SuiteCRM API 缺少“授权”标头

Question

我可以通过如下链接访问 SuiteCRM 安装的 API：

<domain>/suitecrm/

当我尝试获取访问令牌并查询此网址时：

<domain>/suitecrm/api/access_token

或

<domain>/suitecrm/api/oauth/access_token

我总是遇到同样的错误：

缺少“授权”标头

由于我还没有得到令牌，所以我无法设置标题。会有什么问题？

PS：有没有人找到使用 SuiteCRM API 的好库？

Answer 1

1. 确保 .htaccess 是正确的，如果您使用的 /suitecrm 应该在 .htacces 中显示为 rewritebase。如果您有疑问，请从 ADmin 重新生成 - 修复和重建。
2. 在 Admin->Oauth 令牌和客户端上生成 client_credentials（如果您有最新版本，则有 2 种类型，密码和客户端凭据类型）。
3. 使用 POST 到 api/oauth/access_token 测试客户端凭据 标头设置 Content-Type: application/vnd.api+json 和 Accept: application/vnd.api+json 以及 JSON 格式：

JSON（使用您创建的用户修改）：

{
    "grant_type":"client_credentials",
    "client_id":"a85a6faa-8379-40ea-0452-5c48b9bd9f2e",
    "client_secret":"myPass",
    "scope":"standard:create standard:read standard:update standard:delete standard:delete standard:relationship:create standard:relationship:read standard:relationship:update standard:relationship:delete"
    }

4. 您应该获得所需的授权标头。

类似：

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjA0NmNkZjcxYzg3YmM1ZTNiNWZjMjM5NTMzYjgzMzkzYmMyNmFiMTBiYTc3MWYzNTE1NTRiMWIxMWEzN2NhNGU4ZWRhOGQ0MWRmNWY3NmE2In0.eyJhdWQiOiJhODVhNmZhYS04Mzc5LTQwZWEtMDQ1Mi01YzQ4YjliZDlmMmUiLCJqdGkiOiIwNDZjZGY3MWM4N2JjNWUzYjVmYzIzOTUzM2I4MzM5M2JjMjZhYjEwYmE3NzFmMzUxNTU0YjFiMTFhMzdjYTRlOGVkYThkNDFkZjVmNzZhNiIsImlhdCI6MTU0ODI2OTg1OCwibmJmIjoxNTQ4MjY5ODU4LCJleHAiOjE1NDgyNzM0NTgsInN1YiI6IiIsInNjb3BlcyI6WyJzdGFuZGFyZDpjcmVhdGUiLCJzdGFuZGFyZDpyZWFkIiwic3RhbmRhcmQ6dXBkYXRlIiwic3RhbmRhcmQ6ZGVsZXRlIiwic3RhbmRhcmQ6cmVsYXRpb25zaGlwOmNyZWF0ZSIsInN0YW5kYXJkOnJlbGF0aW9uc2hpcDpyZWFkIiwic3RhbmRhcmQ6cmVsYXRpb25zaGlwOnVwZGF0ZSIsInN0YW5kYXJkOnJlbGF0aW9uc2hpcDpkZWxldGUiXX0.poxdke303wOVUvrpcmToUms0Sa2TWM_bo5_TmoyaegaFd1WlnEr0gxhyFT-XIkcdM9MhTJSP8VdsAVEf57UQlfzP9q8TuPk4P-fAZRxZMUFNjoglPpsluSIPVZ5drOaiuLNzaWcEIXMlYf-oPP3LUOc5OBc7y0RCoCOSocymplS_Ytt3MlIs_vM--aXb8cqfWNFto0UiJamQ19woSfqbC3t-zW8hAZs4rBLC9lY_DonozUmUVxPv7tryDz1I4jMK9EdAGRi-QKuOT02-IBt-ecSYRkw5mcBl_kLbrgOwOZc91QuooO4GmLS6efWmS7-RhCjngs1CBktvoFCuP1K_DA"
}

如果您仍然有问题，可能与 apache 剥离的标头有关，请将以下内容添加到 .htaccess

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Answer 2

以防万一有人偶然发现这个问题，这就是我解决问题的方法：

我使用了“旧”API 端点 <crm path>/service/v4/rest.php 和以下（工作，但已精简！）代码：

首先对 URL 进行一些小修改：

    protected function curl($url, $get) {
        $ch = curl_init();

        $header = array(
            // THIS IS DIFFERENT!
            'Content-type: application/vnd.api+json',
            'Accept: application/vnd.api+json',
         );

        $query = http_build_query($get);
        $url = $url.'?'.$query;

        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
        $output = curl_exec($ch);

        return $output;
    }

现在是验证码

    $restData = [
        'user_auth' => [
            'user_name' => getenv('CRM_USERNAME'),
            'password' => getenv('CRM_PASS_MD5'),
            'version' => '1.2'
        ]
    ];

    $get = [
        'method' => 'login',
        'input_type' => 'JSON',
        'response_type' => 'JSON',
        'rest_data' => json_encode($restData)
    ];

    $output = curl($apiURL, $get); //@todo Connect the Api URL!

    $data = json_decode($output);

    $secret = $data->id; // This is what you need 

现在举一个如何获取数据的例子：

    function getData($secret) {

        $restData = [
            'session' => $secret,

            //The name of the module from which to retrieve records
            'module_name' => 'Tasks',

            //The SQL WHERE clause without the word "where".
            'query' => "",

            //The SQL ORDER BY clause without the phrase "order by".
            'order_by' => "",

            //The record offset from which to start.
            'offset' => '0',

            //Optional. A list of fields to include in the results.
            'select_fields' => array(
                'id',
                'name',
                'title',
                'date_entered',
                'date_modified',
                'description',
                'date_start',
                'priority'
            ),

            /*
            A list of link names and the fields to be returned for each link name.
            Example: 'link_name_to_fields_array' => array(array('name' => 'email_addresses', 'value' => array('id', 'email_address', 'opt_out', 'primary_address')))
            */
            // 'link_name_to_fields_array' => array(
            // ),

            //The maximum number of results to return.
            'max_results' => '999',

            //To exclude deleted records
            'deleted' => '0',

            //If only records marked as favorites should be returned.
            'Favorites' => false,

        ];

        $get = [
            'method' => 'get_entry_list',
            'input_type' => 'JSON',
            'response_type' => 'JSON',
            'rest_data' => json_encode($restData)
        ];


        $output = curl($this->apiUrl, $get);

        $data = json_decode($output);}

        return $data->entry_list;

    }

以及如何设置数据的示例

function setData($issueId, $field, $newValue) {

    $restData = [
        'session' => $this->secret,

        //The name of the module from which to retrieve records
        'module_name' => 'Tasks',

        'name_value_list' => [
            [
                "name" => "id",
                "value" => $issueId
            ],
            [
                "name" => $field,
                "value" => $newValue
            ]
        ]
    ];

    $get = [
        'method' => 'set_entry',
        'input_type' => 'JSON',
        'response_type' => 'JSON',
        'rest_data' => json_encode($restData)
    ];

    $output = curl($apiUrl, $get);
    $data = json_decode($output);

    if (!$data) {
        throw new \Exception('CRM invalid response!');
    }

    return true;

}