Error when calling API

I follow this guide and get our SuiteCRM running here
Though I calling to POST /api/oauth/access_token as guided here I get error saying that the endpoint is not available on my server

The requested URL /api/oauth/access_token was not found on this server

I use Postman to make the request.
Please guide me how to get API working.

1 Like

We’re working on a new version of the API documentation.

You can preview an unofficial, unpublished version here:


See if that helps you.

Yeah following that guide already. I think this section need more details to get things working.

Hi @pgr,
Would be lovely to have your updates on this issue ie. where would we see the official document for API?
Hope to hear from you,

Hi, we had to put the API refactoring on hold for a while, due to other pressing engagements. But it can come out any day, it’s mostly ready.

About the Documentation, it will happen soon after. But since you can already see the preview of the new version, what else do you need?

Yeah, this problem is stil persisting – have the same issues, /lib/API/OAuth2/access_token = 404 error – means we can’t use the API basically.

Any attention or escalation appreciated

Looks like a problem with the webserver rewrites… Are you using Apache?

Yes, Apache, Ubuntu

Do you have a .htaccess file inside SuiteCRM’s root directory? If not, generate it from Admin -> repair

Yes, I do.

    RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
    RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Both seem correct. the lib/API/public/index.php file reads:

if (!defined('sugarEntry')) {
    define('sugarEntry', true);
require_once __DIR__.'../../core/app.php';

(just noticed there’s no close “?>” in that file – is that normal?)

and the lib/core/app.php file exists as well, as:

ini_set('error_reporting', ~E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED);

require_once __DIR__.'/../../../include/entryPoint.php';
global $sugar_config;
global $version;
global $container;

preg_match("/\/api\/(.*?)\//", $_SERVER['REQUEST_URI'], $matches);

$GLOBALS['app_list_strings'] = return_app_list_strings_language($GLOBALS['current_language']);


$version = 8;

require_once __DIR__.'/containers.php';

$app = new \Slim\App($container);
$paths = new \SuiteCRM\Utility\Paths();

// Load Core Routes
$routeFiles = (array) glob($paths->getLibraryPath() . '/API/v8/route/*.php');
foreach ($routeFiles as $routeFile) {
    require $routeFile;

// Load Custom Routes
$customRouteFiles = (array) glob($paths->getCustomLibraryPath() . '/API/v8/route/*.php');
foreach ($customRouteFiles as $routeFile) {
    require $routeFile;

// Load callables
$callableFiles = (array) glob($paths->getLibraryPath().'/API/v8/callable/*.php');
foreach ($callableFiles as $callableFile) {
    require $callableFile;

$customCallableFiles = (array) glob($paths->getCustomLibraryPath().'/API/v8/callable/*.php');
foreach ($customCallableFiles as $callableFile) {
    require $callableFile;



Yes that’s fine :slight_smile:

Since .htaccess exists, I’d check the Apache configuration, maybe there’s a stray “AllowOverride none”

Yeah, I made sure in apache2.conf that it’s reading:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted

Somewhere else to look?

Postman still giving 404 error on /lib/API/access_token … trid /lib/API/OAuth2/access_token too just to check, but that rewrite should be throwing all to the index.php fine …

1 Like

I’m sorry, I should’ve noticed this sooner… You should use /api/oauth/access_token


Sorry, I had assumed that since the folders on installation were named /lib/API/OAuth2/ that i had to do the POST command the same way with access_token.

There is no /lib/api/oauth/ folder – does that matter?

Also on the rewrite rules – does that case matter? SuiteCRM 7.10.8 installs with an API folder in uppercase, not lowercase like in the first “api” of “RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1” – does that also matter?

Thanks so much!

No the rewirte rules and index.php take care of everything :slight_smile: Just use lowercase in your API calls

Yeah, i’ll have to chase down the redirect error somewhere … i think it’s related to the fact the 7.10.9 installs with /API/OAuth2 folder instead of /api/oauth as with previous versions.

If i POST direct to “” – at least I get a response:

    "error": "access_denied",
    "message": "The resource owner or authorization server denied the request.",
    "hint": "Missing \"Authorization\" header"

– rather than the 404 error every time from “” (nor does using /API/OAuth2 work, as noted previously) . Endpoint is a mystery!

Have also tried both password and client to get authorization with the /index.php endpoint … no go.

Been through the .htaccess, apache2.conf, httpd.conf, all that – don’t see the bad redirect, if that’s what the problem is.

Any further ideas?

What happens if you POST to ? is:

        <title>404 Not Found</title>
        <h1>Not Found</h1>
        <p>The requested URL /lib/api/oauth/access_token was not found on this server.</p>
        <address>Apache/2.4.29 (Ubuntu) Server at Port 80</address>
</html> is:

        <title>404 Not Found</title>
        <h1>Not Found</h1>
        <p>The requested URL /lib/api/oauth/access_token was not found on this server.</p>
        <address>Apache/2.4.29 (Ubuntu) Server at Port 80</address>

No “lib”, just :slight_smile: