API with Token Based Authentication


I have trouble using the API with Token Based Authentication as described at:

I want to make API calls without Cookie Sessions.

I have checked that I have the ‘system manager’ role

I get the API Key and API Secret from ‘My Settings’:


I use Postman (Download Postman | Get Started for Free) to test and check my API calls, and I do the following request:

GET /api/resource/Customer HTTP/1.1
Content-Type: application/json
Accept: application/json
Authorization: Token bad123456789012:dc08fa78bd1209
User-Agent: PostmanRuntime/7.15.2
Cache-Control: no-cache
Postman-Token: 73e480fb-d808-4eb6-a9ee-b3316d31bbf9,29789231-d811-452c-ab60-90818ef947d4
Accept-Encoding: gzip, deflate
Connection: keep-alive
cache-control: no-cache

The response is "“User do not have doctype access via role permission”:

"_error_message": "Insufficient Permission for <b>Customer</b>",
"exc": "[\"Traceback (most recent call last):
File \\\"/home/paul/erpnext-11.1.38-0/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/app.py\\\", 
line 66, in application\\n    response = frappe.api.handle()\\n  File \\\"/home/paul/erpnext-11.1.38-0/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/api.py\\\", 
line 114, in handle\\n    doctype, **frappe.local.form_dict)})\\n  File \\\"/home/paul/erpnext-11.1.38-0/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/__init__.py\\\",
line 1032, in call\\n    return fn(*args, **newargs)\\n  File \\\"/home/paul/erpnext-11.1.38-0/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/client.py\\\", 
line 35, in get_list\\n    limit_start=limit_start, limit_page_length=limit_page_length, ignore_permissions=False)\\n  File \\\"/home/paul/erpnext-11.1.38-0/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/__init__.py\\\",
line 1260, in get_list\\n    return frappe.model.db_query.DatabaseQuery(doctype).execute(None, *args, **kwargs)\\n  File \\\"/home/paul/erpnext-11.1.38-0/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/model/db_query.py\\\",
line 42, in execute\\n    raise frappe.PermissionError(self.doctype)\\nPermissionError: Customer\\n\"]", "_server_messages": "[\"{\\\"message\\\": \\\"User do not have doctype access via role permission\\\"}\"]"


Can somebody tell me what I’m doing wrong?

client: macOS Mojave
server: Bitnami ERPNext instance (ERPNext Cloud Hosting, ERPNext Installer, Docker Container and VM)
ERPNext: version v12.x.x-develop () (develop)

Hi @rempargo

user https://www.base64encode.org/ and create a base64 code for “api_key:api_secret”.

Then in postman under headers add “Authorization” and value “Basic ” and try the api call again.

API_key: 1234567890
API_Secret: 0987654321

base64 string to encode: “1234567890:0987654321”
result: “MTIzNDU2Nzg5MDowOTg3NjU0MzIx”

Key: “Authorization”
Value: “Basic MTIzNDU2Nzg5MDowOTg3NjU0MzIx”

I hope this is clear…

Kind regards


Hello @hpema108,

I tried your suggested (Basic authentication with Base64 encoding of the API Keys and secret) approach on my own server, but that didn’t work.

I also tried your suggestion on an EPRNext Cloud instance, and that works well.

But when testing the Token Based Authentication on the ERPNext cloud instance, this still end up with errors. So I’m curious if any one out there has the ‘Token Based Authentication’ approach working.

So for now, I still have no method to do API calls on my own server. Any other suggestions why this doesn’t work?

Ok, I got both ‘Basic’ as well as ‘token’ based authentication working on the ERPNext cloud instance.

Working with ‘token’ based authentication, make sure the word ‘token’ is spelled in all small caps.

Authorization: token 100af4eb3faea54:a1124629ce5bf3b

Working with ‘Basic’ based authentication, make sure the word ‘Basic’ is written with one Capital letter and as @hpema108 mentioned, encode the API Key and API Secret to a base64 encoded string.

Authorization: Basic YmFkYjU4Zjk0NjhiNTQyOmZlMDNlYzNhNmY2NDlkZQ==


Great - I tested both approaches and it works.

Maybe we can add this to the help files somewhere under the api - if its not already there?

Edited: Found it … Token Based Authentication

Thanks for your solution , I got this after investing a lot of time , it worked by following your base64 encoded. I will look into more details , however if it really a need for postman , then we can expect that it should be mentioned in frappe docs

nice solution :slight_smile:

Token base auth is not working for Admin. Is there any solution?

Are you using token auth for a user?