ERPNext WebHooks

Is it possible to connect or synchronize to different ERPNext Server using webhooks?

2 Likes

what about login in web hook for different server?

@revant_one I am also trying to achieve something similar what is the way to do it? How do we send the login details?

-Amit

@Amit_Saxena
Acheived.

Can you share the steps you did to achieve the same?
-Amit

@Amit_Saxena
I did manual login thought code on other server or another way is you can make API allow_guest.

Thanks @bhavikpatel7023 for your reply. How did you do a manual login?

@frappe.whitelist(allow_guest=True)
def createSalesOrder(data):
    company=json.loads(data)
    logging.warning("Json Data="+json.dumps(company))
    from frappe.auth import LoginManager
    login_manager = LoginManager()
    login_manager.authenticate("Administrator","admin")
    login_manager.post_login()
    logging.warning("login info="+str(login_manager.info))

I’ll avoid something like this

@frappe.whitelist(allow_guest=True)
def createSalesOrder(data):
    # ....
    login_manager = LoginManager()
    login_manager.authenticate("Administrator","admin")
    # ....

this means all guest login as admin for this particular endpoint?

@revant_one
yes, but we can create separate user for that. I just gave example of login.

@revant_one Thanks for your reply. I am trying to separate the ERP portal from main server. The idea is to have two servers one (ERP_A) is the main server which is secure and is not accessible outside. The second one(ERP_B) has the basic data and can be accessed from anywhere. ERP_B can access ERP_A . If a supplier for instance logs into the portal ERP_B and makes a Quotation, it should be get updated automatically on ERP_A.

I am trying to achieve this through webhooks but without changing anything in code. Now :

  1. Is it possible to do without whitelisting the methods ?

  2. How do we authenticate? I have tried to login using Frappe Social Login and do it. Whereas I am able to login but after that nothing happens when I submit the quotation.

I will appreciate your help and reply in this regard.

regards,

Amit

It is possible using unmodified ReST API. You’ll have to give it a thought, also check if existing whitelisted methods can be used.

Keeping a single webhook_api_{date|version}.py on your receiving end will be way easier and easy to manage. Keep all the whitelisted functions here.

For webhook security add header with shared api key which can be verified at receiving end.

  • This key can be access_token (which can expire after 3months?) and if sent with header Authorization: Bearer abc123 will work!
  • Any other key you need to customise receiving end

Note: if you manage to find a generic solution to keep refreshing this token (first point) do share it on issue/PR

Social Login uses OAuth 2.0 Bearer Token. It is required for User authorised access to resource on restricted server.
It can be used for more complex integrations where user has to access resource respecting user’s role/permissions and without using allow_guest=True

1 Like