Skip to content
Social JSON API, published on d.o /project/social_json_api
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Social JSON API provides an API which can be used with the following entities:

  • comment
  • event_enrollment
  • file
  • group
  • group_content
  • node
  • post
  • profile
  • taxonomy_term
  • user

It works out of the box for these entities. However you'll need to do some configuration to access the API (authentication and authorization).


  1. Enable this module and all its dependencies.
  2. The module will automatically create a folder outside your docroot (web/html) directory where you can store the public and private key combination. By default this is: private://oauth_api_keys/.
  3. If your site has a sitemanager role it will automatically assign a bunch of permissions to this role.
  4. Check if all the right entities are enabled in social_json_api_entity_type_alter().


The API System which is implemented has multiple authentication grants available. These are all allowed in Open Social by default.

To determine which grant is applicable for your use-case please read the oauth2 documentation For demo purposes we assume you'll want the password grant, which means that you'll login with account details of a given user.

  1. Go to /admin/config/people/simple_oauth and configure the OAuth settings to your needs. Double check the expiration times and if the keys exist. During development you can set the access token expiration time on a higher value. Usually this should be below 300 seconds.
  2. Create a consumer on /admin/config/services/consumer/add
  3. Fill in at least:
    • Label: The label for your consumer (e.g. My CRM system)
    • User: leave this empty
    • New secret: Generate a secure string here (e.g. using Lastpass, but do remember this, you'll need this later)
    • Is confidential: yes
    • Is this consumer 3rd party?: yes
    • Redirect URL: leave empty
    • Scopes: select the roles you want to use here, e.g. Sitemanager (this determines the permissions for the API)
  4. After saving the consumer you'll go to the consumer overview where you can see the consumer uuid.


Now you can get access to the API by doing a POST Request on /oauth/token with the following body:


Just fill in the client_id, client_secret, username and password accordingly. You will receive an access_token and refresh_token which you can use in subsequent requests, e.g. in refresh_token requests or you can use the same access_token during the expire time.

More info here:


Some more information is available on your site on: /admin/config/opensocial/social-json-api

You will also find a link to the documentation for your API there. The documentation is automatically generated and displayed with ReDoc.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.