If you are receiving the following 403 errors:
- "message": "The used authentication method is not allowed on this route."
- "message": "This route can only be accessed by anonymous users."
Then keep reading for how to resolve them.
Attempting to log in to a Drupal site using REST API and I had to battle a few head winds along the way. What is worse, they were self imposed!
Registering a user via REST is an important process particularly when the requests come from a mobile device.
In working through the process you might have come across error message like:
403 Forbidden : "Only anonymous users can register a user." 422 Unprocessable Entity : "A Password cannot be specified. It will be generated on login."
So how did I get these and what to do?
While I have posted an article about how to POST an image using REST in Drupal 8... the journey there can be slow. Crawling through the errors to eventually spot the missing link. For me the how to is as important as the solution.
On the journey I did receive the following 404 Not Found error:
You have been working hard on getting comments being added (POST) through REST in Drupal 8. However, now you are seeing the following Assigning the wrong user against a new comment - and most likely the new comment is being assigned to the site admin.
The error here is related to the _embedded uuid.
What to do
You need to check that you have the correct uuid for both the entity_id and the uid
If you are like me you probably have searched for clues to and found little... particularly when confronted by the errors as you unravel how this works. Okay a slight exaggeration, there are snipets of info that people have solved this annoying issue in making comments work in Drupal 8 REST services.
For others that have spent countless hours getting this to work and are struggling... in particular assigning the correct user to the comment - this is how I achieved the correct outcome.
The outline below is for usage via Postman and DHC (Restlec Client)... once working here then testing done and ready to apply to your app or however you are using this.
Set accept to hal+json