Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This module secures your Drupal site's API endpoints by supporting various authentication methods like Basic, API Key, OAuth 2.0, and JWT. It allows for granular control over API access, including IP address and role-based restrictions.

The Drupal API Authentication module prevents unauthorized access to your Drupal site. This helps to secure API endpoints from unauthorized access.

Our module supports key API authentication methods such as Basic Authentication, API Key Authentication, JWT Authentication, and more. Additionally, a REST API defines a set of functions in which developers can perform requests such as GET, POST, PUT, PATCH, DELETE, and receive responses via the HTTP protocol.

Setup guides Unique case-studies

Drupal API Authentication Methods:

Drupal REST & API Authentication module supports the following authentication methods:

1) Basic Authentication: Users can effortlessly authenticate themselves using their username and password using the basic authentication technique.

2) API Key Authentication: This is a method where the users are authenticated using a unique API key on every API request.

3) OAuth 2.0 Authentication: One of the secured authentication methods, where the OAuth 2.0 protocol is used to generate an access token. This token authenticates access to your Drupal site API.

4) JWT Authentication: This method authenticates users with an existing external JSON Web Token (JWT) from a provider, or with one obtained through our module. Just add the token in the API request header to authenticate the users

5) Third-Party Provider Authentication: Restrict access to your Drupal REST API using third-party identity providers such as Okta, Google, or Microsoft Entra ID etc. This technique allows you to configure the Drupal API authentication module with the identity provider and authenticate all the API requests using the access token from the identity provider.

Prominent Features of REST & JSON API are:

  • Custom Certificate Generation: The module allows you to generate a custom certificate or use your own certificate.
  • Supports JSON and REST APIs.
  • Supports Restriction of Custom APIs.
  • API Key Authentication
  • Basic Authentication
  • JWT-Based Authentication
  • OAuth 2.0 or Access Token-based Authentication
  • Third-party provider (external identity provider) based authentication.
  • Generate separate API Keys for every user.
  • Custom Header
  • Custom Token Expiry
  • Custom API Restrictions
  • IP Address Based Restriction
  • Role Based Restriction
  • and much more...

This module is developed by miniOrange. Some of the features may require a valid paid license.

Need any help?

Reach out to us at [email protected] to resolve queries or to schedule a demo. You can also connect with us on the Drupal Slack channel.

 Contact Us Join Our Slack Channel

Activity

Total releases
5
First release
Feb 2025
Latest release
2 months ago
Releases (12 mo)
3 ▲ from 2
Maintenance
Active

Release Timeline

Releases

Version Type Release date
3.1.0 Stable Apr 23, 2026
3.0.0 Stable Jan 26, 2026
2.1.0 Stable Sep 8, 2025
2.0.19 Stable Jun 16, 2025
2.0.18 Stable Feb 3, 2025