Problems Accessing Api from a external website

Hi.
I’m creating a dashboard to have a better view of my datas.
The problem is that when I’m trying to call the api from this external website I’m receiving an authorization error.
What should I do in this case?

My code is :
var carregarVendedores = function(){
$.ajax({
url : ‘https://mlintercambios.erpnext.com/api/resource/Vendedores?fields=[“vendedor_nome”, “vendedor_email”]’,
dataType: ‘text’,
type: ‘POST’,
contentType: ‘application/json’,
beforeSend: function(xhr){
xhr.setRequestHeader(
“X-CSRF-Token”, “Fetch”
);
},success: function(data){
console.log(data);
}, error: function(error){
console.log(error);
}
});
}

When I try to do this I receive a 403 error and the message is : you’ve no authorization to access this page.

I don’t know whether possibly this may help - all I know is that is revant_one is knowledgable here!

hi @clarkej
I’m still having some errors trying to get the token, could you help me with this?
When I try to access this URL : https://mlintercambios.erpnext.com/api/method/frappe.integrations.oauth2.get_token
it’s returning me an error with this object :
{
error: “unsupported_grant_type”
}

Do you know what should I do?
@ManasSolanki could you help me with this, please?

Reading this :
[POST] 0.0.0.0:8000/api/method/frappe.integrations.oauth2.get_token Params: grant_type = “authorization_code” code = redirect_uri = client_id =

Where can I get all this information?
Sorry for not having this knowledge, but I’ve seen a lot of posts without full conclusion.

The first attempt you made was post request, without having any cookie/auth header. You’ve to be signed in with the user to access resource.

Instead of using javascript to make request from client side, it is recommended to make request from server side (php/python/rails/java/etc). It will avoid CORS and keep credentials safe.

The second method is modern approach by using OAuth 2.0:
read “How to setup OAuth?” and “Using OAuth” from following link.

https://frappe.io/docs/user/en/guides/integration

By using OAuth 2.0. Users can choose to revoke access to the third party app.