Customer Role Issue In API

Hello,
We are trying to use your API but getting the error. So we are mentioning the CURL request and error response. So please check it and let us know the issue.

$curl = curl_init();

curl_setopt_array($curl, array(
CURLOPT_URL => "https://demo.erpnext.com/api/resource/Customer",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_HTTPHEADER => array(
"Authorization: Token demo:demo",
"Content-Type: application/json",
"Accept: application/json"
),
));

$result = json_decode(curl_exec($curl), 1);

$err = curl_error($curl);

curl_close($curl);
[exc] => ["Traceback (most recent call last):\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/app.py\", line 60, in application\n response = frappe.api.handle()\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/api.py\", line 120, in handle\n doctype, **frappe.local.form_dict)})\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/__init__.py\", line 1051, in call\n return fn(*args, **newargs)\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/client.py\", line 35, in get_list\n limit_start=limit_start, limit_page_length=limit_page_length, ignore_permissions=False)\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/__init__.py\", line 1287, in get_list\n return frappe.model.db_query.DatabaseQuery(doctype).execute(None, *args, **kwargs)\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/model/db_query.py\", line 43, in execute\n raise frappe.PermissionError(self.doctype)\nfrappe.exceptions.PermissionError: Customer\n"]
[_server_messages] => ["{\"message\": \"User Guest does not have doctype access via role permission for document Customer\"}"]
[_error_message] => Insufficient Permission for Customer

Thanks!

The user named Guest lacks a role that has permissions for reading the doctype Customer. Hence login into ERPNext, allot this user a role that has Read permissions on Customer doctype and you should be able to try a GET again.

There is no user ‘guest’. There is only one system user. So please let us know in detail.

Guest is inbuilt user with limited permissions such as website visitor is guest who have not authenticated yet.

So when you are using API, Admin user or any user for which you have enabled API access must have access role / rights assigned before the user make request to any resource using API.

Please check if you are able to authenticate first using that user which has API access enabled in Frappe/ERPNext.

Then find out if that user is other than Administrator, then does user have necessary access role or permission set.
If no role/permission then create it first for that user and then try again using API.

1 Like

We have tried the API api/method/login and got the success response but when trying to use /api/resource/Customer, getting the same response. So my question is, how can we change the guest user to admin user while calling this API?

Any update?

You can’t change the guest user to admin user. Make a new user with roles for the doctyoes you want. And user that user to login and perform operations


Checkout

How can we get_list Website Items without any session? We’re trying different things and this came as one of the requirements. Do we have to create a user and generate API keys for our 3rd party software to list public items such as website items?