As an old integrator from old versions of SugarCRM and SuiteCRM I spent several days to try to make running a clean SuiteCRM 8.8 environment with the API integration running but I failed.
The documentation is not clear and I tried lot of things, help from ChatGPT was non sense too cause of the lack of info from this version.
There’s someone or somewhere an update to make the API working? In my case I’m blocked in the User/token credentials. I create the Oath2 client but seems not working correctly as is need from the UI, and from this step it’s impossible to create and manage Tokens.
Confusingly, “API v8” is a SuiteCRM v7 thing, and it is not the same thing as “the API for SuiteCRM v8” which is called “the GraphQL” API.
This last one is the one you should be using for any project starting in 2025, unless you have some strong reason to use another one.
There’s not much docs for this one either, but the upside is that the entire v8 codebase uses it for everything, so if you can navigate “code as documentation”, you’re good.
Just wanted to update that, after a lot of back-and-forth, we finally got OAuth2 authentication (grant_type: password) working reliably with SuiteCRM 8.8 using the V8 REST API — without needing any custom patches, just following (and double-checking) the official setup steps.
What made the process confusing — and honestly quite frustrating — was the need to implement an upsert workflow (create or update a record based on a unique field like email). Unfortunately, the V8 API doesn’t support this logic natively.
Unlike GraphQL-based platforms or those with true upsert endpoints, SuiteCRM:
Requires manual GET then conditional POST or PATCH, which increases complexity.
Does not handle filters or fields parameters consistently — especially when misformatted — and returns generic error messages.
Offers limited documentation and almost no API explorer tools to trial payloads directly.
This led us to waste hours troubleshooting OAuth2 configs, when the real blocker was API structure and capabilities.
Additionally, the SuiteCRM platform should be more developer-friendly in two ways:
The API activation and configuration steps (keys, symlink, bean registration, etc.) are scattered and fragile. A single misstep breaks the flow with no clear diagnostic.
Built-in modules like Opportunities should support safe updates (PATCH/PUT) out of the box without requiring workarounds or direct DB introspection.
We’ve now rebuilt the setup successfully — but hopefully future versions make this API layer more robust, especially for automation and integrations.