Cannot get API V8 to work

I have followed steps in the official suitecrm doc ( and able to generate auth token using
However, when I use this token for v8 endpoint, for eg
GET {{host}}/Api/V8/module/Accounts
I get 500 Internal Server Error
I cannot see more info in suitecrm.log regarding the issue
Has anyone figured out how to use these endpoints.
I have followed this thread: but haven’t solved it yet.
FYI: I am using Bitnami’s AWS stack for suitecrm
SuiteCRM version 7.11.10

Hi @kms97,

Welcome to the Community! :tada:

This is the second time we’ve had a forum post with this kinda issue raised recently so i’m concerned this maybe one of two things;

  1. Lack of or inaccurate documentation
  2. Core issue as the result of a recent change

Could you please try the debugging steps we walked thought on that ticket you referenced and let me know the results.


--------- DEPRECATED --------

RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
# -----------------------------

RewriteRule ^Api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^Api/access_token$ Api/index.php/access_token [L]
RewriteRule ^Api/V8/(.*?)$ Api/index.php/V8/$1 [L]

I was trying to use this api six months ago. Gave up back then because I was stuck on similar issue. Used v4_1 instead which is reliable (even though deprecated). Was thinking to give V8 another go, since SuiteCRM has gone through a number of releases since then.

Hey @Mac-Rae, if you got it working on your instance, could you provide your setup steps please.
It might help us to link missing info from the official doc.

It appears the V8 api breaks when you upgrade to PHP 8.0. I don’t use the API a great deal but there is one current need for my company. I was able to come up with a solution by replacing the openssl stuff with phpseclib. The changes go into /vendor/lcobucci/jwt/src/Signer/OpenSSL.php.

namespace Lcobucci\JWT\Signer;

use InvalidArgumentException;
use Lcobucci\JWT\Signer;
use phpseclib3\Crypt\RSA\phpseclib3\Crypt\RSA;          <- include this
use function assert;
use function is_array;
use function is_resource;
use function openssl_error_string;
use function openssl_free_key;
use function openssl_pkey_get_details;
use function openssl_pkey_get_private;
use function openssl_pkey_get_public;
use function openssl_sign;
use function openssl_verify;

abstract class OpenSSL extends BaseSigner
    public function createHash($payload, Key $key)
        $privateKey = \phpseclib3\Crypt\PublicKeyLoader::load($key->getContent());    <- include this

        //$privateKey = $this->getPrivateKey($key->getContent(), $key->getPassphrase());  <- remove this

        try {
            $signature = '';

//            if (! openssl_sign($payload, $signature, $privateKey, $this->getAlgorithm())) {      <- remove this
//                throw new InvalidArgumentException(                                                                                       <-
//                    'There was an error while creating the signature: ' . openssl_error_string()       <-
//                );                                                                                                                                                                            <-
//            }                                                                                                                                                                                 <-
            $signature = $privateKey->sign('');

            return $signature;
        } finally {
            // This is deprecated with 8.0 and now is cleaned up when out of scope         <- added note
            //openssl_free_key($privateKey);                                                                                            <- remove this

     * @param string $pem
     * @param string $passphrase
     * @return resource
    private function getPrivateKey($pem, $passphrase)
        $privateKey = openssl_pkey_get_private($pem, $passphrase);

        return $privateKey;

     * @param $expected
     * @param $payload
     * @param $pem
     * @return bool
    public function doVerify($expected, $payload, Key $key)
        //$publicKey = $this->getPublicKey($key->getContent());                                                                  <- remove this
        //$result    = openssl_verify($payload, $expected, $publicKey, $this->getAlgorithm());      <- remove this
        //openssl_free_key($publicKey);                                                                                                                             <- remove this
        $publicKey = \phpseclib3\Crypt\PublicKeyLoader::load($key->getContent());                       <- include this
        $format = $publicKey->getLoadedFormat();                                                                                                  <- include this
        $type = $publicKey instanceof \phpseclib3\Crypt\Common\PublicKey ? 'public key' : 'private key';  <- add

        //return $result === 1;                                                                                                                                                    <- remove this
        return $publicKey->verify('', $expected) ? true : false;                                                                                <- include this