Drupal - How can I verify users the first time they log in?

Log in to Drupal by POSTing the user credentials. Make sure you set the "Content-Type" header. This starts the user's session.

POST URL:

/user/login?_format=json

Header:

Content-Type: application/json

POST data:

{
  "name": "username",
  "pass": "password"
}

Successful response:

{
  "current_user":{
    "uid": "1",
    "roles":[
      "authenticated",
      "administrator"
    ],
    "name": "username"
  },
  "csrf_token":   "asda09820380_2238019280dk09n908asjdlkajdaoa",
  "logout_token": "asdasd09a8sdaslkdasl-asdasdklsajdlkasdjlksj"
}

Use the CSRF token in subsequent GET, POST, PATCH, DELETE etc. requests by setting the header:

X-CSRF-Token: asda09820380_2238019280dk09n908asjdlkajdaoa

To log out, use the logout token in a POST request. This ends the user's session.

/user/logout?_format=json&token=asdasd09a8sdaslkdasl-asdasdklsajdlkasdjlksj

GET login status:

/user/login_status?_format=json

GET token:

/rest/session/token

References:

  • JavaScript and Drupal 8 RESTful Web Services
  • Change record: Additional RPC endpoints: user/login user/login/status user/logout user/password/reset

Tags:

Rest

8