Oauth Token generation

Hi All,

I’ve created Consumer Key and Consumer Secret from Admin->Oauth Keys panel. Now I need to create/generate Token for this pair but there is no any online reference available to achieve this.

I’ve also tried couple of solutions available for SugarCRM (i.e. http://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_6.5/Application_Framework/Authentication/Oauth/index.html) but no luck.

It\ll be very helpful if someone can help in this.

  1. Call getRequestToken.
  2. In response you will get oauth_token, oauth_token_secret and authorize_url. Save them, they will be used in next steps.
    [li]Login to suitecrm and open authorize_url with oauth_token paramter.
    Example url: [color=#ff0000]http://localhost/suitecrm/index.php?module=OAuthTokens&action=authorize&token=b9a690a6a8a2[/color][/li]1. Press authorize token and you will get authorization code. Save this one.
    [li]Now you can use getAccessToken with oauth_token and oauth_token_secret from step 2. Add auhtorization code from step 4 to url oauth_verifier parameter.
    Example url: [color=#ff0000]http://localhost/suitecrm/service/v4_1/rest.php?method=oauth_access_token&oauth_verifier=9ec491718391[/color][/li]
    [li]You will get oauth_access_token and oauth_access_token_secret.
    You API url will be like[color=#ff0000] http://localhost/suitecrm/service/v4_1/rest.php?oauth_token=d9c99cc2cf6e&method=get_available_modules[/color]
    oauth_token is your oauth_access_token.[/li]
    Also you need to turn off error reporting.

How to call Call getRequestToken.
, its not working?

If you are using 7.10 version you need to copy Zend/Crypt.php file and Zend/Crypt folder from 7.9

nodejs example:

const ENDPOINT = 'http://localhost/suitecrm/service/v4_1/rest.php';
const CONSUMER_KEY = '';

let OAuth = require('oauth');
let oa = new OAuth.OAuth(

// STEP 1
oa.getOAuthRequestToken(function(err, oauth_token, oauth_token_secret, results) {

// STEP 2
// open results.authorize_url+'?token='+oauth_token in browser

// STEP 3
// copy verify key from browser
// ENDPOINT+'?method=oauth_access_token&oauth_verifier=bf4db54a1e37',
let oauth_token = '1b4fb84a2ae3';
let oauth_token_secret = 'a3887329bbef';
let oauth_verifier = 'bf4db54a1e37 ';

oa.getOAuthAccessToken(oauth_token, oauth_token_secret, function(err, oauth_access_token, oauth_access_token_secret, results) {

Maybe you want to look at new OAuth2 in 7.10

can you pls let me know the php code?

Using OAuth with Sugar

thank , I already have this link but showing error ‘OAuth class not find’ there is no OAuth class in entire suitecrm directory

OAuth is a php extension and it have problems with last php version.
So i used Risan OAuth 1.0 client library for PHP.

Working example: suitecrm_oauth_example.php


// Includes the Composer autoload file.
require 'vendor/autoload.php';

// Start the session.

// Create an instance of Risan\OAuth1\OAuth1 class.
$oauth1 = Risan\OAuth1\OAuth1Factory::create([
	'client_credentials_identifier' => '<consumer key>',
	'client_credentials_secret' => '<consumer secret>',
	'temporary_credentials_uri' => 'http://<suitecrm_url>/service/v4_1/rest.php?method=oauth_request_token',
	'authorization_uri' => 'http://<suitecrm_url>/index.php?module=OAuthTokens&action=authorize',
	'token_credentials_uri' => 'http://<suitecrm_url>/service/v4_1/rest.php?method=oauth_access_token',
	'callback_uri' => 'http://<this script url>',
	'base_uri' => 'http://<suitecrm_url>/service/v4_1/rest.php',

if (isset($_SESSION['token_credentials'])) {
	// Get back the previosuly obtain token credentials (step 3).
	$tokenCredentials = unserialize($_SESSION['token_credentials']);


	// rest_data variable is your post params for method call
	// session variable is IMPORTANT!
	$post = array(
		'method' => 'get_available_modules',
		'input_type' => 'JSON',
		'response_type' => 'JSON',
		'rest_data' => json_encode(array('session' => ''))
	$response = $oauth1->post('?oauth_token='.$tokenCredentials->getIdentifier(), ['form_params' => $post]);

	// Convert the response to array and display it.
	print_r(json_decode($response->getBody()->getContents(), true));
} elseif (isset($_GET['oauth_token']) && isset($_GET['oauth_verifier'])) {
	// Get back the previosuly generated temporary credentials (step 1).
	$temporaryCredentials = unserialize($_SESSION['temporary_credentials']);

	// STEP 3: Obtain the token credentials (also known as access token).
	$tokenCredentials = $oauth1->requestTokenCredentials($temporaryCredentials, $_GET['oauth_token'], $_GET['oauth_verifier']);

