access token expire immediately or valid for one time

I am trying to fetch data from Sugar through API so after getting OAtuth token from sugar when I call an API e.g Accounts this works fine but after that, if I call another API with the same token it gives the error "invalid_grant" with a message "Your authentication token is invalid."

  • Are you using a dedicated user account to retrieve the data? 

    If not are you specifying a specific platform?

  • yes, the account is dedicated. Using SugarCRM Version 10.0.2 (Build 182 E) (Q2 2020) calling from Node 13.12.0 through Axios.

    Sugar is deployed on AWS it works fine when I make a call from my local Node server but when I deploy my node server to AWS as well then the INVALID_GRANT issue occurs

    So the workaround I went with I generate a new token before every API call. It works this way but not a good solution

  • If your local Node server and your AWS Node server are connecting to Sugar at same time using same user credentials, then this will cause the problem. You are only allowed 1 session per user per API platform.

    You can configure your two Node servers to use different users or make sure they're using different API platforms.

  • Thanks for your response I don't use it at the same time. I develop locally that works fine, then deploy on AWS then this problem appears? As I can see a lot of discussions at this forum about invalid grant but that is for login through the portal.

    It looks issue of saving the session at sugar end

  • Hi Sunil,

    It could be some sort of configuration issue with your AWS setup. There's several ways an access token could get invalidated.

    You could refer to this support article for some other ideas. The section regarding instances that do not use SugarIdentity would apply to your case.

  • Hello Sunil

    I have the same problem a few months ago, I read the following guide:

    1 . Create a record in the OAuth Keys module:

    2 . In your nodejs app you can consume the sugar API, in the points of the REST API
    "/ ping" -

    "/ oauth2 / token" -

    The following lines of code may help you:

    const autenticate = async function (customer_hash, id_platform) {
        let platform = readCustomPlatform(customer_hash, id_platform),
            result = false
        switch (platform.typePlatform) {
            case 'sugarcrm':
                if (platform.access_token) result = await sugarcrm_ping(platform)
                if (result) {
                    return platform.credentials.access_token
                else {
                    result = await sugarcrm_getToken(platform)
                    if (result.access_token) {
                        platform.credentials.refresh_token = result.refresh_token
                        platform.credentials.download_token = result.download_token
                        platform.credentials.access_token = result.access_token
                        await updatePlatform(customer_hash, platform)
                        return result.access_token
                return false
        return false
    const sugarcrm_ping = async (platform) => {
        const response = await sendRequest({
            url: "/ping",
            baseURL: assambleUrl(platform),
            headers: {
                "Content-Type": "application/json",
                "oauth-token": platform.credentials.access_token
        if (!_.isBoolean(response)) {
            logger.debug("Success:", + " token alive!")
            return true
        } else {
            return false
    const sugarcrm_getToken = async (platform, isRefresh) => {
        let body = {
            "client_id": platform.credentials.client_id,
            "client_secret": platform.credentials.client_secret
        if (isRefresh) {
            body.grant_type = "refresh_token"
            body.refresh_token = platform.credentials.refresh_token
        } else {
            body.grant_type = "password"
            body.username = platform.credentials.username
            body.password = platform.credentials.password
            body.platform = platform.credentials.platform
        const response = await sendRequest({
            url: "/oauth2/token",
            baseURL: assambleUrl(platform),
            method: 'post',
            headers: { "Content-Type": "application/json" },
            data: body
        if (!_.isBoolean(response)) {
        } else {
            return response

    All the parameters are stored in a config.json


    "domain": "",
    "isSecure": true,
    "credentials": {
                "username": "",
                "password": "",
                "client_id": "",
                "client_secret": "",
                "platform": "opi",
                "refresh_token": "",
                "download_token": "",
                "access_token": ""
              "versionAPI": "v11_9"

    Values for

    "client_id": "",
    "client_secret": ""

    extract them from this config

    Kind regards.