I am issuing the following login API request (using Fiddler) to a Sugar 6.5.4 server, and all I ever get back with a POST request is the documentation for SugarWebServiceImplv4_1.php. I expect to get a JSON response with the session ID (or an error?).

What am I doing wrong?

I have tried the v2, v2.1, v3, v3.1, v4, and v4.1 service URLs; all issue their respective documentation as the response.

Request

POST HTTP/1.1 Accept: application/json Host: sugarserver Content-Length: 180 Expect: 100-continue Connection: Keep-Alive method=login&input_type=JSON&response_type=JSON&rest_data={"user_auth":{"user_name":"username","password":"md5passwd"},"application_name":"test"} 

Response

HTTP/1.1 200 OK Date: Fri, 20 Jun 2014 17:39:16 GMT Server: Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1 X-Powered-By: PHP/5.3.5 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html Content-Length: 39895 <pre>/** * SugarWebServiceImplv4_1.php * * This class is an implementation class for all the web services. Version 4_1 adds limit/off support to the * get_relationships function. We also added the sync_get_modified_relationships function call from version * one to facilitate querying for related meetings/calls contacts/users records. * */ Class [ <user> class SugarWebServiceImplv4_1 extends SugarWebServiceImplv4 ] { ... 

If, on the other hand, I send a GET request, then I get a valid response. Why is POST not working?

With a POST, I can't move the rest_data parameter -- or the raw JSON object without the rest_data parameter name -- into the request body, both cause an "Invalid Login" JSON response.

Request

GET HTTP/1.1 Accept: application/json Host: sugarserver Connection: Keep-Alive 

Response

Date: Fri, 20 Jun 2014 20:56:05 GMT Server: Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1 X-Powered-By: PHP/5.3.5 Set-Cookie: PHPSESSID=redacted; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 967 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html {"id":"redacted","module_name":"Users","name_value_list"...} 

2 Answers

Ugh - it was the content-type on the request. It must be set for a URL-encoded form, then a POST request works.

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Try hitting your server over http instead of https and see what that does... otherwise, hit the endpoint with your browser like just to see if you get JSON back or what... when I try that on my production server, I get a JSON-encoded error message:

{"name":"Invalid Login","number":10,"description":"Login attempt failed please check the username and password"} 
1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.