RESTful Web2Lead Form

Harald Kuske —  April 24, 2014 — 6 Comments

If you create a Lead Form in Sugar, this Lead Form uses the entrypoint “WebToLeadCapture” with it’s full qualified web address
e.g. http://myCRMserver/index.php?entryPoint=WebToLeadCapture.

Using this generated form every visitor of your website is informed about the location of your CRM server. If you want to hide the address of the CRM server you should use a Lead Form which uses the web service interface of Sugar in a php script. So the address of your web server is not visible any more in the source code of your website.

The following article describes how to set up such a php page which uses the Lead Form generated in Sugar 7 with some extra code to enter leads via web service in Sugar.

Step 1: Create a “normal” Lead Form in Sugar 7


Drag and drop the fields you want to see in the Lead Form to the two possible columns.


Now configure your form and select the related campaign.


Beautify the form in the html editor…


…and generate the html code.


Step 2: Change the generated html code to a php REST code

Copy the html code of the generated Lead Form into an editor and copy the following lines of code before the first line of the Lead Form code:

 $rest = "http://myCRMserver/rest/v10"; // your crm server address
 $user = "user"; // userid of the webservice user
 $pass = "pass"; // and the password of user “user”
 $step = $_REQUEST["step"];
 if ($step=="") $step="1";
 if ($step=="1") // show the Lead Form

Now search the <form> line:

<form id="WebToLeadForm" action="http://myCRMserver/index.php?entryPoint=WebToLeadCapture" method="POST" name="WebToLeadForm">

and change it to the location of the new php lead form:

<form id="WebToLeadForm" action="http://myWebserver/myWebToLeadCapture.php?step=2" method="POST" name="WebToLeadForm">

http://myWebserver/myWebToLeadCapture.php” is only an example, you can store the new Lead Form in any location on your public web server.

Then add the following code to call the webservice interface at the end of the file:

   else // $step == "2" - generate the Lead
   $lead = $_REQUEST;
   $ignore = array("step","redirect_url","req_id"); // fields to be ignored
   foreach ($ignore as $key)
      unset($lead[$key]); // ignore the field
   $url = $rest . "/oauth2/token"; // login
   $oauth2_token_parameters = array(
      "grant_type" => "password",
      "client_id" => "sugar",
      "client_secret" => "",
      "username" => $user,
      "password" => $pass,
      "platform" => "base"
   $oauth2_token_result = call($url, '', 'POST', $oauth2_token_parameters);
   if (empty($oauth2_token_result->error))
      $url = $rest . "/Leads"; // enter Lead
      $post_lead_result = call($url, $oauth2_token_result->access_token, 'POST', $lead);

      $url = $rest . "/oauth2/logout"; // logout
      $oauth2_logout_result = call($url, $oauth2_token_result->access_token, 'POST');
      if (!empty($_REQUEST["redirect_url"])) // redirect
         header("Location: {$_REQUEST['redirect_url']}");
      print("<hr>THAT WAS NOT OK<hr>"); // login not successful

and the code for the function “call” which allows easy handling of RESTful webservices to Sugar:

 * call
* Generic function to make cURL request.
* @param $url - The URL route to use.
* @param string $oauthtoken - The oauth token.
* @param string $type - GET, POST, PUT. Defaults to GET.
* @param array $parameters - Endpoint parameters.
* @return mixed
function call($url, $oauthtoken='', $type='GET', $parameters=array())
   $type = strtoupper($type);
   $curl_request = curl_init($url);
   if ($type == 'POST')
      curl_setopt($curl_request, CURLOPT_POST, 1);
   elseif ($type == 'PUT')
      curl_setopt($curl_request, CURLOPT_CUSTOMREQUEST, "PUT");
   elseif ($type == 'DELETE')
      curl_setopt($curl_request, CURLOPT_CUSTOMREQUEST, "DELETE");
   curl_setopt($curl_request, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
   curl_setopt($curl_request, CURLOPT_HEADER, false);
   curl_setopt($curl_request, CURLOPT_SSL_VERIFYPEER, 0);
   curl_setopt($curl_request, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($curl_request, CURLOPT_FOLLOWLOCATION, 0);
   if (!empty($oauthtoken))
      $token = array("oauth-token: {$oauthtoken}");
      curl_setopt($curl_request, CURLOPT_HTTPHEADER, $token);
   if (!empty($parameters))
      //encode the parameters as JSON
      $jsonEncodedData = json_encode($parameters);
      curl_setopt($curl_request, CURLOPT_POSTFIELDS, $jsonEncodedData);
   $result = curl_exec($curl_request);
   //decode the response from JSON
   $response = json_decode($result);
   return $response;

Step 3: Save the new Lead Form to your webserver location, e.g.http://myWebserver/myWebToLeadCapture.php or any location, as mentioned already above.

There are two additional direct links to your crm server hidden in two JavaScript includes. Check if you need these includes and remove them from the Lead Form or provide the needed JavaScipt functions in your web server environment.

Step 4: Test the new Lead Form

If you call your new Lead Form http://myWebserver/myWebToLeadCapture.php you get the following lead capture screen:


Fill the field values and hit the Submit Button, you will be redirected to the redirect_url.


In your Sugar System you will se the newly generated Lead:


6 responses to RESTful Web2Lead Form


    it’s working on 6.5?


    I have to change just 3 variables right ?

    $rest = “………………../rest/v10”;
    $user = “user”;
    $pass = “pass”;

    How can i get $user,$pass from ?


      The values for “user” and “pass” are the values of any valid user of your installed system.
      If you set the value for “platform” in the oauth parameters to something else than “base”, e.g. “myapp” the user can login at the same time the web2lead is running.
      Otherwise he will be kicked out of the desktop application each time a lead is entered.


    $oauth2_token_parameters = array(
    “grant_type” => “password”,
    “client_id” => “sugar”,
    “client_secret” => “”,
    “username” => $user,
    “password” => $pass,
    “platform” => “base”

    How can I get “client_id” => “”, “client_secret” => “” from ?


      Just use “client_id” => “sugar”, “client_secret” => “”, you do not need any more.
      If you use the platform = base setting, the user will be logged out on easch lead entry.
      Just use any other value e.g. “myform” for platform.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s