How to do a POST request from an external App?

I want to acquire chart data so I can put them in an external app’s charts. I had to use Fiddler because none of those apis are documented anywhere.

I’ve tried the following in POSTMAN, it’s all working fine (after logging in there):

However, in my app, I am doing the following (just testing, mind the path):

I don’t understand how it can be working in postman, but not in the browser. Note that all GET calls are working fine in my app.

I’ve searched for that “CSRFTokenError” , and I’ve found only very old and few threads about it, some said that I shall pass “X-Frappe-CSRF-Token” as a POST param to the api, but I have NO IDEA how to acquire this token in the client side. Someone else mentioned that we shall “whitelist” this param, but it’s not clear WHERE, and the thread is very old anyway.

Did anyone was able to achieve POST calls from outside to erpnext? and WHY postman doesn’t need this X-Frappe-CSRF-Token param?

1 Like

The only workaround I could find was to modify the source code of eprnext (auth.py) and I added a line frappe.response[“csrf_token”] = frappe.local.session.data.csrf_token in order to be able to retrieve this token in client, then I passed it as header param (X-Frappe-CSRF-Token) to the post requests.

That compromises security tho; can’t think of another way.

Note: I am using a develop env.