Available starting with v11.0.3

The HTTP Authorization request header contains the credentials to authenticate a user with a server. It consits of the authorization type (token or Basic) and the corresponding token.

Authorization: <type> <token>

The token consists of api-key and api-secret, joined by a colon. Check Guides / Integration / How To Set Up Token Based Auth to see how to generate api-key and api-secret.

There are two types of authorization: token and Basic:

Token

HTTP header:

Authorization: token <api_key>:<api_secret>

Example in python:

import requests

url = "http://frappe.local:8000**/api/method/frappe.auth.get_logged_user**"
headers = {
    'Authorization': "token <api_key>:<api_secret>"
}
response = requests.request("GET", url, headers=headers)

Basic

If the "Basic" authentication scheme is used, the credentials are a combination of apikey and apisecret and are constructed like this:

1. The username and the password are combined with a colon (apikey:apisecret). <api_key>:<api_secret>
2. The resulting string is base64 encoded. base64encode(<api_key>:<api_secret>)

HTTP header:

Authorization: Basic base64encode(<api_key>:<api_secret>)

Example in python:

import requests
import base64

url = "http://frappe.local:8000**/api/method/frappe.auth.get_logged_user**"
headers = {
    'Authorization': "Basic %s" % base64.b64encode(<api_key>:<api_secret>)
}
response = requests.request("GET", url, headers=headers)

Access Token

If the OAuth 2 Access Token is used to authenticate equest, the token is opaque access_token string provided by Frappe Server after setting up OAuth 2 and generating token. Check Guides / Integration / How To Use OAuth 2

HTTP header:

Authorization: Bearer access_token

Example in python:

import requests
import base64

url = "http://frappe.local:8000**/api/method/frappe.auth.get_logged_user**"
headers = {
    "Authorization": "Bearer %s" % access_token
}
response = requests.request("GET", url, headers=headers)

Further ressources

• Authorization Header