缺少“授权”头的SuiteCRM API

Question

我可以在这样的链接上访问SuiteCRM安装的API：

<domain>/suitecrm/

当我试图获取访问令牌并查询此url时：

<domain>/suitecrm/api/access_token

或

<domain>/suitecrm/api/oauth/access_token

我总是会犯同样的错误：

缺少“授权”标题

我无法设置标题，因为我还没有得到标记。问题是什么？

有人找到了一个很好的使用SuiteCRM API的库吗？

Answer 1

1. 确保.htaccess是正确的，如果您使用的是在.htacces中应该以重写基形式出现的/suitecrm。如果您有疑问，请重新生成ADmin -修复和重建。
2. 在Admin->Oauth令牌和客户端上生成一个client_credentials (如果您有最近的版本，有2种类型，密码和客户端凭据类型)。
3. 测试客户端凭据，将标题设置为Content-Type: application/vnd.api+json和Accept: application/vnd.api+json，并设置JSON，将文章发送到JSON：

JSON (使用您创建的用户进行修改)：

{
    "grant_type":"client_credentials",
    "client_id":"a85a6faa-8379-40ea-0452-5c48b9bd9f2e",
    "client_secret":"myPass",
    "scope":"standard:create standard:read standard:update standard:delete standard:delete standard:relationship:create standard:relationship:read standard:relationship:update standard:relationship:delete"
    }

1. 您应该获得所需的授权头。

类似于：

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjA0NmNkZjcxYzg3YmM1ZTNiNWZjMjM5NTMzYjgzMzkzYmMyNmFiMTBiYTc3MWYzNTE1NTRiMWIxMWEzN2NhNGU4ZWRhOGQ0MWRmNWY3NmE2In0.eyJhdWQiOiJhODVhNmZhYS04Mzc5LTQwZWEtMDQ1Mi01YzQ4YjliZDlmMmUiLCJqdGkiOiIwNDZjZGY3MWM4N2JjNWUzYjVmYzIzOTUzM2I4MzM5M2JjMjZhYjEwYmE3NzFmMzUxNTU0YjFiMTFhMzdjYTRlOGVkYThkNDFkZjVmNzZhNiIsImlhdCI6MTU0ODI2OTg1OCwibmJmIjoxNTQ4MjY5ODU4LCJleHAiOjE1NDgyNzM0NTgsInN1YiI6IiIsInNjb3BlcyI6WyJzdGFuZGFyZDpjcmVhdGUiLCJzdGFuZGFyZDpyZWFkIiwic3RhbmRhcmQ6dXBkYXRlIiwic3RhbmRhcmQ6ZGVsZXRlIiwic3RhbmRhcmQ6cmVsYXRpb25zaGlwOmNyZWF0ZSIsInN0YW5kYXJkOnJlbGF0aW9uc2hpcDpyZWFkIiwic3RhbmRhcmQ6cmVsYXRpb25zaGlwOnVwZGF0ZSIsInN0YW5kYXJkOnJlbGF0aW9uc2hpcDpkZWxldGUiXX0.poxdke303wOVUvrpcmToUms0Sa2TWM_bo5_TmoyaegaFd1WlnEr0gxhyFT-XIkcdM9MhTJSP8VdsAVEf57UQlfzP9q8TuPk4P-fAZRxZMUFNjoglPpsluSIPVZ5drOaiuLNzaWcEIXMlYf-oPP3LUOc5OBc7y0RCoCOSocymplS_Ytt3MlIs_vM--aXb8cqfWNFto0UiJamQ19woSfqbC3t-zW8hAZs4rBLC9lY_DonozUmUVxPv7tryDz1I4jMK9EdAGRi-QKuOT02-IBt-ecSYRkw5mcBl_kLbrgOwOZc91QuooO4GmLS6efWmS7-RhCjngs1CBktvoFCuP1K_DA"
}

如果仍然存在问题，则可能与apache删除的标头有关，请将以下内容添加到.htaccess

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Answer 2

万一有人在这个问题上绊倒了，我就是这样解决问题的：

我使用了“旧的”API端点<crm path>/service/v4/rest.php和下面的内容(工作，但去掉了！)代码：

首先，对URL进行一些小修改：

    protected function curl($url, $get) {
        $ch = curl_init();

        $header = array(
            // THIS IS DIFFERENT!
            'Content-type: application/vnd.api+json',
            'Accept: application/vnd.api+json',
         );

        $query = http_build_query($get);
        $url = $url.'?'.$query;

        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
        $output = curl_exec($ch);

        return $output;
    }

现在认证代码

    $restData = [
        'user_auth' => [
            'user_name' => getenv('CRM_USERNAME'),
            'password' => getenv('CRM_PASS_MD5'),
            'version' => '1.2'
        ]
    ];

    $get = [
        'method' => 'login',
        'input_type' => 'JSON',
        'response_type' => 'JSON',
        'rest_data' => json_encode($restData)
    ];

    $output = curl($apiURL, $get); //@todo Connect the Api URL!

    $data = json_decode($output);

    $secret = $data->id; // This is what you need 

下面是一个如何获取数据的示例：

    function getData($secret) {

        $restData = [
            'session' => $secret,

            //The name of the module from which to retrieve records
            'module_name' => 'Tasks',

            //The SQL WHERE clause without the word "where".
            'query' => "",

            //The SQL ORDER BY clause without the phrase "order by".
            'order_by' => "",

            //The record offset from which to start.
            'offset' => '0',

            //Optional. A list of fields to include in the results.
            'select_fields' => array(
                'id',
                'name',
                'title',
                'date_entered',
                'date_modified',
                'description',
                'date_start',
                'priority'
            ),

            /*
            A list of link names and the fields to be returned for each link name.
            Example: 'link_name_to_fields_array' => array(array('name' => 'email_addresses', 'value' => array('id', 'email_address', 'opt_out', 'primary_address')))
            */
            // 'link_name_to_fields_array' => array(
            // ),

            //The maximum number of results to return.
            'max_results' => '999',

            //To exclude deleted records
            'deleted' => '0',

            //If only records marked as favorites should be returned.
            'Favorites' => false,

        ];

        $get = [
            'method' => 'get_entry_list',
            'input_type' => 'JSON',
            'response_type' => 'JSON',
            'rest_data' => json_encode($restData)
        ];


        $output = curl($this->apiUrl, $get);

        $data = json_decode($output);}

        return $data->entry_list;

    }

以及如何设置数据的示例

function setData($issueId, $field, $newValue) {

    $restData = [
        'session' => $this->secret,

        //The name of the module from which to retrieve records
        'module_name' => 'Tasks',

        'name_value_list' => [
            [
                "name" => "id",
                "value" => $issueId
            ],
            [
                "name" => $field,
                "value" => $newValue
            ]
        ]
    ];

    $get = [
        'method' => 'set_entry',
        'input_type' => 'JSON',
        'response_type' => 'JSON',
        'rest_data' => json_encode($restData)
    ];

    $output = curl($apiUrl, $get);
    $data = json_decode($output);

    if (!$data) {
        throw new \Exception('CRM invalid response!');
    }

    return true;

}