System vs Website User Logins and API


I’m creating an external website that will hook into the Frappe framework and a custom app and am having some issues with permissions.

I’m able to connect via API and get documents with frappeclient - however, when I set permissions to “System User”, the test user is able to retrieve all documents - not just their own documents. When set to “Website User”, the API raises an AuthError.

Is there a workaround to this? I’d like to have the user be a “Website User”, and be able to retrieve documents that they are tagged in - such as sales order, and additional docs in the custom app.

Alternatively, will I have to create a separate user type, such as “API/External User”?

Thanks for your help :slight_smile:

Just write a custom API (whitelisted) method.

Will I need to create a different login method if I want them to have “website user” permissions?

Default sign-up is a “website user”