>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3575144. --> Reported by: [effulgentsia](https://www.drupal.org/user/78040) Related to !642 >>> <h3 id="overview">Overview</h3> <p><span class="drupalorg-gitlab-issue-link drupalorg-gitlab-link-wrapper"><a href="https://git.drupalcode.org/project/canvas/-/work_items/3573867" class="drupalorg-gitlab-link">https://git.drupalcode.org/project/canvas/-/work_items/3573867</a></span> is expanding the Canvas CLI tool to enable managing pages as well as components, using <a href="https://json-render.dev/">json-render</a> as the bridge format between how Canvas pages are stored in Drupal and how they're represented in the local React development environment.</p> <p>Therefore, we want all of the Canvas Page CRUD operations available to the CLI tool.</p> <h3 id="proposed-resolution">Proposed resolution</h3> <ul> <li>We already have routes for some of these operations (I think list, create, and possibly delete). For these, simply add the <code>canvas_external_api</code> route option to make it available for use outside of the Canvas UI.</li> <li>For operations that we don't already have a route for, add it and the appropriate controller.</li> <li>For GET and PATCH, make sure all Canvas Page fields are included, especially the Canvas field itself, with proper validation and access checking. See the REST module's EntityResource code for reference on how to do this. Exceptions: the media library entity reference fields is going to be explored in a different issue, so we can leave out the SEO fields for now.</li> <li>We shouldn't need any new normalizers or denormalizers, because these operations are all already possible via jsonapi module. We may want a followup to remove any custom routes/controllers we add here and instead use the jsonapi routes, but for now we don't want to add a dependency on the jsonapi module.</li> <li>Define new OAuth scopes as necessary for CRUDL operations. <a href="https://www.drupal.org/project/simple_oauth">Simple OAuth</a> has a limitation that one scope &harr; one permission, so we need to play with that. These OAuth scopes should be configured for the most common use case, but site builders can always edit them if needed.</li> <li>Write test coverage for the new endpoints.</li> <li>For URL structure design, take into account we might want to expose other component trees in a similar way, e.g page regions.</li> </ul> <h3 id="ui-changes">User interface changes</h3> > Related issue: [Issue #3502691](https://www.drupal.org/node/3502691) > Related issue: [Issue #3577654](https://www.drupal.org/node/3577654) > Related issue: [Issue #3578094](https://www.drupal.org/node/3578094) > Related issue: [Issue #3575872](https://www.drupal.org/node/3575872)