Nope, still nothing…
But I am going to add log in the ‘GeneratePassword.php’ and check where it fails. I will let you know! 
I found the issue. In the ‘GeneratePassword.php’ there is a check:
if ($usr->portal_only || $usr->is_group) {
echo $mod_strings['LBL_PROVIDE_USERNAME_AND_EMAIL'];
return;
}
But my user is a portal API user, so the value ‘portal_only’ is true. There is a difference with the API users (customers) and the SuiteCRM users (employees). The customers just log in with their ‘username’ and ‘password’, but the employees log in with SAML SSO. So customers will never be able to authenticatie in SuiteCRM.
Unfortunately this solution won’t work. So I have to write my own EntryPoint as well…
Hello, were you able to create a custom api? were did you place the controller files? Did you put it also at custom folder?
Yes, it’s very easy to create a custom API endpoint. But unfortunately I only created a basic “hello world” endpoint.
For me the API endpoint was not relevant anymore because you need to have a “access_token” to make the call. But it had to be a public POST (reset password functionality) so I created a custom EntryPoint. It’s working great!
If you have questions about the API endpoint I can tell you that the basic endpoint is working with this url: Creating custom Endpoints Suitecrm Rest API v8 - #7 by abuzarfaris.
@Hup , we were able to create custom API. As of now only POST and still working with GET and UPDATE.
Here`s our process. If you followed the documentation then that is good.
1st. Create your custom controller at custom/application/Ext/Api/V8/Controller/CustomController.php
2nd. Then modify your CustomController.php
<?php
namespace Api\V8\Controller;
use Slim\Http\Response;
use Slim\Http\Request;
class CustomersController extends BaseController
{
public function saveCustomersData(Request $request, Response $response, array $args)
{
try {
$jsonResponse = $request->getParams();
$sql = "SELECT * FROM accounts WHERE deleted = 0 AND first_name = '".$jsonResponse['first_name']."' AND last_name = '".$jsonResponse['last_name']."' AND mobile_number = '".$jsonResponse['mobile_number']."'";
$res = $db->query($sql);
if ($db->getRowCount($res) <= 0) {
$accountBean = \BeanFactory::newBean('Accounts');
$accountBean->consent_timestamp = $jsonResponse['consent_timestamp'];
$accountBean->first_name = $jsonResponse['first_name'];
$accountBean->last_name = $jsonResponse['last_name'];
$accountBean->gender = $jsonResponse['gender'];
$accountBean->birthday = $jsonResponse['birthday'];
$accountBean->street_name = $jsonResponse['street_name'];
$accountBean->landmarks = $jsonResponse['landmarks'];
$accountBean->mobile_number = $jsonResponse['mobile_number'];
$accountBean->save();
$resultMessage['resultype'] = 'success_save';
$resultMessage['resulmsg'] = 'Successfully added new Customers';
}else{
$resultMessage['resultype'] = 'error_save';
$resultMessage['resulmsg'] = 'Ops! You cannot save two customer information';
}
return $this->generateResponse($response, $resultMessage, 200);
} catch (\Exception $exception) {
return $this->generateErrorResponse($response, $exception, 400);
}
}
}
3nd. Modify your controller.php at custom/application/Ext/Api/V8
<?php
require 'custom/application/Ext/Api/V8/Controller/CustomersController.php';
use Api\V8\Controller;
use Slim\Container;
return [Controller\CustomersController::class => function(Container $container) {
return new Controller\CustomersController();
}];
3rd. Modify your routes.php at custom/application/Ext/Api/V8/Config/routes.php
<?php
$app->post('/saveCustomersData', 'Api\V8\Controller\CustomersController:saveCustomersData');
Note:
CustomersController is your class
saveCustomersData is your function
2 Likes
@waraikobuot are you asking me a question, or are you just telling me how a custom API endpoint works?
Because I know hot it works. Your code looks nice, but it’s not possible to create an API endpoint without using authorization. If you create your example and you do a POST request (with for example ‘Postman’), you need to add the ‘access_token’, else you will het the ‘access_denied’ error:
{
"error": "access_denied",
"message": "The resource owner or authorization server denied the request.",
"hint": "The JWT string must have two dots"
}
For me the API endpoint is not the solution to my case. I have an external JavaScript front-end (Vue.js) where a customer can register to see his projects. I am using SuiteCRM as a backend tool where only employees can log in, and a front-end tool for customers. So the customer has to create his account while he has no ‘access_token’ yet. It’s not possible to get an ‘access_token’ because there are only 2 options:
- Password Grant → but then you need to be logged in first, because you need to have a username and password.
- Client Credentials Grant → this is not save, because you have to set the “key” and “client_secret” in the JavaScript application. And the problem with JavaScript is that everyone can see your keys. So never put keys in JavaScript applications!
My workaround is a custom EntryPoint where a user can POST data without any authorization. The logic for security issues will be server-sided and not client-sided.
If you want more information, I can show you. But I don’t know if you want to ask me something, or just want to teach me something?
Can you show me? Because I am just a beginner on this SuiteCRM. You can do validation also on the entry point were the user cannot input duplicate data and the criteria will be the First Name, Last Name and Mobile Number.
You get it in the CustomersController.php
The below code will return your parms in the response. Use Postman to see the returned results.
@johnwreford Hi, I copied all ur example code for testing, but I have an exception on post
Slim Application Error
The application could not run because of the following error:
Details
Type: RuntimeException
Message: Callable Api\V8\Controller\CustomController does not exist
File: /var/www/localhost/htdocs/vendor/slim/slim/Slim/CallableResolver.php
Line: 99