Error requesting access token API-REST

I don't know if this helps but, I got this from someone on this group several years ago and I keep it on my web server to test custom API calls from PHP. I'm a lazy developer ;)

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'On');

//change to your environment
$rest = "https://sugarcrm.devel.mydomain.com/sugarcrm/rest/v11"; 

$user = "<the username here>"; // userid of the webservice user
$pass = "<the password here>"; // and the password of user “user”

//what you want to test:

$parameters = 
array('email_addresses'=> array(
       'francesca.shiekh@mydomain.com',
       'francescas@mydomain.com'
    ));
$api_to_test = '/doSomethingWithTheseEmails/';

// get the token and execute

$url = $rest . "/oauth2/token"; // login
$oauth2_token_parameters = array(
  "grant_type" => "password",
  "client_id" => "sugar",
  "client_secret" => "",
  "username" => $user,
  "password" => $pass,
  "platform" => "base"
);
echo('<pre>');
echo($url.'<p>');
$oauth2_token_result = call($url, '', 'POST', $oauth2_token_parameters);
echo(print_r($oauth2_token_result, true));
if (empty($oauth2_token_result->error)){
  //logged in ok
echo('logged in ok <p>');
  $url = $rest . $api_to_test;
echo('<pre>');
echo($url.'<p>');

//
//choose here if you are doing a POST or a GET
//
  $result = call($url, $oauth2_token_result->access_token, 'POST', $parameters); //example for POST 
  //$result = call($url, $oauth2_token_result->access_token, 'GET');

echo('<p>');
var_dump($result);
  $url = $rest . "/oauth2/logout"; // logout
  $oauth2_logout_result = call($url, $oauth2_token_result->access_token, 'GET');
}else{
  print("<hr>Login Failed<hr>");
}
/*******************************************************************************
 * call
 ******************************************************************************/
/**
* Generic function to make cURL request.
* @param $url - The URL route to use.
* @param string $oauthtoken - The oauth token.
* @param string $type - GET, POST, PUT. Defaults to GET.
* @param array $parameters - Endpoint parameters.
* @return mixed
*/
function call($url, $oauthtoken='', $type='GET', $parameters=array())
{
   $type = strtoupper($type);
   $curl_request = curl_init($url);
   if ($type == 'POST')
   {
      curl_setopt($curl_request, CURLOPT_POST, 1);
   }
   elseif ($type == 'PUT')
   {
      curl_setopt($curl_request, CURLOPT_CUSTOMREQUEST, "PUT");
   }
   elseif ($type == 'DELETE')
   {
      curl_setopt($curl_request, CURLOPT_CUSTOMREQUEST, "DELETE");
   }
   curl_setopt($curl_request, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
   curl_setopt($curl_request, CURLOPT_HEADER, false);
   curl_setopt($curl_request, CURLOPT_SSL_VERIFYPEER, 0);
   curl_setopt($curl_request, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($curl_request, CURLOPT_FOLLOWLOCATION, 0);
   if (!empty($oauthtoken))
   {
      curl_setopt($curl_request, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "oauth-token: {$oauthtoken}"));
   }else
   {
      curl_setopt($curl_request, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
   }
   if (!empty($parameters))
   {
      //encode the parameters as JSON
      $jsonEncodedData = json_encode($parameters);
      echo('<p> json parameters <p>:');
      echo($jsonEncodedData);
      curl_setopt($curl_request, CURLOPT_POSTFIELDS, $jsonEncodedData);
   }
   $result = curl_exec($curl_request);
   curl_close($curl_request);
   //decode the response from JSON
   $response = json_decode($result);
   return $response;
}
?>

Hope it helps you too!

Clemente Saldivar

Without seeing the precise PHP code you are using, it is a little tricky to debug your code.

The script posted by Francesca Shiekh is an excellent resource for testing that the API calls are working in your environment and I recommend keeping it as a test script for yourself. Worth bearing in mind is the fact that curl use in PHP is now deprecated within the Sugar environment (as of 12.1 I believe) and so it will no longer work if you use it within Sugar code. You need to switch to using the new ExternalResourceClient there instead. The script will still work independently in your own web server though so don't go throwing it away just yet ;)

However, in terms of the error you are seeing, IME the most often cause of this is using the wrong verb in the call. To get an auth token you need to be using the POST endpoint not GET (you are actually CREATING a token not GETting one so you use the POST call to create) - if you use GET instead you are likely to get the error you showed as GET is not an authorised verb on that endpoint.

Another thing to look out for is that you are passing the header "Content-Type:application/json" with your call. I have seen instances (especially using cURL) where omitting this causes the call to fail. However, if I recall correctly, I got a different error to yours when that was the case.

If neither of these apply to you, and Francesca's script doesn't point you in the right direction, then perhaps post the code you are using and we can take a look and see what else might be wrong. I can assure you that the API does work and works very well. I find it an excellent implementation of a ReST API and use it all the time for making updates to On-Cloud instances where the UI is not suitable.

Thanks,

JH.

Thank you for the heads up on the curl code John Hawkins