Permission Error Using Token Based Auth on REST API

Hai Guys, I Found Some Issue about POST Image To ERPNext using Rest API.

My case, im already create @frappe.whitelist method to upload image using python request here my code.

@frappe.whitelist()
def import_profil_image(cmd,doctype,docname,filename,isprivate,filedata,from_form):
  url = "http://xxx.xxx.com/api/method/run_custom_method"
  payload = {'cmd': cmd, 
            'doctype': doctype,
            'docname': docname,
            'filename': filename,
            'isprivate': isprivate,
            'filedata' : filedata,
            'from_form' : from_form}
  headers = {"Content-type": "multipart/form-data"}
  res = requests.post(url,data = json.dumps(payload), headers=headers)
  return res.json()

this is postman response when im post that method using default login method by erpnext

1. Default Login Method
   

   

   bug%204956×323 17.9 KB

2. Postman Upload Image
   

   

   bug%207%20edit943×432 30.7 KB

3. Response Status
   

   

   bug%206884×436 57.5 KB

in case above, i success to upload image to ERPNext… but when im using token authentication response is 403 Forbidden ( Not Permitted) Output is like screenshoot below

1. Postman Post
   

   

   bug1957×472 36.2 KB

2. Response Output
   

   

   bug2954×420 63.9 KB

its something wrong with my code or something else ? can anyone help me to solve this issue ?

Thanks

When you’re using token based auth, can you share what headers you’re setting? Can you also share screenshot of Headers section from Postman. Look at this related post, in this case the issue was typo with token {OP had used Token instead of token}

im sorry about that, this is my header setting

bug%20param%20header1031×281 14.9 KB

deleted

up up up still stuck at this point

Hi Mogul, i ran into a similar problem and it turns out i was entering the authorization header in the parameter. from your screenshot it looks like the authorization head is not activated (not ticket). Check that it might be it.