Getting trouble with autheticate with Administrator api_key and api_secret

fahad-bt · September 22, 2023, 12:56pm

Hi All,

I am getting trouble with authenticate the REST API with the Administrator (API_KEY, API_SECRET).
I generated these from the user settings module and put it into the headers of the api but I’m getting this issue.

{
   "exc_type": "PermissionError",
   "exception": "frappe.exceptions.PermissionError: <details><summary>You are not permitted to access this resource.</summary>Function <strong>frappe.auth.get_logged_user</strong> is not whitelisted.</details>",
   "exc": "[\"Traceback (most recent call last):\\n  File \\\"apps/frappe/frappe/app.py\\\", line 94, in application\\n    response = frappe.api.handle()\\n  File \\\"apps/frappe/frappe/api.py\\\", line 54, in handle\\n    return frappe.handler.handle()\\n  File \\\"apps/frappe/frappe/handler.py\\\", line 47, in handle\\n    data = execute_cmd(cmd)\\n  File \\\"apps/frappe/frappe/handler.py\\\", line 82, in execute_cmd\\n    is_whitelisted(method)\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 781, in is_whitelisted\\n    throw(msg, PermissionError, title=\\\"Method Not Allowed\\\")\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 534, in throw\\n    msgprint(\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 502, in msgprint\\n    _raise_exception()\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 451, in _raise_exception\\n    raise raise_exception(msg)\\nfrappe.exceptions.PermissionError: <details><summary>You are not permitted to access this resource.</summary>Function <strong>frappe.auth.get_logged_user</strong> is not whitelisted.</details>\\n\"]",
   "_server_messages": "[\"{\\\"message\\\": \\\"<details><summary>You are not permitted to access this resource.</summary>Function <strong>frappe.auth.get_logged_user</strong> is not whitelisted.</details>\\\", \\\"title\\\": \\\"Method Not Allowed\\\", \\\"indicator\\\": \\\"red\\\", \\\"raise_exception\\\": 1}\"]"
}

here is the URL I am using for that

{{base_url}}/api/method/frappe.auth.get_logged_user

bharat_Suthar · September 26, 2023, 10:21am

Seems like your not passing API credentials as expected.

Raw

curl http://YOUR_SITE/api/resource/Note \
    -H 'Authorization: token key:secret'

Base64 encoded

you need to pass them as basic authentication.
ie. Base64-encoded your “{API-KEY}:{API-SECRET}” and pass it as your request authorization header.

# you can also use browser to encode

copy(btoa("KEY:SECRET")) # copy encoded token

Use the above copied secret in your request as follows

curl http://YOUR_SITE/api/resource/Note \
    -H 'Authorization: Basic ENCODED_TOKEN'

Colin_Vander_Veen · January 22, 2024, 9:35pm

I am struggling with the same problem. Can’t get ‘token’ or ‘Bearer’ to work. The only way in via API is by posting to ‘/api/method/login’ with usr and pwd parameters and store the SID as a cookie. But I don’t want to create and reuse a session. I just want to authenticate once during method.