Oauth2 grant_type password flow

I’m attempting to implement ‘headless’ access to the API.
The documentation indicates using either /api/method/login to get a cookie or using

Is it possible to use /api/method/frappe.integrations.oauth2.get_token with the grant_type = password and bypass the authorize step?

I have been able to retrieve the Bearer key by calling /api/method/frappe.integrations.oauth2.get_token directly, but when I populate the Authorization header and call
I’m redirected to a login screen

Anybody have postman examples of using the password flow and calling the API with the Bearer key?
Any DocType API call will do


I’ve worked this out.

I have two different instances of ERPNext - one was a fresh install on Ubuntu1604, the 2nd was a bitnami VMWare VM.
I was using the bitnami instance because it comes pre-configured with https and I was struggling making that work on the fresh install.

When I switched to the self-install and used http vs https the GET call to
/api/resource/Sales%20Order with the header Authorize: Bearer retrieved_auth-key works as I expect.
Chalking this up to a bitnami oddity.

So, to sumarize:
Yes, the bearer key retrieved by a grant_type = password call to /api/method/frappe.integrations.oauth2.get_token
does in fact work when used to query SOs from /api/resource/Sales%20Order when passed into the Authorize header

Sorry for the geek-speak. Hopefully this is clear to someone working on OAuth2 API REST in ERPNext


Hello @mattlongfield,
Can you please, state how you managed to use password grant? I am unable to get it to work.