We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

REST API (CRM Online) returns 404 for all endpoints ?

A request for the list of endpoints:

https://online.superoffice.com/Cust15864/api/v1/

works fine, but when I request any of them, fx:

https://online.superoffice.com/Cust15864/api/v1/Contact

The server responds 404 :-(

RE: REST API (CRM Online) returns 404 for all endpoints ?

Hi Henrik,

Would you mind sharing some details about your approach to accessing those resources? For instance, what approach are you using to manage authentication/authorization, i.e. Bearer or SOTicket? Any details more than a sad face will help the community help you.

EDIT: Here is a link to a SPA app that demonstrates both Bearer and SOTicket. Just change all references to Cust#### in the html and js file to yours. Hope this helps!

Best regards.

Av: Tony Yates 29. sep 2017

RE: REST API (CRM Online) returns 404 for all endpoints ?

I see your tenant is part of the upgrade wave running this evening, which means you will get the new fileset where we publish a fix for the AuthorizeWithTicket.If you take look at this url now: https://online.superoffice.com/Cust15864/api/ you will see under HTTP Authenticate Header that there's nothing:

HTTP Authenticate Header

SO-TimeZoneTime zone id.
  

After upgrade, it will look like 

HTTP Authenticate Header

 authentication. Pass the SuperOffice ticket (7T:abc123==) without any encoding.

SO-TimeZone

Av: Margrethe Romnes 29. sep 2017

RE: REST API (CRM Online) returns 404 for all endpoints ?

404 is not found. If the credentials is wrong it would expect 401 or 403?

Av: Henrik Høyer 2. okt 2017

RE: REST API (CRM Online) returns 404 for all endpoints ?

After your updates, I am now receiving 401 (Unautorized). 

The documentation (https://community.superoffice.com/webapi/rest#section/Authentication) states:

SuperOffice username:password are passed in Base64-encoded.

But the reply returned:

Use the HTTP
<code>Authorization</code> header to log in.
<br/>
<p>SOTICKET scheme with the SuperOffice ticket (7T:abc123==) without any encoding.</p>

Looks like you are (only) checking for a SO ticket?

 

 

 

Av: Henrik Høyer 2. okt 2017

RE: REST API (CRM Online) returns 404 for all endpoints ?

Hi Henrik,

documentation is open, but if you want to use the APIs you need to register an app for it. And it all starts in SOD, our development environment, and where the SPA example points to.

More info about getting started: https://community.superoffice.com/en/CRM-Online/Partners-and-App-Store/How-To-Develop-on-the-SuperOffice-Online-Platform/building-your-first-application/ 

 

App registration: https://community.superoffice.com/no/crm-online/Partners-and-App-Store/application-registration/app-registration/

Or custom app for one customer: https://community.superoffice.com/en/crm-online/Partners-and-App-Store/custom-apps/register-a-custom-app/

Av: Margrethe Romnes 2. okt 2017

RE: REST API (CRM Online) returns 404 for all endpoints ?

So a customer is not allowed to read his/her own data (tenant in the CRM Online) through the Rest API without registering a custom app?

I have (now) registered for a custom app. On the registration page there is no way to enter: "readonly access".

I have regsitered for a callback, but are planning to use the basic auth username:password mode

Av: Henrik Høyer 2. okt 2017

RE: REST API (CRM Online) returns 404 for all endpoints ?

Hello, we experience issues with our on premise installation.

https://_site_/SuperOffice/api/v1/contact/4

result we get is:

{ "Error": true, "ErrorType": "SecurityTokenNotYetValidException", "Message": "XSRF-TOKEN not set", "ErrorSource": "SuperOffice.Services.WebApi" }

Should we register as Partner and then register application to get access or something else is wrong?

Av: Boyan Yordanov 12. jan 2018

RE: REST API (CRM Online) returns 404 for all endpoints ?

Hi Boyan,

As seen at the bottom of the page in the documentation, it states:

If you call the API without specifying an Authorization header, then the API will try to log in using the current user's session. To avoid 3rd party pages calling the API and piggy-backing off the current session, the API requires that a special HTTP header is added to these requests.

The SM.web pages contain an INPUT field XSRF_TOKEN. This field contains a random value identifying the current session. You must add an X-XSRF-TOKEN header with the random value from the input field.

The XSRF-TOKEN is also stored in a cookie, just in case the input field is not available.

Hope this helps!

Av: Tony Yates 12. jan 2018

RE: REST API (CRM Online) returns 404 for all endpoints ?

Hi Tony,

Worked perfectly!

RTFM(Read The Fantastic Manual) 

Your help is appreciated!

Boyan

Av: Boyan Yordanov 16. jan 2018