Missing "Authorization" header on access_token

Opica · 23 January 2019 10:00

I have an SuiteCRM install on a link like this:

<domain>/suitecrm/

when I try to get the access token and I query this url:


<domain>/suitecrm/api/access_token
or
<domain>/suitecrm/api/oauth/access_token

I always get the same error:


Missing "Authorization" header

I can not set the header as I’ve not gotten the token yet.

PS: Are there any PHP library for working with the SuiteCRM API?

novajones001 · 23 January 2019 19:18

First thing I see, it looks like you are trying to use the access token as a refresh token, which will not work. You will need to pass in a refresh token here instead

let refresh_token = localStorage.getItem(‘access_token’);
That said, I would have expected that to return a different error along the lines of

Only refresh tokens can access this endpoint
Have you modified the JWT_HEADER_NAME or JWT_HEADER_TYPE in your app.config at all?

Opica · 24 January 2019 09:47

I’m accessing the API with a different PHP script, so there is no localStorage.

According to the documentation I should be able to call the /access_token with client ID and client SECRET (as set in the admin pannel) and get back an access token which I then send over in the Authorization header.

Or am I not understanding something correctly?

helgebe · 6 February 2019 14:16

Bit late, but it could look something like this:

function getToken(){
    $suiteauth = "https://" . API . "/Api/access_token";
    $oauth2_credentials = array(
      'client_id'     => APIKEY,
      'client_secret' => APISECRET,
      'grant_type'    => 'client_credentials',
      'scope'      => '',
      
      );

    $curl = curl_init();
        curl_setopt_array($curl,array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => $suiteauth,
        CURLOPT_HEADER => 0,
        CURLOPT_POSTFIELDS => $oauth2_credentials
        ));

        $response = curl_exec($curl);

        curl_close($curl);

        $jsonresponse = json_decode($response, TRUE);
        $bearertoken = $jsonresponse['access_token'];
}

and then you could do something liket this (for a very simple GET):

function connectAPI(){
        
    $curl = curl_init();
    curl_setopt_array($curl,array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => API . "/Api/V8/module/Contacts",
        CURLOPT_HEADER => 0,
        CURLOPT_HTTPHEADER => array(
            "Content-Type: application/json",
            "cache-control: no-cache",
            "Authorization: Bearer " . $bearertoken
        ),
    ));
    
    $result =  curl_exec($curl);
    curl_close($curl);

}