SugarCRM SupportDocumentationSugar DeveloperSugar Developer Guide 7.9IntegrationWeb Servicesv10



v10 API documentation.

What Is REST?

REST stands for 'Representational State Transfer'. As of 7.x, REST is a core component of Sugar that defines how all information is exchanged within the application. This v10 API is separate from the v2-v4_1 REST APIs in that it has been rebuilt with the latest REST standards. Most functionality in the system, whether fetching or posting data, is interacting with the API in some way.

Getting Started

How to Access the v10 REST Service

The base endpoint for the v10 REST service can be found at:


For your reference, all v10 endpoints can be found by navigating to http://<site_url>/rest/v10/help. Once you have identified your instance's base endpoint, we can begin by authenticating.


Sugar 7 uses two-legged OAuth2 for authentication. You simply need to do a POST to /rest/v10/oauth2/token with the following parameters:

grant_type String Type of request. Available grant types are "password" and "refresh_token".
client_id String The client_id of "sugar" will automatically create an OAuth Key in the system and can be used for "password" authentication. The client_id of "support_portal" will create an OAuth Key if the portal system is enabled and will allow for portal authentication. Other client_id's can be created by the administrator in the OAuthKeys section in the Administration section and can be used in the future for additional grant types, if the client secret is filled in, it will be checked to validate use of the client id.
client_secret String The client's secret key.
username String The username of the user authenticating to the system.
password String The plaintext password the user authenticating to the system.
platform String Defaults to "base" allows you to have custom meta-data per platform. This parameter should be an identifiable string. Do not use random GUIDS or changing variables. Doing so may result in large ./cache directories.

First, we are going to login using a grant_type of "password" and a platform of "custom". Normally, when logging into Sugar, users login with a platform type of "base". We are using "custom" to avoid any potential login conflicts.

curl -X POST -H Cache-Control:no-cache -d '{ 
}' http:/<site_url>/rest/v10/oauth2/token

Once you get the response you'll need to hold onto the access_token and the refresh_token. Anytime the access_token is invalidated, you'll want to make another request to the token endpoint with a grant_type of "refresh_token". Store just the refresh_token in long term storage – not the username and password. The response from the server will be as follows:

    "access_token": "5ee48ec7-023e-ecff-5184-530bd0358868",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": null,
    "refresh_token": "5f197357-0167-f7a6-7912-530bd03275b6",
    "refresh_expires_in": 1209600,
    "download_token": "5f531625-e301-e3ea-1b11-530bd098be41"

Avoiding Login Conflicts

Login conflicts often occur when building integrations or running data migrations with the platform of "base" or any other client type that is in use. This is due to the fact that Sugar uses the same REST API to power all the various clients such as Sugar, Portal, Mobile, and even the Outlook Plugin. Due to this, you need to let the API know you aren't conflicting with another client that may be in use. The way to accomplish this is the /rest/v10/oauth2/token call by changing the platform parameter to something other than "base", "mobile", or "portal". It is best to name it something that describes and identifies your current integration.

Input / Output Data Types

The default input / output datatype for REST is JSON.

Date Handling

Date and date time inputs should be formatted following the ISO 8601 format. If the time zone is not included in a request, Sugar will assume the time zone of the user making the request.

Filter on a specific date:

{"date_start": "2015-08-12"}

Filter on a date keyword using $dateRange:

{"date_start": {"$dateRange": "today"}}

Filter on date range using manual time zones:

{"date_start": {"$dateBetween": ["2015-09-10T00:00:00+10:00","2015-09-10T23:59:59+10:00"]}}



  • Endpoints

    The following sections contain the in-app help documentation for endpoints.

  • Extending Endpoints

    How to add your own custom endpoints to the REST API.

  • API Exceptions

    Sugar comes with some predefined API Exceptions, located in ./include/api/, that can be called from API endpoints. These exceptions return a specific HTTP code and a message.

  • Examples

    Examples of integrating with Sugar APIs.

Last modified: 07/31/2017 07:35pm