Token Based Authentication
Available starting with v11.0.3
The HTTP Authorization request header contains the credentials to authenticate a user with a server. It consits of the authorization type (token or Basic) and the corresponding token.
Authorization:
The token consists of api-key and api-secret, joined by a colon. Check Guides / Integration / How To Set Up Token Based Auth to see how to generate api-key and api-secret.
There are two types of authorization: token and Basic:
Token
HTTP header:
Authorization: token :
Example in python:
import requests
url = "http://frappe.local:8000**/api/method/frappe.auth.get_logged_user**"
headers = {
'Authorization': "token :"
}
response = requests.request("GET", url, headers=headers)
Basic
If the "Basic" authentication scheme is used, the credentials are a combination of api_key and api_secret and are constructed like this:
- The username and the password are combined with a colon (api_key:api_secret).
: - The resulting string is base64 encoded.
base64encode(:)
HTTP header:
Authorization: Basic base64encode(:)
Example in python:
import requests
import base64
url = "http://frappe.local:8000**/api/method/frappe.auth.get_logged_user**"
headers = {
'Authorization': "Basic %s" % base64.b64encode(:)
}
response = requests.request("GET", url, headers=headers)
Access Token
If the OAuth 2 Access Token is used to authenticate equest, the token is opaque access_token string provided by Frappe Server after setting up OAuth 2 and generating token. Check Guides / Integration / How To Use OAuth 2
HTTP header:
Authorization: Bearer access_token
Example in python:
import requests
import base64
url = "http://frappe.local:8000**/api/method/frappe.auth.get_logged_user**"
headers = {
"Authorization": "Bearer %s" % access_token
}
response = requests.request("GET", url, headers=headers)