request to api return 404 error

So far I am just trying to authenticate. I haven’t even got to posting a request yet.
I can access the web interface through http://XXX.XXX.XXX.XXX/SuiteCRM and https://XXX.XXX.XXX.XXX/SuiteCRM
These are all POST requests:

I think I have tried over a hundred variations of API Api api oauth OAuth2 but they all seem to come up with a 404.


1 Like

The authentication parameters need to be in the request body. Here is an example using cURL:

curl --request POST \
  --url \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&client_id=5d0c0c67-6bac-8f69-3f74-5c43fe8c271e&client_secret=secret'

I copied your request exactly, changed my client_id and credentials and used right in the terminal but still get a 404.
Just to make sure it wasn’t some kind of access issue I also tried curl --request GET --url and that worked fine

s@s:~$ curl --request POST \

–header ‘Content-Type: application/x-www-form-urlencoded’
–data ‘grant_type=client_credentials&client_id=90f2061a-3f67-f28f-e905-5c32495a9f75e&client_secret=green’

404 Not Found

Not Found

The requested URL /SuiteCRM/Api/access_token was not found on this server.

Apache/2.4.29 (Ubuntu) Server at Port 80

What version number of SuiteCRM are you using?

Version 7.10.11

I’m thinking the mod_rewrite Apache module isn’t enabled. Here are some stack overflow posts that you can refer to test if it is:

1 Like

Hi, I’m a new user of SuiteCRM, and spent a few hours yesterday with exactly the same problem. I’m using 7.11.0, but assume it’s the same set up as 7.10.11 for the API.

I tracked my issue down, and it was due to Rewriting being turned off (as expected), however not because mod_rewrite was disabled but because the image I’m using (a docker image from bitnami) disables rewriting by default in the apache config files.

“AllowOverride None” needs to be “AllowOverride All” for the .htacess file to function.

The documentation on which URLs are the correct ones for the V8 API isn’t great. The latest docs look to be here: https://deploy-preview-90– but aren’t quite correct as they omit the use of “/Api/” in the path I.E. it’s “/Api/V8/module” not just “/V8/module”.

I found the access_token URL is: http://mysite/Api/access_token
then if you actually want to do anything once you have the access token you have to parse the token into the header request of the module you’d like to call, with a base url of: http://mysite/Api/V8/module/

Here’s an example in PHP that I’ve been playing with that pulls a list of all accounts:

$token_url = 'http://mysite/Api/access_token';
$module_url = 'http://mysite/Api/V8/module/';
$client_id = '12345678-1234-1234-1234-1234512345';
$client_secret = 'its a secret';
$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json'
$postStr = json_encode(array(
    'grant_type' => 'client_credentials',
    'client_id' => $client_id,
    'client_secret' => $client_secret
curl_setopt($ch, CURLOPT_URL, $token_url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);
$out = json_decode($output,true);

$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json',
    'authorization: Bearer '.$out["access_token"]
$item = 'Accounts?sort=-name';
curl_setopt($ch, CURLOPT_URL, $module_url . $item);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);
echo $output;

I now have another issue to do with permissions, but I’ll make it a new post.


Thank you all. alanm you were spot on.

I am using a generic Ubuntu 18.04LTS install on VirtualBox and it was not enabled. I did finally manage to get a response but there was a little more to it so I will add a few things that I had to do for those experiencing the same thing or those new to ssl as I am.

sudo a2enmod rewrite sudo systemctl restart apache2 to enable mod_rewrite

edit /etc/apache2/apache2.conf and add:
<Directory /var/www/html/SuiteCRM>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

I also created a SuiteCRM.conf file but I don’t think I actually had to do that.

Thanks again.everyone. I too haven’t gone past the authentication yet but that has been stumping me for a while now so I really appreciate the help.

