Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sample PHP script for connecting to the new RESTful SugarCRM REST API in 6.7 and later.
<?php
// specify the REST web service to interact with
$baseurl = '<<instanceurl>>/rest/v10';
/**
* Authenicate and get back token
*/
$curl = curl_init($baseurl . "/oauth2/token");
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
// Set the POST arguments to pass to the Sugar server
$rawPOSTdata = array(
"grant_type" => "password",
"username" => "<<username>>",
"password" => "<<password>>",
"client_id" => "sugar",
);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($rawPOSTdata));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
// Make the REST call, returning the result
$response = curl_exec($curl);
if (!$response) {
die("Connection Failure.\n");
}
// Convert the result from JSON format to a PHP array
$result = json_decode($response);
curl_close($curl);
if ( isset($result->error) ) {
die($result->error_message."\n");
}
$token = $result->access_token;
echo "Success! OAuth token is $token\n";
/**
* Subsequent call to get my user data
*/
// Open a curl session for making the call
$curl = curl_init($baseurl . "/me");
curl_setopt($curl, CURLOPT_POST, false);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json',"OAuth-Token: $token"));
// Make the REST call, returning the result
$response = curl_exec($curl);
if (!$response) {
die("Connection Failure.\n");
}
// Convert the result from JSON format to a PHP array
$result = json_decode($response);
curl_close($curl);
if ( isset($result->error) ) {
die($result->error_message."\n");
}
var_dump($result);
@smalyshev

This comment has been minimized.

Copy link

commented Jun 7, 2013

I'd recommend though to add checking that you actually got the token and not the error message.

@jmertic

This comment has been minimized.

Copy link
Owner Author

commented Jun 23, 2013

Thanks Stas! Added the check in there.

@itsmejustind

This comment has been minimized.

Copy link

commented Feb 3, 2014

With the update to 7.1.5 a single user can not have two sessions. So if you're signed in to Sugar in your browser and then use this method to get an access token, your browser session will expire. Is there a different "grant_type" that can be used with "client_id" and "client_secret"?

@ginotria

This comment has been minimized.

Copy link

commented Jun 20, 2014

@jmetric , follow up with @itsmejustind question: Is there a different "grant_type" that can be used with "client_id" and "client_secret"? so users can have two sugar sessions, one when using the inside sugar and another from a 3rd party app using sugar api

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.