Let the platform do the work

REST API

Overview

v10 - v11.21 API documentation.

What Is REST?

REST stands for 'Representational State Transfer'. As of 7.x, REST is a core component of Sugar that defines how all information is exchanged within the application. The v10+ API is separate from the v1 - v4_1 REST APIs in that it has been rebuilt with the latest REST standards. Most functionality in the system, whether fetching or posting data, is interacting with the API in some way.

Getting Started

How to Access the REST Service

The base endpoint for the REST service can be found at https://<site_url>/rest/v{version}/.

Note: version refers to the version of the API you are accessing.

For your reference, the help documentation for all versioned endpoints can be found by navigating to https://<site_url>/rest/v{version}/help. Once you have identified your instance's base endpoint, we can begin by authenticating.

Authentication

Sugar uses two-legged OAuth2 for authentication. You simply need to do a POST to /rest/<version>/oauth2/token with the following parameters:

grant_type String Type of request. Available grant types are "password" and "refresh_token".
client_id String The client_id of "sugar" will automatically create an OAuth Key in the system and can be used for "password" authentication. The client_id of "support_portal" will create an OAuth Key if the portal system is enabled and will allow for portal authentication. Other client_id's can be created by the administrator in the OAuthKeys section in the Administration section and can be used in the future for additional grant types, if the client secret is filled in, it will be checked to validate the use of the client id.
client_secret String The client's secret key.
username String The username of the user authenticating to the system.
password String The plaintext password the user authenticating to the system.
platform String Defaults to "base" allows you to have custom meta-data per platform. If using a value other than "base", you should make sure it is registered using the Platform extension or configure an API platform in Administration panel.

First, we are going to log in using a grant_type of "password" and a platform of "custom". Normally, when logging into Sugar, users log in with a platform type of "base". We are using "custom" to avoid any potential login conflicts.

  curl -X POST -H Cache-Control:no-cache -H "Content-Type: application/json" -d '{ 
    "grant_type":"password", 
    "client_id":"sugar", 
    "client_secret":"", 
    "username":"<username>", 
    "password":"<password>", 
    "platform":"custom" 
}' https:/<site_url>/rest/<version>/oauth2/token

Once you get the response you will need to hold onto the access_token and the refresh_token. Anytime the access_token is invalidated, you will want to make another request to the token endpoint with a grant_type of "refresh_token". Store just the refresh_token in long-term storage – not the username and password. The response from the server will be as follows:

  {
    "access_token": "5ee48ec7-023e-ecff-5184-530bd0358868",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": null,
    "refresh_token": "5f197357-0167-f7a6-7912-530bd03275b6",
    "refresh_expires_in": 1209600,
    "download_token": "5f531625-e301-e3ea-1b11-530bd098be41"
}

Avoiding Login Conflicts

Login conflicts often occur when building integrations or running data migrations with the platform of "base" or any other client type that is in use. This is due to the fact that Sugar uses the same REST API to power all the various clients such as Sugar, Portal, Mobile, and even the Outlook Plugin. Due to this, you need to let the API know you aren't conflicting with another client that may be in use. The way to accomplish this is the /rest/<version>/oauth2/token call by changing the platform parameter to something other than "base", "mobile", or "portal". It is best to name it something that describes and identifies your current integration.

Input / Output Data Types

The default input / output datatype for REST is JSON.

Date Handling

Date and date time inputs should be formatted following the ISO 8601 format. If the time zone is not included in a request, Sugar will assume the time zone of the user making the request.

Filter on a specific date:

  {
    "date_start": "2015-08-12"
}

Filter on a date keyword using $dateRange:

  {
    "date_start": {
        "$dateRange": "today"
    }
}

Filter on date range using manual time zones:

  {
    "date_start": {
        "$dateBetween": [
            "2015-09-10T00:00:00+10:00",
            "2015-09-10T23:59:59+10:00"
        ]
    }
}