Storing Access and Refresh tokens with Sugar Cloud

What is the best way to store an access and refresh token for an external api in a way that will allow me to update them when new tokens are generated? I have a dashlet that accesses the Box API every time an Account record is refreshed. I want to make sure I can continue to use the access token while it is valid rather than getting a new access token every time the API is called.

Is there a directory in the file structure where I can store a txt or csv file to store the tokens? How is this typically handled?

  • Hey  

    Would you also need to store the credentials to obtain the tokens to start with?

    If you do, keeping it brief, you have two options that come to mind on how to approach this.

    1. Connector framework - Look at ./modules/Connectors/* and ./custom/modules/Connectors/metadata/connectors.php . It might need a little reverse engineering on your part, as I believe it is not well documented how to extend the functionality. Also, the connectors framework has not been updated in a while as far as I know
    2. Build your own admin page, and encrypt/decrypt the secrets - You could use these examples if they still work

    If you only need to store "temporarily" something you could use the second approach to encrypt the data, in combination with the Sugar database.

    Good luck!


    Enrico Simonetti

    Sugar veteran (from 2007)

    Feel free to reach out for consulting regarding:

    • API Integration and Automation Services
    • Sugar Architecture
    • Sugar Performance Optimisation
    • Sugar Consulting, Best Practices and Technical Training
    • AWS and Sugar Technical Help
    • CTO-as-a-service
    • Solutions-as-a-service
    • and more!

    All active SugarCRM certifications

    Actively working remotely with customers based in APAC and in the United States