SuiteCRM API treats GET the same as POST


I just noticed that the SuiteCRM API doesn’t make a distinction between GET, POST, OPTIONS, etc.

For example, if you want to create a new account using set_entry then you would expect that a POST request is the right way to do this. However, if you change the POST to GET (or any other HTTP request) then the result will be the same (that is, a new account is created).

This is obviously not the way REST web services are supposed be designed. I’m using SuiteCRM version 7.4.3. Is this still the case in newer versions?

Because of this issue, accounts created using the REST API are created twice in my CRM system. Web browsers often send an OPTIONS request first before sending a POST or a GET. The SuiteCRM REST API already creates a new account when it receives the OPTIONS request. Hence, the following GET or POST will result in a duplicate account.

Any suggestions on how to deal with this?

For anyone that’s interested, I found a solution here:

1 Like