Rest api permission error

When i use api something like this /api/resource/DocType
and it show

plz help me how to use api thanks.


You need to be logged in to to ERPNext to access the API or use the API to login like so


You can find all the details here:


it’s works!

Hi Said,

What is the point of having authenticate method if the API requires the use of login method? I thought authenticate is the alternative way to use the API but it appears it is not working. I’m getting the following error:

“exc”:“["Traceback (most recent call last):
\n File \"/opt/bitnami/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/\", line 64, in application
\n response = frappe.api.handle()
\n File \"/opt/bitnami/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/\", line 59, in handle
\n return frappe.handler.handle()
\n File \"/opt/bitnami/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/\", line 24, in handle
\n data = execute_cmd(cmd)
\n File \"/opt/bitnami/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/\", line 61, in execute_cmd
\n is_whitelisted(method)
\n File \"/opt/bitnami/apps/erpnext/htdocs/frappe-bench/apps/frappe/frappe/\", line 71, in is_whitelisted
\n raise frappe.PermissionError(‘Not Allowed, {0}’.format(method))
\nfrappe.exceptions.PermissionError: Not Allowed, <function get_logged_user at 0x7f2089d60680>
\n"]”,“_server_messages”:“["{\"message\": \"Not permitted\"}"]”

Please advise.


Also, there is a brief mention here about “authenticate with bearer token only”. How do we make the ERPNext work with the supplied token and not require login method to use the API ?

Hi @COZYROC, did you check the docs on oauth2?

Hi Raffael,

Yes, I have reviewed all the documentation and I have also implemented the OAuth authentication but it is also not working and failing with the same error message. I have suspicion there is a setting somewhere that requires an active session initiated with the login method but then what is the point of implementing OAuth or token authentication? Is there a way to disable the requirement for active session for API calls?

It’s working for me, so probably a misconfiguration on your side.

There’s no setting like that. We use bearer token API calls extensively on brand new sites. Are you sure the user with token you’re using has the appropriate roles/permissions for the call you’re trying to make?

The user is the system admin. I have tried to invoke the basic frappe.auth.get_logged_user method and it fails with the error above.


How do I find what is misconfigured?

Here’s a working example: