Authenticating Sugar V8 RestAPI with postman


i’ve been trying for a while now to authenticate using the REST api V8 using the “password” grant type…it seems pretty straight forward ( very similar to sugarCRM). I have follow the guide [1] and been trying to get the access token using postman…the responses is a 200 but it return a login page [2] as the result.

Expected output:


I’m pretty sure that this is what the documentations says but i cant seem to get the access token…any idea what im doing wrong??



It mostly looks good, but I noticed your POST url has “index.php” in it

Can you try it again without “index.php” ?

(ie: )

Does it return as expected then?

Hey John,

i have to put it, otherwise it returns a status 500. Just to make sure i tried calling the /Api/access_token to the Demo CRM with a made up client_id and client_secret just to see what it returns and i got the same response as the picture a post it earlier (also using /index.php). if i take it out it gives a 500 status error

I think i was doing it wrong and it should be but now i keep getting a 404 error…after checking for a while i realize that this is a common problem but i cant find any the solution.


If in a browser navigating to gives you a 404 check the following;

You have valid OAuth2 Keys created manually in the Api/OAuth directory which have the right permissions

You have a .htaccess which contains the lines

    RewriteRule ^Api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteRule ^Api/access_token$ Api/index.php/access_token [L]
    RewriteRule ^Api/V8/(.*?)$ Api/index.php/V8/$1 [L]

You have set permissions on the system correctly including updating the user and group groups with Chown and Chmod

If you haven’t done/got any of the above please let me know and we can point you in the right direction :+1:


Hey @Mac-Rae,
Thanks for the response, I’ve tried what you mentioned following the JSON API guide, i also checked that rewriting is turned on (‘AllowOverride All’) in the .htacess file and the rewrites rules are set. After that i created the OAuth client (password grant type) in the UI (Admin->Oauth Clients)… :drum: :drum: when trying to test the endpoint but it gave me a 404 error.

Note: I am not sure if the cause of this error is from the installation i used( suiteCRM Bitnami self contained image)

So after following the documentation and reading different forums the right API endpoint should be {{suitecrm.url}}/Api/access_token but it is still giving me an error. This time a ‘500 internal server error’ an the error logs for the apache server /opt/bitnami/apache2/logs/error_log

Got error 'PHP message: PHP Fatal error: Uncaught Error: Call to undefined method League\\OAuth2\\Server\\AuthorizationServer::setEncryptionKey() in /opt/bitnami/apps/suitecrm/htdocs/Api/V8/Config/services/middlewares.php:47\nStack trace:\n#0 /opt/bitnami/apps/suitecrm/htdocs/vendor/pimple/pimple/src/Pimple/Container.php(118): Api\\Core\\Resolver\\ConfigResolver::{closure}(Object(Slim\\Container))\n#1 /opt/bitnami/apps/suitecrm/htdocs/vendor/slim/slim/Slim/Container.php(109): Pimple\\Container->offsetGet('League\\\\OAuth2\\\\S...')\n#2 /opt/bitnami/apps/suitecrm/htdocs/Api/V8/Config/routes.php(17): Slim\\Container->get('League\\\\OAuth2\\\\S...')\n#3 /opt/bitnami/apps/suitecrm/htdocs/vendor/slim/slim/Slim/RouteGroup.php(25): Api\\Core\\Loader\\RouteLoader->{closure}(Object(Slim\\App))\n#4 /opt/bitnami/apps/suitecrm/htdocs/vendor/slim/slim/Slim/App.php(272): Slim\\RouteGroup->__invoke(Object(Slim\\App))\n#5 /opt/bitnami/apps/suitecrm/htdocs/Api/V8/Config/routes.php(132): Slim\\App->group('', Object(Closure))\n#6 /opt/bitnami/apps/suitecrm/htdocs/A...'

i wasn’t sure if i should create a new post or follow up on this one.

Aw good spot! All ok to follow up here as it’s still on topic.

That 500 error says to me permissions or API Keys, double-check them one that’s time

You should have 2 keys located here
and here
Each key may have to be set to 600 via chmod

Hey Mac-Rae,
the permissions were already set but the error keeps persisting

Maybe try changing them to the bitnami user group?

chown bitnami:daemon *.key

same result. -> 500 error

I’m not sure if this error has to do with the last step of the doco, since it is not very clear but for what i understand, there are 2 places where the-same key (OAuth2 encryption key) should be.

  1. /Api/Core/Config/ApiConfig.php
  2. {root}/config.php

please correct me if im wrong

I gave up on suiteCRM build with bitnami stack and decide it to install it and configured suitecrm on my own with:

  • ubuntu-bionic-18.04

  • Suitecrm Version 7.11.18

  • MariaDB

  • Composer 1.10

  • PHP 7.2

After All that (and the the Oauth2 docco) i was able to generate the bearer token… :smiley:!!!
( great so now lets start calling different modules)…or so i thought so until i got 404 error when trying /Api/V8/{module} or/and /V8/{module}. For now i’m doing the testing using postman and i am including the bearer token in the header of the request (event if i didn’t it shouldn’t result on a 404 error).

Any way , i’ll keep posting my updates and if anyone has come across this error and has some insight please point me on the right path.

1 Like

For the better it sounds :laughing:!

Glad to hear all is almost well.

Try using /Api/V8/module/Accounts?

My 3 suggestions to you;

  1. Make use of the Authorisation tab (Setting the option to OAuth 2) which has a nice interface for what your trying to do.
  2. Upload the collection from the /Api/docs/postman/ folder which gives you some fun options to play with.
  3. Copy the contents of the file found in /Api/docs/swagger/ into an online editor like which gives you and interactive and more details API Docs.

Let me know if you have any further issues.

Hey Mac-Rae

My bad, i had that simple little error
made that little changed to Api/V8/module/Accounts. and started to get staus 200 :ok_hand:

I’will start trying the API for now. thank you for all the help, much appreciated

1 Like

Hi all.
I’m having issues with using using the request in the Api. I can get a token but when i try to make any request, i get a strange behaviour. For example:
I make a GET to http://localhost:8080/V8/module/Accounts
and for response i get a 301 from Accounts and a 404 from module/index.php?action=Login&module=Users.

Here is a screenshot.

Do you know what i’m doing wrong?
Thanks in advance!

Hi @machinecha,

Welcome to the community!

Going to the browser and navigating to localhost:8080/Api/access_token what happens?

If you don’t see a require method post you may want to check your permissions and keys are correct :+1:

Hi @Mac-Rae!
If i go to the url in my browser a get a Method not allowed. Must be one of POST

Hmm, what about the URL you where requesting; May have forgotten Api


i get a:

Not Found

The requested resource /Api/V8/module/Accounts/? was not found on this server.

Hey @machinecha,

Are you using apache? also, make sure to follow the guide before calling endpoints and the rewrites. Also dont forget to create the oauth client in the user interface (make sure you include a client secret, leaving blank will result in a error).

And from your screenshot, try to get the access token first and the manually put bearer token (just to make sure you can get the access token Api/access_token.