request to api return 404 error

Im running SuiteCRM-7.10.11 on virtual server over HTTPS. When I trying post to hostname/crm/api/oauth2/access_token i receive 404 error.

.htaccess checked:

<IfModule mod_rewrite.c>
    Options +SymLinksIfOwnerMatch
    RewriteEngine On
    RewriteBase /c
    RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
    RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
    
    # --------- DEPRECATED --------
    RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
    RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    # -----------------------------
    
    RewriteRule ^Api/access_token$ Api/index.php/access_token [L]
    RewriteRule ^Api/V8/(.*?)$ Api/index.php/V8/$1 [L]
    RewriteRule ^Api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

Any advice? Thanks.

I have seen several posts with this same problem. None seem to have been resolved. A couple that did get their issue resolved (different issues but might be relevant) seemed to be using /api/oauth/access_token as an endpoint. I am still not sure if it is supposed to be 192.168.XXX.XXX/api/oauth/access_token or 192.168.XXX.XXX/SuiteCRM/api/oauth/access_token but notice that both are ā€œoauthā€ not ā€œoauth2ā€ so at least you might want to give that a try.

But like other posters I have other variations based on the directory structure like ā€¦Api/V8, ā€¦API/Oauth2 and some others but with no luck. I get a 404 not found error with all of them.

Can anybody please just clarify what the correct endpoint is?

Thanks a lot!

UPD: Noticied some errors in official (docs).

Code to make request via curl in documentation:


$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json',` //SYNTAX 1
 );
$postStr = json_encode(array(
    'grant_type' => 'client_credentials',
    'client_id' => '3D7f3fda97-d8e2-b9ad-eb89-5a2fe9b07650',
    'client_secret' => 'client_secret',
    'scope' => 'standard:create standard:read standard:update standard:delete standard:delete standard:relationship:create standard:relationship:read standard:relationship:update standard:relationship:delete'
));
$url = 'https://path-to-instance/api/oauth/access_token';
curl_setopt($ch, CURLOPT_URL, url); //SYNTAX 2
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);

As u can see, we have 2 errors:

  1. Line 4 - Symbol "" at end - [strike]'Accept: application/vnd.api+json',[/strike]
  2. variale ā€œurlā€ wrote without ā€œ$ā€ - [strike]curl_setopt($ch, CURLOPT_URL, url)[/strike]

When I rewrite to code above I have new 404 error :cheer:
ā€œThe requested URL /crm/lib/API/public/index.php/oauth/access_token was not found on this server.ā€

$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json',
);

$postStr = json_encode(array(
    'grant_type' => 'client_credentials',
    'client_id' => '3D7f3fda97-d8e2-b9ad-eb89-5a2fe9b07650',
    'client_secret' => 'client_secret',
    'scope' => 'standard:create standard:read standard:update standard:delete standard:delete standard:relationship:create standard:relationship:read standard:relationship:update standard:relationship:delete'
));
$url = 'https://luckwheel.ru/crm/api/oauth/access_token';
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);

This URL format works for me:

{{suitecrm.url}}/Api/access_token

Note that the Api portion of the URL is case sensitive, using a lowercase api returns a 404.

Thank you alanm but that still doesnā€™t work for me. It is so frustrating that at least in this forum the number of people that say they can not access the V8 API far exceeds the number of people who seem to have gotten it but there does not seem to any specific or definitive endpoint that works.

This url that worked for you is completely different than what the other posters said they were able to get in with.

I can only guess how many people are spending hours trying every variation of Api, API, api, etc hoping something will work and getting nowhere. I never had any similar issues with v 4_1 and Iā€™m not sure why this should be such a mystery or such a difficult question to answer.

Thank you though for letting us know what worked for you. Maybe that will work for somebody else as well.

1 Like

Has anybody had any luck with the V8 API? I saw a couple of posts that seemed to imply people were using it successfully but there are lot more posts of people getting the 404 error. Can anybody that has been successful just post the url they are using. A bunch of us are spinning our wheels here.

Thanks a lot.

What request are you trying to perform that isnā€™t working? Please provide the exact URL youā€™re using.

So far I am just trying to authenticate. I havenā€™t even got to posting a request yet.
I can access the web interface through http://XXX.XXX.XXX.XXX/SuiteCRM and https://XXX.XXX.XXX.XXX/SuiteCRM
These are all POST requests:
https://XXX.XXX.XXX.XXX/SuiteCRM/Api/OAuth2/access_token?grant_type=client_credentials&client_id=XXXXXXXXXXXXXXXXXX&client_secret=XXXX
https://XXX.XXX.XXX.XXX/SuiteCRM/Api/oauth/access_token?grant_type=client_credentials&client_id=XXXXXXXXXXXXXXXXXX&client_secret=XXXX
https://XXX.XXX.XXX.XXX/SuiteCRM/oauth/access_token?grant_type=client_credentials&client_id=XXXXXXXXXXXXXXXXXX&client_secret=XXXX
https://XXX.XXX.XXX.XXX/SuiteCRM/Oauth2/access_token?grant_type=client_credentials&client_id=XXXXXXXXXXXXXXXXXX&client_secret=XXXX
https://XXX.XXX.XXX.XXX/SuiteCRM/Api/access_token?grant_type=client_credentials&client_id=XXXXXXXXXXXXXXXXXX&client_secret=XXXX

I think I have tried over a hundred variations of API Api api oauth OAuth2 but they all seem to come up with a 404.

Thanks!