Actually, it’s still not quite working for me. I did get past the 404 error and return a cookie but now that I am looking closer at it what it returned it was a 500 internal server error with no content but there was a cookie with elements:
Name:sugar_user_theme, Value:SuiteP
Name:PHPSESSID, Value:o2rgt0f21plndns6heijsm6d8c

I get the same result using curl or postman

Different question but thought it made sense to follow up here.

Much appreciated if anyone else has run into this.


This is a PHP error. PHP Fatal error: Uncaught LogicException: Key path “file:///var/www/html/Su/SuiteCRM/Api/V8/OAuth2/private.key” does not exist or is not readable in /var/www/html/SuiteCRM/vendor/league/oauth2-server/src/CryptKey.php

There is no private.key file. I thought maybe I had to create one through the UI but when I go to List Oauth2 Tokens then Create I get this error:
Error: File [modules/OAuth2Tokens/metadata/editviewdefs.php] is missing. Unable to create because no corresponding HTML file was found.

You have to generate a public.key and private.key file and place them in the /Api/V8/OAuth2 folder. This is described here:

1 Like

That did it. I have successfully generated an access token. Now I will try using the V8 API.

Thanks again!

One more question. Can anybody post a working url for a generic V8 query?

for example to list all modules the documentation says “https://path-to-instance/api/v8/modules/meta/list

but I keep getting a 404 error (I get the same with /Accounts and everything else I try)

every post in this forum has a variation of the URL (Api vs api, V8 vs v8, etc) - I think I have tried them all but it would be nice to know for sure if I even have the right url so I can begin to narrow down the problem.

Thanks again.

The meta/list endpoint is the “deprecated” JSON v8 API:

The endpoints that work (for me) are listed in the non-deprecated v8 API:

Here is a query for retrieving all accounts with the latest v8 API that works for me:

curl -X GET -H 'Authorization: Bearer your-oauth2-token' -H 'Content-Type: application/json'

We were running into this issue as well. There seems to be a crucial piece of information missing from the documentation. You need to check your instance install and make sure the .htaccess file exists in the root directory. If it does not you need to generate it by going to your admin panel under repairs and tell it to fix the missing .htaccess file.

In addition for the .htaccess file to function properly you need to have the “AllowOverride all” directive in your configuration file for your virtual host.

Once we did that and followed the requirements documentation the API call worked.

Maybe the maintainers of the Developer documentation could add that step to the requirements as it seems it is not optional to have a .htaccess file if you want to access the API.


Hi @alanm. I am also using API v8. SuiteCRM version 7.11.12.
I am serving my filess via nginx and FPM. I don’t need to use .htaccess file as it has been used by apache web server. Do you know why I am getting these result.
I am calling the same endpoint {{suitecrm.url}}/Api/access_token and getting a JSON response which is
“message”: “Not found”
If I am trying anything other I am getting lets say {{suitecrm.url}}/API/access_token (THE API is capital )I will get the text File not found. Would you please recommend something as I am dying to get the right answer,

Few things @ksaubhri;
Welcome to the community! :tada: for a start,

  1. Not sure how compatible SuiteCRM is with nginx so let us know how it goes.

  2. Why would you not need a .htaccess file or nginx equivalent, as well as providing security they allow for the complex redirects the API requires to function?

  3. Your first URL looked more correct as you should be using /Api/V8/access_token

Let us know if you have any luck!

Hi Team, thanx for the Welcome. One thing I would like to know that I have setup the suiteCRM on my local ubuntu laptop and calling the API via HTTP protocol only. Is it okay? Also In reply to using /Api/V8/access_token endpoint. I recieve File not Found as text message . I am attaching the postman screenshot of both the cases.

Try using the authorisation tab to create the access token, using this method you can store the token for use.

Have a look here for a good way of setting up postman

I solved my problem. There are only two things which I did.

  1. Change the version of suite CRM from 7.11.12 to 7.10.24.
  2. Earlier I was using Nginx as webserver. I switched to apache and connect apache with php7.1-fpm socket.
    Everything comes into place with the same API path given in the documentation