Skip to main content

API REST user login the right way

If you are receiving the following 403 errors:

  • "message": "The used authentication method is not allowed on this route."
  • "message": "This route can only be accessed by anonymous users."

Then keep reading for how to resolve them.


Attempting to log in to a Drupal site using REST API and I had to battle a few head winds along the way.  What is worse, they were self imposed!


Uploading plist data to the server using an API

I had an instance where I needed to move content from a plist to the server database.  To achieve this step, I added a few lines of code where the plist was called and added a call to the API so the data would be on the server.

The original code appeared as:

Registering users via REST

Registering a user via REST is an important process particularly when the requests come from a mobile device.

In working through the process you might have come across error message like:

403 Forbidden : "Only anonymous users can register a user."

422 Unprocessable Entity : "A Password cannot be specified. It will be generated on login."

So how did I get these and what to do?

POST image Guzzle error

While I have posted an article about how to POST an image using REST in Drupal 8... the journey there can be slow.  Crawling through the errors to eventually spot the missing link.  For me the how to is as important as the solution.

On the journey I did receive the following 404 Not Found error:

POST image using RESTUI

Adding an image via RESTUI can be done in a snap... once you know how!  I have spent a good amount of time (days) researching how come my scripts weren't running correctly.


authentication: basic,

formats: hal_json

Assigning the wrong user against a new comment using REST

You have been working hard on getting comments being added (POST) through REST in Drupal 8.  However, now you are seeing the following Assigning the wrong user against a new comment - and most likely the new comment is being assigned to the site admin.  

The error here is related to the _embedded uuid.

What to do

You need to check that you have the correct uuid for both the entity_id and the uid

401 Forbidden - Access denied on creating field 'uid'

The magically descriptive error 401 Forbidden "message": "Access denied on creating field 'uid'.".  You probably can sense the love I have for this error.  This was a painful error that took a little while to resolve.  First off I also had this error display as:

415 Unsupported Media Type - REST POST comments

If you are like me you probably have searched for clues to and found little... particularly when confronted by the errors as you unravel how this works.  Okay a slight exaggeration, there are snipets of info that people have solved this annoying issue in  making comments work in Drupal 8 REST services.

Drupal 8 REST POST comments

For others that have spent countless hours getting this to work and are struggling... in particular assigning the correct user to the comment - this is how I achieved the correct outcome.

The outline below is for usage via Postman and DHC (Restlec Client)... once working here then testing done and ready to apply to your app or however you are using this.

Set up

Set accept to hal+json


POST request

Subscribe to REST