V4.1 API call not working (params not "received")

jm_tesla · 11 October 2024 04:44

I’m trying to simply login via the API (v4.1). I added log messages to public/legacy/service/v4/SugarWebServiceImplV4.php, at the top of the login function:

$GLOBALS['log']->debug("\$user_auth: ". json_encode($user_auth));
$GLOBALS['log']->debug("\$application: ". json_encode($application));
$GLOBALS['log']->debug("\$name_value_list: ". json_encode($name_value_list));
$GLOBALS['log']->debug("\$args: ". json_encode($args));

$request = "$_SERVER[REQUEST_METHOD] $_SERVER[REQUEST_URI] $_SERVER[SERVER_PROTOCOL]\r\n";

foreach (getallheaders() as $name => $value) {
    $request .= "$name: $value\r\n";
}

$request .= "\r\n" . file_get_contents('php://input');

$GLOBALS['log']->debug(''. $request);

In the log, all params are either null or an empty array. Here is the raw request (the $request variable):

POST /service/v4_1/rest.php HTTP/1.0
Host: localhost
Connection: close
Content-Length: 208
Content-Type: application/x-www-form-urlencoded

method=login&input_type=JSON&response_type=JSON&rest_data=%7B%22user_auth%22%3A%7B%22user_name%22%3A%22admin%22%2C%22password%22%3A%22dd995564b1fa70241364c5926aa27997%22%7D%2C%22application%22%3A%22test%22%7D

Of course, since the params received by the function are null/empty, I get the response (which is oddly 200 OK):

{"name":"Invalid Login","number":10,"description":"Login attempt failed please check the username and password"}

What am I missing here? Thanks!

crmspace · 11 October 2024 11:33

Hi,
did you hash your password? You need so send it as md5, so instead of “test” you would send “098f6bcd4621d373cade4e832627b4f6” (I see your pw looks like a hash, but its a common mistake).

jm_tesla · 11 October 2024 11:53

Yes, the password is an MD5 hash and I was careful to not include line breaks in the input. I generated the MD5 hash via the terminal printf password | md5sum and verified in an online MD5 generator.

Note that I am sending the payload as application/www-x-form-url-encded key/value pairs, with the rest_data value being raw (URL-encoded) JSON. Is this correct?

rsp · 11 October 2024 14:03

Guide on it:

jm_tesla · 11 October 2024 17:49

I’ve read the guide numerous times, it’s not enough. I am not using PHP and am not a “PHP guy”. Of course I can understand it but don’t know the inner-workings.

Given my POST’d request above, what is wrong with it?

pstevens · 11 October 2024 20:54

Have you tested your connection in Postman?

You first have to connect with a GET

{
    "method": "login",
    "input_type": "JSON",
    "response_type": "JSON",
    "rest_data": {
        "user_auth": {
            "user_name": "your-username",
            "password": "your-md5-password-hash",
            "version": "1"
        },
        "application_name": "RestTest",
        "name_value_list": []
    }
}

The response will be a user array with your session ID, you then need to connect via Post and send your session ID like this:

{
    "method": "get_entry_list",
    "input_type": "JSON",
    "response_type": "JSON",
    "rest_data": {
        "session": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "module_name": "Accounts",
        "query": "",
        "order_by": "",
        "offset": 0,
        "select_fields": ["id", "name"],
        "link_name_to_fields_array": [],
        "max_results": 10,
        "deleted": 0
    }
}

jm_tesla · 12 October 2024 07:39

Yes, I’m using Postman. What’s unclear to me (and isn’t mentioned in the docs that I could find), is what the Content-Type should be. I believe it is meant to be application/x-www-form-urlencoded. So I’ve tried sending the payload as form variables and I also tried as JSON (with application/json). It seems like no matter what I do, the parameters are not parsed on the PHP side.

I updated the login function to immediately return the incoming arguments (and my rebuilt request variable), so you can see here exactly what is being sent to the function:

Harshad · 12 October 2024 08:55

Can you please try using ‘Params’ option as follows and if it works, you can debug/check in the code about the content-type/length. The file rest.php uses ‘SugarRestService’ object and ‘SugarRestJSON’ response object. Please check in the serve() method in \service\core\REST\SugarRestJSON.php.

pstevens · 12 October 2024 16:20

Here’s all the settings you need for V4.1 API:

jm_tesla · 15 October 2024 15:14

Using the “params” option puts the params in the URL as query params. I’ve tried this directly via curl and Postman and I get the same result. Thank you, though.

jm_tesla · 15 October 2024 15:36

I’ve tried your answer on that same thread as well, and the params are just not there on the PHP side.

rsp · 15 October 2024 15:46

Maybe you’re making a small mistake while testing it out.