Authorization of API using the Bearer token

Hello Everyone,

I am creating the API for my system. So I have created the API following the document and also created the OAuth Bearer Token.

But the problem is I don’t know how to validate the token when using the API. Like when I use the login method API in the Post method, it is directly working without the OAuth Bearer Token. So I want to validate that every time it must be verified.


Guide me on this and thanks in advance


Use the following:

HTTP header:

Authorization: token <api_key>:<api_secret>

I want to try it with the Access Token.

I have created the API which I can access without validating the token.

Frappe will validate the token. If token is valid, it will set the frappe.session.user to the one from token.

Works like any other whitelisted endpoint.

To verify user identity make GET request with valid token to /api/method/frappe.integrations.oauth2.openid_profile.

For seamless refresh, While storing token store the expiration time. create a function for get_active_token() refer Connected App code. It will fetch the token from cache, check if it is valid, get a refreshed one and update cache if needed.