Menu
Welcome, Guest
Username: Password: Remember me

TOPIC: API Request

API Request 11 months 1 week ago #70383

  • dynorodney
  • dynorodney's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
Hi

QUERY_STRING produced no output. I have investigated the $_SERVER values and I can see ORIG_PATH_INFO is /oauth/access_token (note the leading /) and REDIRECT_URL is /api/oauth/access_token

Do they help ?

(edited - Also REQUEST_URI is the same as ORIG_PATH_INFO )
Last Edit: 11 months 1 week ago by dynorodney. Reason: missed a reference
The administrator has disabled public write access.

API Request 11 months 1 week ago #70385

  • dynorodney
  • dynorodney's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
Actually no, sorry, my edit was wrong - REQUEST_URI was only ORIG_PATH_INFO because I'd set it to that in the code - so when I replace your QUERY_STRING with ORIG_PATH_INFO my log now says

Fri Aug 10 16:17:29 2018 [26151][-none-][FATAL] /oauth/access_token
Fri Aug 10 16:17:29 2018 [26151][-none-][FATAL] [ERROR] [ResourceServer] Code: 9 Message: The resource owner or authorization server denied the request. ErrorType: access_denied Hint: Missing "Authorization" header
The administrator has disabled public write access.

API Request 11 months 1 week ago #70387

  • ideiamais
  • ideiamais's Avatar
  • Offline
  • New Member
  • Agregando Valor
  • Posts: 8
  • Thank you received: 2
  • Karma: 0
Hi Tony. I totally agree with what you think. If you can get the solution, please post on this topic. I also think it's okay to adopt the new API version.
Thanks
The administrator has disabled public write access.

API Request 11 months 6 days ago #70397

  • dynorodney
  • dynorodney's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
Hi

Well I've got much further and also stuck at the same time

I have now got a Bearer token (with some hacking) but Im back to square one again. Firstly for some reason our web server isnt providing the same $_SERVER variables that SuiteCRM is expecting. I can provide /oauth/access_token rather than oauth/access_token when I use the ORIG_PATH_INFO parameter. If I then trim off the first character, so that I set the REQUEST_URI to oauth/access_token then something within the system then trims off the oauth so that when it calls the getPath() I added earlier, it fails to match then too with simply "/access_token", so I then tried to change the ROUTES_EXEMPT_FROM_AUTH in the ResourceServer script to add a leading / so that its actually checking for /oauth/access_token and /v8/swagger.json

And it worked! I got an object back. So I extracted the access_token from the object and then passed that into another function to make a call and Im back to the not authorized, you are not passing a bearer token again

Here is my code now - the getJWT now works
<?php
define("BASE","https://crm.mydomain.co.uk");

function getJWT() {
    $ch = curl_init();
    $header = array(
        'Content-type: application/vnd.api+json',
        'Accept: application/vnd.api+json');
    $postStr = json_encode(array(
        'grant_type' => 'client_credentials',
        'client_id' => '5059c3cf-2687-da1c-d66f-5b6rra6rrd42',
        'client_secret' => 'MySecret',
        'scope' => 'standard:create standard:read standard:update standard:delete standard:delete standard:relationship:create standard:relationship:read standard:relationship:update standard:relationship:delete'
    ));
    $url = BASE.'/api/oauth/access_token';
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    $jwt=curl_exec($ch);

    if (!$jwt) throw new \Exception("No response from Client Credentials Request");

    $jwtObject=json_decode($jwt);

    if ($jwtObject && property_exists($jwtObject,"error")) {
        $exception=$jwtObject->error;
        if (property_exists($jwtObject,"message"))
            $exception.=". ".$jwtObject->message;
        if (property_exists($jwtObject,"hint"))
            $exception.=" (".$jwtObject->hint.")";

        throw new \Exception($exception);
    }
    if (!property_exists($jwtObject,"access_token"))
        throw new \Exception("access_token not returned. Response was: ".$jwt);
    return $jwtObject; // either null or a JWT object
}

function getFromSuiteCRM($url,$token) {
    $ch = curl_init();
    $header = ['Content-type: application/vnd.api+json',
        'Accept: application/vnd.api+json',
        'Authorization: Bearer '.$token];

    curl_setopt($ch, CURLOPT_URL, BASE.$url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    $response=curl_exec($ch);
    $object=null;
    if ($response)
        $object=json_decode($response);
    return $object; // either null or a response object
}

$token=null;
try {
    $jwt = getJWT();
}
catch(\Exception $e){
    die($e->getMessage());
}
$token = $jwt->access_token;
$url="/api/v8/modules/Accounts";
$response=getFromSuiteCRM($url,$token);
print_r($response);

So with the 2 changes done to the code - firstly to tell the API that my url is slightly different in the core/app.php and also in the ROUTES_EXEMPT_FROM_AUTH property, the Bearer is returned but then despite passing the bearer in, the system thinks Im not passing it in !

I really would like to get this to work but I can now see why people go down the 4.1 route or doing things directly with Beans

Im not keen on the fact that Ive had to modify 2 bits of code which will be overwritten likely on the next update - and its still not working anyway. But if anyone has a working API v8 who can show their htaccess file and also a print_r($_SERVER) - obfuscated - from the top of the lib/API/core/app.php so I can compare what Im getting with a "working" version

Or if anyone else has any suggestions I'd be grateful,

Thanks

Tony
Last Edit: 11 months 6 days ago by dynorodney. Reason: Said is, not isnt on the first line - really must read first before submitting!
The administrator has disabled public write access.

API Request 11 months 3 days ago #70433

  • dynorodney
  • dynorodney's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
Just a heads up to anyone hitting this post with the same error. What Ive learned is this:

When an api call is made, the system is expecting the part of the url after the /api/ that you POST to, to be made available in a specific server variable. If your configuration doesnt conform to what SuiteCRM expects then it simply wont work

The reason why you are getting the message is that the code specifically looks for the access_token request and the swagger json request and ignores those in the authorisation check but because your setup is slightly different, it skips that condition and goes into the authorisation check regardless - which will always fail because you arent passing any kind of authorisation header

I havent solved it. I got part way there by hacking the code but then thought that I dont want to do this because this is core code and Ive only been looking at suitecrm for a week so i know nothing of the internals

I think suitecrm needs to cater for different configuration types - maybe us running through cpanel/whm has some kind of effect. Happy to run some tests if people can tell me what to test but as of now, Ive given up with the api. I want to get into creating custom modules anyway so rather than going down the api route, Im going down the beans route instead of the v4 api so that I dont need to rewrite the v4 api back into the v8 api when/if v8 works on our config and from what Ive seen so far, beans will do what we need

Hope that helps someone.
The administrator has disabled public write access.

API Request 10 months 4 weeks ago #70598

  • fanton.ff
  • fanton.ff's Avatar
  • Offline
  • Senior Member
  • Posts: 68
  • Thank you received: 6
  • Karma: 5
I then tried to change the ROUTES_EXEMPT_FROM_AUTH in the ResourceServer script to add a leading / so that its actually checking for /oauth/access_token and /v8/swagger.json

This is what I had to do too, to make my Nginx setup work :) Since I keep my whole SuiteCRM directory under source control, when there's a new release it's not a big problem for me to keep my (few) changes, so I'm sticking to the new API, thinking as you said that someday the V4 API will be removed.
The administrator has disabled public write access.
The following user(s) said Thank You: kevbe
Time to create page: 0.048 seconds
Powered by Kunena Forum