I want to create a whatsapp integration for APM. Meta wants me to provide them with an endpoint which can receive GET/POST Requests on Anonymous endpoints.
Frappe provides me with a way to expose REST API using @frappe.whitelist decorator, however it makes it mandatory for the caller to provide with a token. WhatsApp integration can’t fetch that token.
Is there a way to expose anonymous REST API from frappe ?
Hey @ankush
allow_guest did solve the issue. Here’s a pickle I am in. I wanted this method to be called from a webhook and hence guest works.
However after the API is called, I want to elevate the privilege and create some entities which are available only for a few roles. Is there an API which helps me impersonate admin or some other user for the part of the code in the webhook ?
Abhishek
There’s no security component in webhook url, if anyone knows the endpoint they can input data. Add a param for security and verify it from settings or config. Or verify request as per api docs. E.g. some api sign the payload with shared secret and endpoint has to verify the payload with shared key.
Set user by calling frappe.set_user("Administrator")