Skip to main content

Registering a user via REST is an important process particularly when the requests come from a mobile device.

In working through the process you might have come across error message like:

403 Forbidden : "Only anonymous users can register a user."

422 Unprocessable Entity : "A Password cannot be specified. It will be generated on login."

So how did I get these and what to do?

First off, check the REST set up in the administration area of Drupal.  Configure User and User registration in the Configuration > Web Services > REST.  Knowing that there is a big difference between User and User registration.  

User registration

User registration will allow an anonymous user to register and have a password sent via email to their email client.  The pathway to this resource is 


If you use this method to achieve registering a user, then the above error messages will occur.  The user/register method is used to register an anonymous user.  When creating a user from an app this is not ideal.  From an app, the best method is to use user method.


Check that you have enabled this resource.  This can be achieved in the same pathway as noted above

Configuration > Web Services > REST

To access this resource use /entity/user?_format=hal_json 

The body of this call will contain as an example

{"_links":{ "type":{"href":""}},
"pass":[{"value": "sarah1"}],

Okay the password is so not secure... I'll leave that for you to change.  One this to note if you pass this as above, the user will be blocked.  So an administrator will need to change their status.  Otherwise to avoid this and have them active on registration add the status parameter to the body

"status":[{"value": "1"}]