I’m attempting to implement ‘headless’ access to the API.
The documentation indicates using either /api/method/login to get a cookie or using
/api/method/frappe.integrations.oauth2.authorize
and
/api/method/frappe.integrations.oauth2.get_token
Is it possible to use /api/method/frappe.integrations.oauth2.get_token with the grant_type = password and bypass the authorize step?
I have been able to retrieve the Bearer key by calling /api/method/frappe.integrations.oauth2.get_token directly, but when I populate the Authorization header and call
/api/resource/Sales%20Order
I’m redirected to a login screen
Anybody have postman examples of using the password flow and calling the API with the Bearer key?
Any DocType API call will do
Thanks
I’ve worked this out.
I have two different instances of ERPNext - one was a fresh install on Ubuntu1604, the 2nd was a bitnami VMWare VM.
I was using the bitnami instance because it comes pre-configured with https and I was struggling making that work on the fresh install.
When I switched to the self-install and used http vs https the GET call to
/api/resource/Sales%20Order with the header Authorize: Bearer retrieved_auth-key works as I expect.
Chalking this up to a bitnami oddity.
So, to sumarize:
Yes, the bearer key retrieved by a grant_type = password call to /api/method/frappe.integrations.oauth2.get_token
does in fact work when used to query SOs from /api/resource/Sales%20Order when passed into the Authorize header
Sorry for the geek-speak. Hopefully this is clear to someone working on OAuth2 API REST in ERPNext
4 Likes
Hello @mattlongfield,
Can you please, state how you managed to use password grant? I am unable to get it to work.