Hello,
I am investigating about calling ERPNext API’s in order to get quotation data and populate an Excel sheet.
To test, I have just called https://erp.server.com/api/resource/Quotation/{name} and voilà, all quotation information, in JSON format, was displayed.
I think API calls should be secured in some way, or every person, by knowing the name and type of the document, could get confidential information.
By reading documents, I did not find if this issue was already solved.
Regards
Jaime