Issue with V8 API after upgrade to 7.11.4

Ever since the upgrade, API requests that worked prior to 7.4.11 are failing. Any thoughts? Thanks in advance

PHP 7.2
mysql Ver 14.14 Distrib 5.7.26, for Linux (x86_64) using EditLine wrapper
SuiteCRM 7.11.4
Running on Ubuntu: Linux 4.15.0-1035-aws #37-Ubuntu SMP Mon Mar 18 16:15:14 UTC 2019

Access token generation works, but simple API calls do not:

GET /Api/V8/module/Accounts

“errors”: {
“status”: 400,
“title”: null,
“detail”: “Module id is empty when trying to get Users”

Mon May 6 01:46:32 2019 [31488][-none-][FATAL] API Exception detected:
Message was: Module id is empty when trying to get Users
Exception details:

#0 /var/www/html/CCCRM/Api/V8/Middleware/ParamsMiddleware.php(82): Api\V8\BeanDecorator\BeanManager->getBeanSafe(‘Users’, ‘’)
#1 /var/www/html/CCCRM/Api/V8/Middleware/ParamsMiddleware.php(45): Api\V8\Middleware\ParamsMiddleware->setCurrentUserGlobal(Object(Slim\Http\Request))
#2 /var/www/html/CCCRM/Api/V8/Factory/ParamsMiddlewareFactory.php(37): Api\V8\Middleware\ParamsMiddleware->__invoke(Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Slim\Route))
#3 [internal function]: Api\V8\Factory\ParamsMiddlewareFactory->Api\V8\Factory{closure}(Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Slim\Route))
#4 /var/www/html/CCCRM/vendor/slim/slim/Slim/DeferredCallable.php(43): call_user_func_array(Object(Closure), Array)
#5 [internal function]: Slim\DeferredCallable->__invoke(Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Slim\Route))
#6 /var/www/html/CCCRM/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func(Object(Slim\DeferredCallable), Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Slim\Route))
#7 /var/www/html/CCCRM/vendor/league/oauth2-server/src/Middleware/ResourceServerMiddleware.php(53): Slim\Route->Slim{closure}(Object(Slim\Http\Request), Object(Slim\Http\Response))
#8 [internal function]: League\OAuth2\Server\Middleware\ResourceServerMiddleware->__invoke(Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Closure))
#9 /var/www/html/CCCRM/vendor/slim/slim/Slim/DeferredCallable.php(43): call_user_func_array(Object(League\OAuth2\Server\Middleware\ResourceServerMiddleware), Array)
#10 [internal function]: Slim\DeferredCallable->__invoke(Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Closure))
#11 /var/www/html/CCCRM/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(70): call_user_func(Object(Slim\DeferredCallable), Object(Slim\Http\Request), Object(Slim\Http\Response), Object(Closure))
#12 /var/www/html/CCCRM/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(117): Slim\Route->Slim{closure}(Object(Slim\Http\Request), Object(Slim\Http\Response))
#13 /var/www/html/CCCRM/vendor/slim/slim/Slim/Route.php(334): Slim\Route->callMiddlewareStack(Object(Slim\Http\Request), Object(Slim\Http\Response))
#14 /var/www/html/CCCRM/vendor/slim/slim/Slim/App.php(516): Slim\Route->run(Object(Slim\Http\Request), Object(Slim\Http\Response))
#15 /var/www/html/CCCRM/vendor/slim/slim/Slim/MiddlewareAwareTrait.php(117): Slim\App->__invoke(Object(Slim\Http\Request), Object(Slim\Http\Response))
#16 /var/www/html/CCCRM/vendor/slim/slim/Slim/App.php(407): Slim\App->callMiddlewareStack(Object(Slim\Http\Request), Object(Slim\Http\Response))
#17 /var/www/html/CCCRM/vendor/slim/slim/Slim/App.php(315): Slim\App->process(Object(Slim\Http\Request), Object(Slim\Http\Response))
#18 /var/www/html/CCCRM/Api/index.php(4): Slim\App->run()
#19 {main}

Sorry, the version where this became a problem was the recent version as of this post, 7.11.4. I mixed it up, even after an admin was nice enough to clean it up, some old examples are in my post.

I checked the release notes, and I do not see where ParamsMiddleware.php(82): Api\V8\BeanDecorator\BeanManager->getBeanSafe(‘Users’, ‘’) was changed in the bug fix list. Was this part of the Oauth2 security fix? “Security Issue - Fixed Oauth2 access control issue” This section of the file is not present in 7.11.3.

I did confirm again that the same code I was using on 7.11.4 works just fine on 7.11.3. The only difference was the OAuth2 credentials. I did create a new client and token with 7.11.4 after I upgraded as well.

Well, I created a “client credentials client” and that fixed the problem. Noted, this appears to be a requirement for 7.11.4.

Hhm great. I don’t know what that is though :cheer:

Do you want to update the Documentation to say that?

1 Like

Sure, I will update the docs.

It seems like password grants do not work anymore as ParamsMiddleware.php is now looking to match the key with an associated user. As you can see in image 2, the password grant has no user associated with it. However, client grants do match to a user, and as a result, getBeanSafe(‘Users’, ‘’) is populated with the username associated with the token. Solution: use client grants.

1 Like

After creating a pull for documentation updates on this issue, I have been told that the password grants are working as expected.

Thanks for at least trying to update the Docs. Sorry if I misled you, I am not involved with the API development and I thought this tip would apply to everyone but it seems there’s more to this than meets the eye. At least, my eye :huh:

I hope that in a month or two the API stabilizes and the API Docs get a larger, deeper update, it’s quite needed…

1 Like

No, thank you, pgr. They did blame the API documentation. I just wanted to update the conversation here so that it was logged at least. I feel like the thread still has value.