A recent internal Commercial Progression project allowed us the opportunity to set up a Drupal 8 site and get REST working on it. In the process, and by merit of the stack being new with the documentation catching up, I learned a few tricks that might be useful for enterprising developers out there.

1. POST-ing entities is to a different path than the REST UI says

If you install the REST UI module and enable an endpoint, you'll see a screen like:

From this display, you might be convinced that the URL you use to HTTP POST a new entity (if the bundle were named "update", for instance) would be

http://yourname.tld/admin/structure/eck/entity/component/update

But you would be wrong. The actual post path is:

http://yourname.tld/entity/component

...where "component" is the entity type. This seems to be the case for pretty much any entity. Don't forget the

?format=haljson

on all your stuff, for good measure.

2. There's a thing called a CSRF token, and you can get one with cURL

The documentation lets you know that risky operations require a CSRF token and how to get one. Yuen Ying Kit even has the necessary Guzzle-based PHP code (posted in 2013!) for grabbing a CSRF token on the fly.

Let's say you wanted to write it for a cURL request in PHP without any external dependencies. That would look something like: