A backend for your frontend. Powered by Drupal.
Reservoir is a back end for your front end: a content repository. Uses JSON API and OAuth2.
It's dead simple to use. Log in and there are four tabs:
- Content: where content administrators administer content
- API: where client developers can browse the API documentation
- Content models: where the owner can model content for their needs
- Access control: where the owner can administer users, clients, roles, permissions and tokens
After installing, you're welcomed by a tour, and you're ready to explore — in fact, you can make API requests right away!
The preferred way to install Reservoir is using our Composer-based project template. It's easy!
Create a Reservoir project with
$ composer create-project acquia/reservoir-project MY_PROJECT --stability=alpha
- In your webhost configuration, point
- Install Reservoir by going to http://my-project.com
There are only seven concepts you need to understand, and most of them you already know!
- Content models
- Clients (OAuth2)
- Tokens (OAuth2)
The tour starts automatically after installing Reservoir. Afterwards, you can take the tour again by clicking the "Tour" button in the top right corner.
Reservoir supports only OAuth2, and only the Password Grant for OAuth2. Why only this grant type? Because Reservoir provides a content repository, and all content must have an author.
The password grant type allows clients (applications and front ends) to interact with Reservoir, but always on behalf of a user.
Before deploying Reservoir to production, delete demo material and change the keys.
During installation, Reservoir creates four pieces of demo material:
/node/1: demo content, titled "Hello world"
/user/2: demo client user, called
/user/3: demo content administrator, called
/user/4: demo client developer, called
/client/1: demo client, called
(The password is identical to the user upon each installation.)
You'll want to:
- Remove the demo material
- Replace the auto-generated OAuth2 public/private key pair
- Refine CORS settings
There is a rapidly expanding ecosystem surrounding Reservoir:
- reservoir-project: Composer installer for Reservoir
- reservoir-docker: Docker image for Reservoir
- well: Drupal installation based on Reservoir and BLT
- Support GraphQL once it matures
- Add authentication information to the OpenAPI docs
- Add maintainable mechanism to not expose certain content/config entity types in both API docs nor allow accessing them via JSON API.
- Ensure only users with the
client_developerroles can log in.
- Allow users with the
client_developerto create and edit roles other than
client_developer, and allow them only to grant+revoke non-restricted permissions. This then allows them to define roles (scopes) for clients.
- Make it easy to delete all default content in one go: node 1, users 2, 3 and 4.