Overview

Drupal 8 comes with a large library of base classes that allow you to work with your own content. When it comes to content entities, you want to use fields. It is important to understand Fields, as this is where your entities store their data.

FieldTypes

Main field types:

Authentication for CRUD Operations with JSON:API

When interacting with the JSON:API, tools such as Postman or cURL can be used to send requests. By default, requests made through these tools are treated as coming from an "anonymous" user, since they do not inherently manage user authentication. As a result, access to certain resources may be restricted based on the permissions configured for anonymous users in your Drupal site.

If you are looking to protect/restrict access to your Drupal REST APIs using your Identity provider, then you should go for the External Identity Provider Authentication method. 

Drupal API Authentication using an External Identity Provider involves the use of tokens received from third-party providers like Google, Azure AD, Keycloak, Okta, Gitlab, etc. for accessing Drupal rest APIs securely.

The Drupal API Authentication module works by sending a JWT token along with your API requests for authentication. This module uses JSON Web Token (JWT), an open standard for securely representing user identity during two-party interactions.

In this step, essentially, a username and password of your Drupal site are used to first get a JWT token. Once the username and password are verified, the Drupal REST API Authentication module will create a signed JSON Web Token. Then, the API will return that token back to the client application.

OAuth (Open Authorization) is an open standard for token-based authentication and authorization protocol that can be used to provide single sign-on (SSO). OAuth allows particular information about an end user's account to be used by third-party services, such as Facebook, etc without exposing the user's password. It acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.

API Key Authentication is one of the simplest methods to protect Drupal REST APIs. Once you have generated API Keys for all your users, you can then use those keys to secure access to your Drupal REST APIs.

Basic Authentication is a very simple and straight-forward Authentication method. The client sends HTTP requests with an Authorization header that contains a base64-encoded  username and password of your Drupal site.

Goal

Make a plan for the content structure of the site (which type and subtype of entity to use for which content), and which pages will contain listings of content.

Goal

Add a reference field so that recipes can be linked to the vendor that has submitted it.

Goal

Create an Ingredients vocabulary and add it to the Recipe content type as a field that can contain an unlimited number of values and that allows adding new terms to the vocabulary.