Register a User with Drupal 8 REST API

User registration using Drupal 8's REST API has been in flux but appears to be stabilized (for now).

There are many blog posts on using Drupal 8's REST API. Getting a user registered using REST, however, seems to be in flux. This post will get you set up for using the REST API, and in particular, will outline the steps to get a new user registered on a Drupal 8.3.x site.

First, enable the 4 core Web Services modules: HAL,  HTTP Basic Authentication, RESTful Web Services (REST), and Serialization.

To set up your REST endpoints, install the Rest UI module. Alternatively, you can manually modify the rest.settings.yml file

Drupal 8 REST modules


If using the REST UI module, go to the UI page at /admin/config/services/rest and enable the User registration resource:

Drupal 8 REST UI


At /admin/people/permissions, enable the permission: Access POST on User registration resource

Drupal 8 REST permissions


Under the Account Settings config at /admin/config/people/accounts, allow registration by visitors, with or without administrative approval. If admin approval or email verification is required, the account will be created, but it will be blocked until approval/verification.

Drupal 8 Account Settings


If email verification is required, don't send the password in the POST request - just remove the entire line with "pass" in it, see below. If the password is included in this case, the site will return a 422 Client Error with the message "A Password cannot be specified. It will be generated on login."

Test your REST setup using one of many free tools. Chrome extensions include the ever-popular Postman and Restlet Client. I used Cocoa Rest Client for Mac.

Here are values for the REST body:

Cocoa Rest Client body field


Values for the REST headers:

Cocoa REST Client header field


Content-Type is application/hal+json. The X-CSRF-Token value can be found at /rest/session/token. Since we earlier gave anonymous users the permission to use this REST resource, no authentication is needed.

Your REST testing tool should return a header with "HTTP 200 No Error" and a body with all the new user account details in JSON format.