ERPNext Foundation ERPNext Cloud User Manual Blog Discuss Frappé* Donate

Securing REST API calls?


#1

Hello,

I am investigating about calling ERPNext API’s in order to get quotation data and populate an Excel sheet.

To test, I have just called https://erp.server.com/api/resource/Quotation/{name} and voilà, all quotation information, in JSON format, was displayed.

I think API calls should be secured in some way, or every person, by knowing the name and type of the document, could get confidential information.

By reading documents, I did not find if this issue was already solved.

Regards
Jaime


#2

@Jaime_Stuardo it’s secure, but if you try directly in your browser, it will not look as that, because probably you’re already logged in into the system, and the browser share all the sessions between tabs for the same URL.


#3

You are absolutely right! I opened a different browser and REST API throws a forbidden error. Thanks!