	// Store the token credentials in session for later use.
	$_SESSION['token_credentials'] = serialize($tokenCredentials);

	// this basically just redirecting to the current page so that the query string is removed.
	header('Location: ' . (string) $oauth1->getConfig()->getCallbackUri());
} else {
	// STEP 1: Obtain a temporary credentials (also known as the request token)
	$temporaryCredentials = $oauth1->requestTemporaryCredentials();

	// Store the temporary credentials in session so we can use it on step 3.
	$_SESSION['temporary_credentials'] = serialize($temporaryCredentials);

	// STEP 2: Generate and redirect user to authorization URI.
	$authorizationUri = $oauth1->buildAuthorizationUri($temporaryCredentials);
	header("Location: {$authorizationUri}");

thanks for the info,

but i am getting below error while risan oauth library through composer ,

Your requirements could not be resolved to an installable set of packages.

Problem 1

  • The requested package risan/oauth1 No version set (parsed as 1.0.0) is satisfiable by risan/oauth1[No version set (parsed as 1.0.0)] but these conflict with your requirements or minimum-stability.

Installation failed, reverting ./composer.json to its original content.

Please suggest what I am missing?

I’m not familiar with composer
Try to install into empty directory
like /var/www/html/test

php composer.phar require risan/oauth1 --working-dir=/var/www/html/test

then copy example file into this dir
Tested it with linux php 5.6 and it works fine

root@freepbx:~# php composer.phar require risan/oauth1 --working-dir=/var/www/html/test
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Using version ^2.0 for risan/oauth1
./composer.json has been created
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 6 installs, 0 updates, 0 removals
  - Installing psr/http-message (1.0.1): Downloading (100%)         
  - Installing paragonie/random_compat (v2.0.15): Downloading (100%)         
  - Installing guzzlehttp/psr7 (1.4.2): Downloading (100%)         
  - Installing guzzlehttp/promises (v1.3.1): Downloading (100%)         
  - Installing guzzlehttp/guzzle (6.3.3): Downloading (100%)         
  - Installing risan/oauth1 (v2.0.0): Downloading (100%)         
paragonie/random_compat suggests installing ext-libsodium (Provides a modern crypto API that can be used to generate random bytes.)
guzzlehttp/guzzle suggests installing psr/log (Required for using the Log middleware)
Writing lock file
Generating autoload files


hey thanks , I think I am close ,
but php composer.phar require risan/oauth1 --working-dir=/var/www/html/test
showing composer.phar not found?

I have extracted the downloaded zip from github and there was no composer.phar file,
can you please help me in this?

you should learn how to install and use composer

worked well on my another instance , thanks

Fatal error: Uncaught Risan\OAuth1\Credentials\CredentialsException: Unable to parse temporary credentials response. Missing parameter: oauth_token. in /var/www/html/test/vendor/risan/oauth1/src/Credentials/CredentialsFactory.php:23 Stack trace: #0 /var/www/html/test/vendor/risan/oauth1/src/OAuth1.php(113): Risan\OAuth1\Credentials\CredentialsFactory->createTemporaryCredentialsFromResponse(Object(GuzzleHttp\Psr7\Response)) #1 /var/www/html/test/oauth.php(55): Risan\OAuth1\OAuth1->requestTemporaryCredentials() #2 {main} thrown in /var/www/html/test/vendor/risan/oauth1/src/Credentials/CredentialsFactory.php on line 23

This can be happened when you login to authorize token. Log in first before calling this script.
Also don’t forget to disable php errors displaying.

already login , and its fatal error

Hello ,

above example not working in SuiteCRM-7.10.7 version.

have any other code for demo.

Thanks in advance.

check logs, maybe its because 7.10 is missing Zend/Crypt

Hey serfreeman1337,

I am also facing the same issue im getting below error

Fatal error: Uncaught exception ‘Risan\OAuth1\Credentials\CredentialsException’ with message ‘Unable to parse temporary credentials response. Missing parameter: oauth_token.’ in K:\Sravani\xampp\htdocs\redpiranha\oauth1\src\Credentials\CredentialsFactory.php:23 Stack trace: #0 K:\Sravani\xampp\htdocs\redpiranha\oauth1\src\OAuth1.php(113): Risan\OAuth1\Credentials\CredentialsFactory->createTemporaryCredentialsFromResponse(Object(GuzzleHttp\Psr7\Response)) #1 K:\Sravani\xampp\htdocs\redpiranha\suitecrm_oauth.php(55): Risan\OAuth1\OAuth1->requestTemporaryCredentials() #2 {main} thrown in K:\Sravani\xampp\htdocs\redpiranha\oauth1\src\Credentials\CredentialsFactory.php on line 23

I have logged into crm … can you please help me out