Permission Error Using Token Based Auth on REST API

Hai Guys, I Found Some Issue about POST Image To ERPNext using Rest API.

My case, im already create @frappe.whitelist method to upload image using python request here my code.

def import_profil_image(cmd,doctype,docname,filename,isprivate,filedata,from_form):
  url = ""
  payload = {'cmd': cmd, 
            'doctype': doctype,
            'docname': docname,
            'filename': filename,
            'isprivate': isprivate,
            'filedata' : filedata,
            'from_form' : from_form}
  headers = {"Content-type": "multipart/form-data"}
  res =,data = json.dumps(payload), headers=headers)
  return res.json()

this is postman response when im post that method using default login method by erpnext

  1. Default Login Method

  2. Postman Upload Image

  3. Response Status

in case above, i success to upload image to ERPNext… but when im using token authentication response is 403 Forbidden ( Not Permitted) Output is like screenshoot below

  1. Postman Post

  2. Response Output

its something wrong with my code or something else ? can anyone help me to solve this issue ?


When you’re using token based auth, can you share what headers you’re setting? Can you also share screenshot of Headers section from Postman. Look at this related post, in this case the issue was typo with token {OP had used Token instead of token}

im sorry about that, this is my header setting


up up up still stuck at this point

Hi Mogul, i ran into a similar problem and it turns out i was entering the authorization header in the parameter. from your screenshot it looks like the authorization head is not activated (not ticket). Check that it might be it.