Module Development

JSON:API Security Considerations for Drupal 8, 9, and 10

When you enable the JSON:API module you're significantly increasing the attack surface of your application. So it's a good idea to make sure that you understand the implications of doing so, and how to mitigate potential security issues. In most cases it doesn't require much work to do, but it's worth taking the time to make sure you've done it right.

In this tutorial we'll learn:

  • What JSON:API already does to keep you secure
  • How to protect against common attacks
  • How to limit access to resources exposed by JSON:API

By the end of this tutorial you should know what to look for when auditing your JSON:API configuration to help prevent against common attacks.