Skip to main content

If you are receiving the following 403 errors:

  • "message": "The used authentication method is not allowed on this route."
  • "message": "This route can only be accessed by anonymous users."

Then keep reading for how to resolve them.

 

Attempting to log in to a Drupal site using REST API and I had to battle a few head winds along the way.  What is worse, they were self imposed!

 

Attempting to authenticate

I was initially using the following to login in a user

method: post
url: https://example.com/user/login?_format=hal_json
headers:
Accept: application/hal+json

Authorization: basic

X-CSRF-Token: {string}

Content-Type: application/hal+json
body:
{
"name": "sarah",
"pass": "sa!ah"
}

 

Output:

Response: 403

"message": "The used authentication method is not allowed on this route."

Solution: If you are receiving this error, the issue you have is related to the headers.  Deactivate them.

 

Other responses

Response: 403

"message": "This route can only be accessed by anonymous users."

Solution: You have already logged in this user.  Log them out first, before attempting the login process again.

Related articles

Andrew Fletcher09 Jun 2022
How to use the Poll module and passing via RESTful API
  Using the Drupal Poll module and passing via RESTful API -  How do you get it working?   The initial set-up POST: {domain}/mhc_custom/poll?_format=json Content-type: application/json Accept: application/json { "choice": "1" }   If you run the above...
Andrew Fletcher09 Jun 2022
Recently viewed pages
This code is from Drupal 9 back-end for a React front-end via REST API. Working through the output for recently viewed pages... the code structure: <?php namespace Drupal\custom\Plugin\GetData\paragraph; use Drupal\custom\Plugin\GetData\ContentBase; use...
Andrew Fletcher07 Jun 2022
User options - login, logout and user details
For an introduction into setting up RESTful hal+json refer to the set-up documentation.  Also see the Query - user screen. Login a member POST: {domain}/user/login?_format=hal_json Content-type: application/hal_json Accept: application/hal+json { "name":...