should align with our interest in web development and open source technology. However we are open to topics from in and around the industry.
An average blog post should be of around 1000 words, but this is of course subjective.
We love crazy and colourful content. Feel free to link awesome pictures, infographics, stats, and all.
We are also open to articles with cool tips and tricks, some How-to and step by step guide as well
