Skip to main content

For others that have spent countless hours getting this to work and are struggling... in particular assigning the correct user to the comment - this is how I achieved the correct outcome.

The outline below is for usage via Postman and DHC (Restlec Client)... once working here then testing done and ready to apply to your app or however you are using this.

Set up

Set accept to hal+json

sample:

POST request

url: http://example.com/entity/comment?_format=hal_json

Authorization Type: Basic {then enter username and password in the corresponding fields)

Headers

Authorization: {this field should be populated from the step earlier where you entered your username and password. If it is not, then go back to the authorization tab and click update request}

Content-Type: application/hal+json

X-CSRF-Token: get your token via http://example.com/rest/session/token

Accept: application/hal+json

JSON formatted data to send to Drupal
{"_links":{
  "http://example.local/rest/relation/comment/comment/uid":{"href": "http://example.local/user/2?_format=hal_json"},
  "http://example.local/relation/comment/comment/entity_id":{"href":"http://example.local/node/2?_format=hal_json"},
  "type":{"href":"http://example.local/rest/type/comment/comment"}
},
 "entity_id":[{"target_id":"2"}],
 "langcode":[{"value":"en"}],
  "subject":[{"value":"Comment title"}],
  "entity_type":[{"value":"node"}],
  "comment_type":[{"target_id":"comment"}],
  "field_name":[{"value":"comment"}],
  "comment_body":[{"value":"Body text for the comment.",
                  "basic_html":"basic_html"}],
  "_embedded": {
    "http://example.local/rest/relation/comment/comment/entity_id": [{
        "_links": {
          "self": {"href": "http://example.local/node/25?_format=hal_json"},
          "type": {"href": "http://example.local/rest/type/node/article"}
        },
        "uuid": [{"value": "8795cd5d-d223-4cad-9373-605c8ffac10f"}]
      }],
    "http://example.local/rest/relation/comment/comment/uid": [{
        "_links": {
          "self": {"href": "http://example.local/user/1?_format=hal_json"},
          "type": {"href": "http://example.local/rest/type/user/user"}
        },
        "uuid": [{"value": "a8c95c05-4546-4c7b-def5-fed7a4c5beca"}]
      }]
  }
}
Errors

If you are applying the above and the following errors occur:

415 Unsupported Media Type - then most likely the Content-Type is set to application/json rather than Content-Type being set to application/hal+json
Change - Content-Type: application/hal+json

401 Forbidden "message": "Access denied on creating field 'uid'." - as noted above it is a permission issue. What exactly is this permission issue... this tripped me as authenticated users could already add comments directly to the site. However, with REST you also need to check 'Administer comments and comment settings' against the authenticated user (go to http://example.com/admin/people/permissions and check).
Change - Administer comments and comment settings in the permissions area

Assigning new comments against the wrong user - it's the _embedded uuid.

You need to check that you have the correct uuid for both the entity_id and the uid

  • entity_id - "http://example.local/rest/relation/comment/comment/entity_id";
  • uid - "http://example.local/rest/relation/comment/comment/uid"

Testing this, I found that you can change the uuid for the entity and even though the "http://example.local/relation/comment/comment/entity_id":{"href":"http://example.local/node/2?_format=hal_json"}, is set correctly, the comment will be assigned to entity of the uuid in the _embedded area.  This also applies to the "http://example.local/rest/relation/comment/comment/uid"

Simply the request body

You can actually simplify the body of the request from what is above to:

{"_links":{
  "type":{"href":"http://example.local/rest/type/comment/comment"}
},
 "entity_id":[{"target_id":"2"}],
 "langcode":[{"value":"en"}],
  "subject":[{"value":"Comment title"}],
  "entity_type":[{"value":"node"}],
  "comment_type":[{"target_id":"comment"}],
  "field_name":[{"value":"comment"}],
  "comment_body":[{"value":"Body text for the comment.",
                  "basic_html":"basic_html"}],
  "_embedded": {
    "http://example.local/rest/relation/comment/comment/entity_id": [{
        "uuid": [{"value": "8795cd5d-d223-4cad-9373-605c8ffac10f"}]
      }],
    "http://example.local/rest/relation/comment/comment/uid": [{
        "uuid": [{"value": "a8c95c05-4546-4c7b-def5-fed7a4c5beca"}]
      }]
  }
}

Related articles

Andrew Fletcher04 Apr 2025
Managing .gitignore changes
When working with Git, the .gitignore file plays a critical role in controlling which files and folders are tracked by version control. Yet, many developers are unsure when changes to .gitignore take effect and how to manage files that are already being tracked. This uncertainty can lead to...
Andrew Fletcher26 Mar 2025
How to fix the ‘Undefined function t’ error in Drupal 10 or 11 code
Upgrading to Drupal 10.4+ you might have noticed a warning in their code editor stating “Undefined function ‘t’”. While Drupal’s `t()` function remains valid in procedural code, some language analysis tools — such as Intelephense — do not automatically recognise Drupal’s global functions. This...
Andrew Fletcher17 Mar 2025
Upgrading to PHP 8.4 challenges with Drupal contrib modules
The upgrade from PHP 8.3.14 to PHP 8.4.4 presents challenges for Drupal 10.4 websites, particularly when dealing with contributed modules. While Drupal core operates seamlessly, various contrib modules have not yet been updated to accommodate changes introduced in PHP 8.4.x. This has resulted in...