rest_role_restrict
1 sites
No security coverage
REST Role Restrict provides a simple but powerful solution for controlling access to Drupal's REST API. It restricts all API access to only users with specific roles that site administrators can configure via a UI.
Installation
- Download the module with Composer.
- Enable the module.
Use the Admin UI to enable the module.
- Ensure dependencies are enabled.
These core modules must be active for REST to function:- rest
- serialization
- user
Post-Installation
- Go to the configuration page.
Navigate to Configuration → Web Services → REST Role Restrict or go directly to:
/admin/config/services/rest-role-restrict
- Select allowed roles.
Use the checkboxes to choose which user roles should be granted access to Drupal’s REST API.
- Save the configuration.
The settings will apply globally to all REST API requests.
- Control access to the settings page.
Only users with theadminister rest role restrictpermission can configure which roles have API access.
- Disallowed users receive a structured error.
When a user without an allowed role makes a REST API request, they will receive a JSON response like this:{ "message": "Access to the REST API is restricted to specific roles. Contact your site administrator." }
Supporting this Module
If this module saves you time or adds value to your project, you can show your support in two ways:
- Buy me a coffee to say thanks:
https://buymeacoffee.com/tylerhastain - Want to contribute or sponsor development?
Reach out directly if you're interested in helping improve or maintain the module — contributions, ideas, and support are always welcome!