1 Like

The authentication parameters need to be in the request body. Here is an example using cURL:


curl --request POST \
  --url http://127.0.0.1/suitecrm/Api/access_token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&client_id=5d0c0c67-6bac-8f69-3f74-5c43fe8c271e&client_secret=secret'

I copied your request exactly, changed my client_id and credentials and used 127.0.0.1 right in the terminal but still get a 404.
Just to make sure it wasnā€™t some kind of access issue I also tried curl --request GET --url http://127.0.0.1/SuiteCRM/LICENSE.txt and that worked fine

s@s:~$ curl --request POST \

ā€“url http://127.0.0.1/SuiteCRM/Api/access_token
ā€“header ā€˜Content-Type: application/x-www-form-urlencodedā€™
ā€“data ā€˜grant_type=client_credentials&client_id=90f2061a-3f67-f28f-e905-5c32495a9f75e&client_secret=greenā€™

404 Not Found

Not Found

The requested URL /SuiteCRM/Api/access_token was not found on this server.


Apache/2.4.29 (Ubuntu) Server at 127.0.0.1 Port 80

What version number of SuiteCRM are you using?

Version 7.10.11

Iā€™m thinking the mod_rewrite Apache module isnā€™t enabled. Here are some stack overflow posts that you can refer to test if it is:

https://stackoverflow.com/a/10891317/4797690
https://stackoverflow.com/a/27589801/4797690

1 Like

Hi, Iā€™m a new user of SuiteCRM, and spent a few hours yesterday with exactly the same problem. Iā€™m using 7.11.0, but assume itā€™s the same set up as 7.10.11 for the API.

I tracked my issue down, and it was due to Rewriting being turned off (as expected), however not because mod_rewrite was disabled but because the image Iā€™m using (a docker image from bitnami) disables rewriting by default in the apache config files.

ā€œAllowOverride Noneā€ needs to be ā€œAllowOverride Allā€ for the .htacess file to function.

The documentation on which URLs are the correct ones for the V8 API isnā€™t great. The latest docs look to be here: https://deploy-preview-90ā€“suitedocs.netlify.com/developer/api/version-8/json-api-new/ but arenā€™t quite correct as they omit the use of ā€œ/Api/ā€ in the path I.E. itā€™s ā€œ/Api/V8/moduleā€ not just ā€œ/V8/moduleā€.

I found the access_token URL is: http://mysite/Api/access_token
then if you actually want to do anything once you have the access token you have to parse the token into the header request of the module youā€™d like to call, with a base url of: http://mysite/Api/V8/module/

Hereā€™s an example in PHP that Iā€™ve been playing with that pulls a list of all accounts:


$token_url = 'http://mysite/Api/access_token';
$module_url = 'http://mysite/Api/V8/module/';
$client_id = '12345678-1234-1234-1234-1234512345';
$client_secret = 'its a secret';
$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json'
 );
$postStr = json_encode(array(
    'grant_type' => 'client_credentials',
    'client_id' => $client_id,
    'client_secret' => $client_secret
));
curl_setopt($ch, CURLOPT_URL, $token_url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);
$out = json_decode($output,true);

$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json',
    'authorization: Bearer '.$out["access_token"]
 );
$item = 'Accounts?sort=-name';
curl_setopt($ch, CURLOPT_URL, $module_url . $item);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);
echo $output;

I now have another issue to do with permissions, but Iā€™ll make it a new post.

3 Likes

Thank you all. alanm you were spot on.

I am using a generic Ubuntu 18.04LTS install on VirtualBox and it was not enabled. I did finally manage to get a response but there was a little more to it so I will add a few things that I had to do for those experiencing the same thing or those new to ssl as I am.

sudo a2enmod rewrite sudo systemctl restart apache2 to enable mod_rewrite

edit /etc/apache2/apache2.conf and add:
<Directory /var/www/html/SuiteCRM>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

I also created a SuiteCRM.conf file but I donā€™t think I actually had to do that.

Thanks again.everyone. I too havenā€™t gone past the authentication yet but that has been stumping me for a while now so I really appreciate the help.

Actually, itā€™s still not quite working for me. I did get past the 404 error and return a cookie but now that I am looking closer at it what it returned it was a 500 internal server error with no content but there was a cookie with elements:
Name:sugar_user_theme, Value:SuiteP
Name:PHPSESSID, Value:o2rgt0f21plndns6heijsm6d8c

I get the same result using curl or postman

Different question but thought it made sense to follow up here.

Much appreciated if anyone else has run into this.

Thanks!

This is a PHP error. PHP Fatal error: Uncaught LogicException: Key path ā€œfile:///var/www/html/Su/SuiteCRM/Api/V8/OAuth2/private.keyā€ does not exist or is not readable in /var/www/html/SuiteCRM/vendor/league/oauth2-server/src/CryptKey.php

There is no private.key file. I thought maybe I had to create one through the UI but when I go to List Oauth2 Tokens then Create I get this error:
Error: File [modules/OAuth2Tokens/metadata/editviewdefs.php] is missing. Unable to create because no corresponding HTML file was found.

You have to generate a public.key and private.key file and place them in the /Api/V8/OAuth2 folder. This is described here:

https://docs.suitecrm.com/developer/api/version-8/json-api/#_generate_private_and_public_key_for_oauth2

1 Like

That did it. I have successfully generated an access token. Now I will try using the V8 API.

Thanks again!

One more question. Can anybody post a working url for a generic V8 query?

for example to list all modules the documentation says ā€œhttps://path-to-instance/api/v8/modules/meta/listā€

but I keep getting a 404 error (I get the same with /Accounts and everything else I try)

every post in this forum has a variation of the URL (Api vs api, V8 vs v8, etc) - I think I have tried them all but it would be nice to know for sure if I even have the right url so I can begin to narrow down the problem.

Thanks again.