Every request to /Api/access_token returns unsupported_grant_type

Hey everyone, looking for help from anyone that might have an idea of what’s going wrong. I am unable to authenticate at all, and as such am unable to really do anything else for the moment.

I am trying to connect to the SuiteCRM API via python and it seems that no matter how I try to request an access token I am always returned unsupported_grant_type. I have followed all the steps provided in the following documentation:

I have run composer, generated keys, changed the encryption key, I have created a Client Credentials entry in my installation of SuiteCRM and a Password Grant, and I am using the url and example provided in the second link above (but converted from PHP to Python). However, it doesn’t matter if I used client_credentials or password, I get the same error response from the API.

I should be able to send my client_id and client_secret and receive a JSON object containing my access_token.

This is the code I am using to try and get my access token:

import requests

url = 'https://mydomain.com/Api/access_token'

data = {
    'grant_type': 'client_credentials',
    'client_id': 'a4f0026f-7587-c416-4ae8-5d3796013a4e',
    'client_secret': 'mysecretkey'

headers = {'Content-type': 'application/vnd.api+json', 'Accept': 'application/vnd.api+json'}

response = requests.post(url, data=data, headers=headers)

and this is the response I get:

{'error': 'unsupported_grant_type', 'message': 'The authorization grant type is not supported by the authorization server.', 'hint': 'Check thegrant_typeparameter'}

This is the same response I get if I swap ‘grant_type’ to ‘password’ and add the credentials for my admin user.

My Environment

  • SuiteCRM Version used: 7.10.17
  • Environment name and version: PHP 7.2
  • Operating System and version: Ubuntu 16.04 (both server and my computer)
  • Python version: 3.6

If anyone has an idea of what’s going on help would be greatly appreciated!

Did you test it in something else, like postman?
It works for me to a version 7.11.6, postman give me this Python code (which seems to be same as yours):

import requests

url = "https://url/Api/access_token"

payload = "{\n    \"client_id\": \"...\",\n    \"client_secret\": \"...\",\n    \"grant_type\": \"client_credentials\"\n}"
headers = {
    'Accept': "application/vnd.api+json",
    'Content-Type': "application/vnd.api+json",
    'cache-control': "no-cache"

response = requests.request("POST", url, data=payload, headers=headers)


There are lots of API bugfixes and improvements in newer versions.

I didn’t realize there was a newer version tbh, I had just recently installed it and I assumed it was the latest. I will try updating and see if that fixes it, otherwise I’m at a loss because my code is almost the exact same as postman’s…

Actually something in that postman request did clue me in: I noticed that it was a string not a dict, and it turns out if I convert it to json before making the request then it works. Thanks for indirectly solving the issue for me!