Unknown platforms to be restricted in Winter '18 release

In Sugar 8 / Spring '18, Sugar administrators can now configure API platforms using the Administration panel. The Platform extension is still available if you want to register a custom API platform as part of a Module Loadable Package.

Sugar uses platforms to support the needs of multiple Sugar clients.  The Sugar REST API uses the platform parameter to indicate which platform is being used.  If you’d like a refresher on what the platform parameter is and how to use it, check out this blog post.  In Sugar 7.9, we added a new Platform extension that we advised developers to start using in the Sugar 7.9 Migration Guide.  The Platform extension allows you to indicate a particular custom platform should be allowed when the disable_unknown_platforms configuration setting is on.

Changes coming in Winter '18 release

In the Winter '18 release, we will be preventing REST API access to Sugar from unknown platform types. Sugar has a configuration setting disable_unknown_platforms that controls whether or not unregistered platforms are allowed to be used when logging in using the REST API. The current default value for disable_unknown_platforms is false. In the Winter '18 release, we will be changing the default to true, which is how it is already reflected in the documentation. If your integration uses a custom platform, this custom platform will need to be registered in each Sugar instance or your integration will break!

How do I know if I'm affected? New

In order to avoid conflicting with end-user sessions, some REST API integrations specify a different “platform” during login. Developers have often employed this technique to prevent integrations from interrupting or conflicting with active end-user sessions.

Below is an example of a login request that uses a custom platform:

POST /rest/v10/oauth2/token
{
  "grant_type":"password",
  "client_id":"sugar",
  "client_secret":"",
  "username":"{{username}}",
  "password":"{{password}}",
  "platform":"<SOME VALUE>"
}

Registering a new platform for an integration

Integrations must register any custom platforms they plan to use. For compatibility with Sugar On-Demand, we recommend creating a Module Loadable package that includes a simple Platform extension.

./custom/Extension/application/Ext/Platforms/<integration name>.php

<?php

/*

* A valid platform name requires:

* - Max length of 127 characters

* - Valid characters are: a-z, A-Z, 0-9 - (hypen) _ (underscore)

*/


$platforms[] = '<integration platform name>';

We recognize that is a change in assumption since it involves an installation of a package where previously no package had to be installed at all. We are working on an alternative approach as we roll out additional Identity Management (IdM) functionality that would allow for more convenient configuration of integrations.

Example Module Loadable Package

An example module loadable package has been added to the UnCon github repository. This package can be used as a template for those needing help understanding how to construct a package that will enable their API integration.

https://github.com/sugarcrm/uncon/tree/2017/custom-platform

Anonymous
  • Not necessarily.  If you're creating an installable plugin for sugar, you'll probably want to include your own custom platform along with it, so your users don't have to manually add a platform, and you are not using base.  Obviously, for your own internal work, using the admin section is much quicker and easier.

  • For sake of completeness, am I correct the package method is now obsolete since the new option is available to add a new platform is now in Admin developer section?

    Configure API Platforms
  • All good ideas. I'll share with product marketing. They control that environment.

  • Definitely makes sense on the dev and testing side.

    Would still love to see the module loader added back for customers trialing the product. Integrations and add-ons is a huge piece for most people's CRM implementation. Letting them try some stuff out (maybe even white-listed modules that you know provide a good experience) would be a big plus.

  • The free trial environment is not for development or test purposes. If you are a software vendor and you have an integration that you want to QA or demo then you can reach out to ISV team to get a demo environment.

    We are rolling out new Identity Management features incrementally. You'll see and hear a lot more about it over the next year.