CSRF Token in API Call from Postman


How can we generate csrf_token from outside frappe when doing a POST API call? I know there are multiple threads for it but none of it describes how to generate the token if you are not inside frappe.


1 Like

You can’t get the CSRF token outside of the frappe. Please check this link for more insight into the CSRF token https://stackoverflow.com/a/33829607

Thanks @ManasSolanki for the reply. So what is the way for some other system to talk to ERPNext if not REST API. Or how can we generate CSRF token dynamically for somebody who want to push data to ERPNext

You can use OAuth2
Check this discussion Android Frappe Authenticator

@MaysaaSafadi doesn’t the ideal way to connect outside system is REST API? Why can’t we send a CSRF_Token as part of login response which can be used later for other calls?

I achieved this by sending CSRF_token as part of login response.

I am looking at how to do this as well from another program. How did you send the token as part of the login? I kinda want to just take the token out of frappe

could you show us how to do it? Thanks

To test whether it works, I have added one line in frappe/auth.py:

Line No. 163

frappe.response["csrf_token"] = frappe.generate_hash()

It will return csrf_token as part of login response.

1 Like

And then you use it in the Postman to further do calls to REST?

but OAuth2 already generate a token , that you can using it with all requests

1 Like

Now you can either use POSTMAN or from any technology.

Can you explain your approach plz?

You mean part of the body?