Drupal has had JSON:API in core since 8.7. BAconn uses it for direct, paginated job sync without scraping.

Drupal-side prerequisites

  • JSON:API module enabled โ€” should be on by default; check at admin/modules.
  • One auth method: either Simple OAuth (client_credentials flow) or an API-key module (e.g. "Key auth").
  • A content type for jobs โ€” typically job, job_listing, or vacancy. BAconn introspects available bundles automatically.

Setup

  1. From the wizard or /cms-pipe/manage: "New source" โ†’ Drupal.
  2. Drupal site base URL, e.g. https://intranet.acme.com.
  3. Pick auth mode:
    • OAuth2 client_credentials: client ID + client secret from the Simple OAuth consumer
    • API key (header): simple token sent as X-API-Key
  4. "Test connection" โ€” BAconn hits /jsonapi and lists available content types.
  5. Pick the job content type โ€” dropdown shows all bundles, heuristically sorted (job-like names first).
  6. Configure field mapping โ€” map Drupal field names (e.g. field_location, field_salary_min) to BAconn fields.

What syncs

BAconn follows JSON:API pagination automatically (links.next.href). Per sync run only changed jobs are processed โ€” detected via SHA-256 hash of the raw record.

Token caching

OAuth access tokens are cached in cms_pipe_sources.adapter_state.oauth.{access_token, expires_at}. On expiry they refresh automatically. You never see the token in cleartext in the UI โ€” only client ID/secret are encrypted at rest.

Troubleshooting

  • "401 Unauthorized" โ€” wrong client secret or consumer disabled. Check under Drupal admin โ†’ Configuration โ†’ Simple OAuth โ†’ Consumers.
  • "403 Forbidden on certain fields" โ€” Drupal field access blocked. Grant "Bypass content access control" or field-specific permissions.
  • "Bundle not found" โ€” the chosen content type was renamed. Edit the source and re-introspect.