Let the platform do the work
SugarClubContact+1 (877) 842-7276

How to Authenticate and Log Out

Overview

An example in bash script on how to authenticate and logout of the v11 REST API using the /oauth2/token and /oauth2/logout POST endpoints.

Authenticating

The example below demonstrates how to authenticate to the REST v11 API. It is important to note that the oauth2 token arguments takes in several parameters that you should be aware of. The platform argument tends to cause confusion in that it is used to authenticate a user to a specific platform. Since Sugar only allows 1 user in the system at a time per platform, authenticating an integration script with a platform type of "base" will logout any current users in the system using those credentials. To work around this, your custom scripts should have a new platform type specified such as "custom_api" or any other static text you prefer. The client_id and client_secret parameters can be used for additional security based on client types. You can create your own client type in Admin > OAuth Keys. More information can be found in the /oauth2/token documentation. An example script is shown below:

  curl -X POST -H Cache-Control:no-cache -H "Content-Type: application/json" -d '{ 
 "grant_type":"password",
 "client_id":"sugar",
 "client_secret":"",
 "username":"admin",
 "password":"password",
 "platform":"custom_api"
}' https://{site_url}/rest/v11/oauth2/token

Response

The data received from the server is shown below:

  {
   "access_token":"c6d495c9-bb25-81d2-5f81-533ef6479f9b",
   "expires_in":3600,
   "token_type":"bearer",
   "scope":null,
   "refresh_token":"cbc40e67-12bc-4b56-a1d9-533ef62f2601",
   "refresh_expires_in":1209600,
   "download_token":"cc5d1a9f-6627-3349-96e5-533ef6b1a493"
}

Logout

To log out of a session, a request can be made to the  /oauth2/logout POST endpoint. More information can be found in the /oauth2/logout documentation. An example extending off of the above authentication example is shown below:

  curl -s -X POST -H OAuth-Token:<access_token> -H Cache-Control:no-cache https://{site_url}/rest/v11/oauth2/logout

Response

The data received from the server is shown below:

  {
    "success":true
}