Missing "Authorization" header on access_token

I have an SuiteCRM install on a link like this:


when I try to get the access token and I query this url:


I always get the same error:

Missing "Authorization" header

I can not set the header as I’ve not gotten the token yet.

PS: Are there any PHP library for working with the SuiteCRM API?

First thing I see, it looks like you are trying to use the access token as a refresh token, which will not work. You will need to pass in a refresh token here instead

let refresh_token = localStorage.getItem(‘access_token’);
That said, I would have expected that to return a different error along the lines of

Only refresh tokens can access this endpoint
Have you modified the JWT_HEADER_NAME or JWT_HEADER_TYPE in your app.config at all?

I’m accessing the API with a different PHP script, so there is no localStorage.

According to the documentation I should be able to call the /access_token with client ID and client SECRET (as set in the admin pannel) and get back an access token which I then send over in the Authorization header.

Or am I not understanding something correctly?

Bit late, but it could look something like this:

function getToken(){
    $suiteauth = "https://" . API . "/Api/access_token";
    $oauth2_credentials = array(
      'client_id'     => APIKEY,
      'client_secret' => APISECRET,
      'grant_type'    => 'client_credentials',
      'scope'      => '',

    $curl = curl_init();
        CURLOPT_URL => $suiteauth,
        CURLOPT_HEADER => 0,
        CURLOPT_POSTFIELDS => $oauth2_credentials

        $response = curl_exec($curl);


        $jsonresponse = json_decode($response, TRUE);
        $bearertoken = $jsonresponse['access_token'];

and then you could do something liket this (for a very simple GET):

function connectAPI(){
    $curl = curl_init();
        CURLOPT_URL => API . "/Api/V8/module/Contacts",
        CURLOPT_HEADER => 0,
        CURLOPT_HTTPHEADER => array(
            "Content-Type: application/json",
            "cache-control: no-cache",
            "Authorization: Bearer " . $bearertoken
    $result =  curl_exec($curl);