ERPNext API auth
254 views
Skip to first unread message
Nguyen Do Le Bao
Jul 4, 2014, 12:11:24 AM7/4/14
to erpnext-dev...@googlegroups.com
Hi guys,
According to this https://frappe.io/apps/frappe-framework/developers/api/rest_api , we would be login using API by calling to /api/method/login.
But what I don't understand is if client does not have session, we cannot really detect whether the subsequent API calls are authenticated, right ?
In that case, is there any recommendation ? I am thinking of using a generated token and keep passing that on subsequent calls.
Will that be ok ?
Thank you!!!
Rushabh Mehta
Jul 4, 2014, 1:08:52 AM7/4/14
to erpnext-dev...@googlegroups.com
--
Note:
If you are posting an issue,
1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.
End of Note
---
You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/e6e3dcff-bbde-4891-b272-500b4d43b58b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nguyen Do Le Bao
Jul 9, 2014, 12:21:54 AM7/9/14
to erpnext-dev...@googlegroups.com
Hi rushabh,
Thank you for this, but if my client side is using sth else and cannot have session ? Like using curl ?
Do you have any recommendation for server side to identify the session ?
Nathan
On Friday, July 4, 2014 1:08:52 PM UTC+8, rushabh wrote:
On 04-Jul-2014, at 9:41 am, Nguyen Do Le Bao <natha...@gmail.com> wrote:
Hi guys,According to this https://frappe.io/apps/frappe-framework/developers/api/rest_api , we would be login using API by calling to /api/method/login.But what I don't understand is if client does not have session, we cannot really detect whether the subsequent API calls are authenticated, right ?In that case, is there any recommendation ? I am thinking of using a generated token and keep passing that on subsequent calls.Will that be ok ?Thank you!!!--
Note:
If you are posting an issue,
1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.
End of Note
---
You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+unsub...@googlegroups.com.
Rushabh Mehta
Jul 9, 2014, 1:09:35 AM7/9/14
to erpnext-dev...@googlegroups.com
On 09-Jul-2014, at 9:51 am, Nguyen Do Le Bao <natha...@gmail.com> wrote:
Hi rushabh,Thank you for this, but if my client side is using sth else and cannot have session ?
No then you can't you need to be authenticated!
To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/82e6da14-ef93-4039-a81c-e19ee9c86cf9%40googlegroups.com.
Nguyen Do Le Bao
Jul 9, 2014, 6:22:53 AM7/9/14
to erpnext-dev...@googlegroups.com
Hi,
I actually can get the sessionid and pass back to server on subsequent calls
But then it's a bit insecure so I wanna encrypt/decrypt the id
Problem there is no way to set frappe.session.user directly in the API module function ?
Here is the gist of my code: https://gist.github.com/nathando/ecbbf41596b7eced9f45
Please ignore the 'fields', 'filters' settings
Nathan
Rushabh Mehta
Jul 10, 2014, 12:05:33 AM7/10/14
to erpnext-dev...@googlegroups.com
Hi,I actually can get the sessionid and pass back to server on subsequent callsBut then it's a bit insecure
Not sure how this helps? If you are on an HTTPS connection, it is very hard to sniff your ID - if you are on HTTP - whether you generate a new token every time or not is easy to figure for a hacker.
To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/6bcb0a97-f3ee-4843-9693-90292ca81b2e%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages