Accessing Sugar Oauth Keys in PHP

I am creating a dashlet to access Box files and folder in an Account record. I need to authenticate to Box's API in my php code, but I don't want to hardcode the credentials. What is the best way to secure my Box API credentials? I am using SugarCloud, not on-prem.

I think I need to add the credentials to the Oauth Keys section on the Admin panel, but how do I then access the client_id and client_secret keys from my php code?

Parents
  • I found my own answer. with the ID and secret in Oauth Keys, I can get it from php with this: 

    function get_creds() {
    global $db;
    $credentials = [];
    $query = "SELECT c_key, c_secret FROM oauth_consumer WHERE name = 'box_api_for_dashlet'";
    $result = $db->query($query);
    if ($row = $db->fetchByAssoc($result)) {
    $credentials = [$row['c_key'], $row['c_secret']];
    }
    return $credentials;
    }

Reply
  • I found my own answer. with the ID and secret in Oauth Keys, I can get it from php with this: 

    function get_creds() {
    global $db;
    $credentials = [];
    $query = "SELECT c_key, c_secret FROM oauth_consumer WHERE name = 'box_api_for_dashlet'";
    $result = $db->query($query);
    if ($row = $db->fetchByAssoc($result)) {
    $credentials = [$row['c_key'], $row['c_secret']];
    }
    return $credentials;
    }

Children
  • Scream

    --

    Enrico Simonetti

    Sugar veteran (from 2007)

    www.naonis.tech


    Feel free to reach out for consulting regarding:

    • API Integration and Automation Services
    • Sugar Architecture
    • Sugar Performance Optimisation
    • Sugar Consulting, Best Practices and Technical Training
    • AWS and Sugar Technical Help
    • CTO-as-a-service
    • Solutions-as-a-service
    • and more!

    All active SugarCRM certifications

    Actively working remotely with customers based in APAC and in the United States

  • Rather than doing a direct db call, you should leverage the module, which for that table is `OAuthKeys`.  You would need to store the actual ID of the record in your code to avoid having to query by name. So assuming you have the ID, it would be:

    function get_creds() {
        $oauthID = "some-id-here";
        $oauthKey = \BeanFactory::getBean("OAuthKeys", $oauthID, ['strict_retrieve' => true]);
        if(!empty($oauthKey)) {
            $credentials = [$oauthKey->c_key, $oauthKey->c_secret];
        }
        return $credentials;
    }
    

    Alternatively, you could look it up by the key, since this is often the thing that is known. So if you stored it as `box_api_user`, you could use:

    function get_creds() {
        $oauthKeyName = "box_api_user";
        $oauthKey = \OAuthKey::fetchKey($oauthKeyName);
        if(!empty($oauthKey)) {
            $credentials = [$oauthKey->c_key, $oauthKey->c_secret];
        }
        return $credentials;
    }