API-First Drupal: what's new in 8.5?
Now that Drupal 8’s REST API 1 has reached the next level of maturity, I think a concise blog post summarizing the most important API-First Initiative improvements for every minor release is going to help a lot of developers. Drupal 8.5.0 will be released next week and the RC was tagged last week. So, let’s get right to it!
The REST API made a big step forward with the 5th minor release of Drupal 8 — I hope you’ll like these improvements :)
Thanks to everyone who contributed!
text
fields’ computedprocessed
property exposed #2626924No more need to re-implement this in consumers nor work-arounds.
"body":{ "value":"<p>Hi!</p><script>alert('foo')</script>", "format":"basic_html"}
⬇
"body":{ "value":"<p>Hi!</p><script>alert('foo')</script>", "format":"basic_html", "processed":"<p>Hi!</p>"}
uri
field onFile
gained a computedurl
property #2825487"uri":{"value":"public://cat.png"}
⬇
"uri":{"url":"/files/cat.png","value":"public://cat.png"}
Term
POST
ing requires non-admin permission #1848686administer taxonomy
permission
⬇
create terms in %vocabulary%
permissionAnalogously for
PATCH
andDELETE
: you neededit terms in %vocabulary%
anddelete terms in %vocabulary%
, respectively.Vocabulary
GET
ting requires non-admin permission #2808217administer taxonomy
permission
⬇
access taxonomy overview
permissionGET
→ decode → modify field → encode →PATCH
→403
200
#2824851You can now
GET
a response, modifying the bits you want to change, and then sending exactly that, without needing to remove fields you’re not allowed to modify. Any fields that you’re not allowed to modify can still be sent without resulting in a 403 response, as long as you send exactly the same values. Drupal’s REST API now implements the robustness principle.- 4xx
GET
responses cacheable: more scalable + faster #2765959Valuable for use cases where you have many (for example a million) anonymous consumers hitting the same URL. Because the response is not cacheable, it can also not be cached by a reverse proxy in front of it. Meaning that we’ll have hundreds of thousands of requests hitting origin, which can bring down the origin server.
- Comprehensive integration tests + test coverage test coverage
This massively reduces the risk of REST API regressions/changes/BC breaks making it into a Drupal 8 release. It allows us to improve things faster, because we can be confident that most regressions will be detected. That even includes the support for XML serialization, for the handful of you who are using that! We take backwards compatibility serious.
Even better: we have test coverage test coverage: tests that ensure we have integration tests for every entity type that Drupal core’s stable modules ship with!
Details at API-First Drupal — really!. Getting to this point took more than a year and required fixing bugs in many other parts of Drupal!
Want more nuance and detail? See the REST: top priorities for Drupal 8.5.x issue on drupal.org.
Are you curious what we’re working on for Drupal 8.6? Want to follow along? Click the follow button at REST: top priorities for Drupal 8.6.x — whenever things on the list are completed (or when the list gets longer), a comment gets posted. It’s the best way to follow along closely!2
The other thing that we’re working on for 8.6 besides the REST API is getting the JSON API module polished to core-worthiness. All of the above improvements help JSON API either directly or indirectly! More about that in a future blog post.
Was this helpful? Let me know in the comments!
Thanks to Ted for reviewing a draft of this blog post! And sorry for not changing the title to API First Drupal in 8.5.0: Amazing progress because of tedbow’s work on setInternal properties!!!!!!!!! even though that would’ve been totally accurate :D
For reference, historical data:
- 8.2.x — results (25% of release notes issues)
- 8.3.x — results (10% of release notes issues)
- 8.4.x — results (14% of release notes issues)
- 8.5.x — results (25% of release notes issues, 25% of highlights)
-
This consists of the REST and Serialization modules. ↩︎
-
~50 comments per six months — so very little noise. ↩︎