frappe-api-handler_skill

This skill helps you create secure, scalable Frappe REST APIs by whitelisting methods, validating inputs, handling errors, and composing robust endpoints.

7

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill venkateshvenki404224/frappe-apps-manager --skill frappe-api-handler

  • SKILL.md9.7 KB

Overview

This skill creates secure, efficient custom API endpoints and whitelisted methods for Frappe applications. It provides patterns for authenticated and public methods, REST-style handlers (GET/POST/PUT/DELETE), file uploads, bulk operations, pagination, input validation, error handling, and authentication. Use it to expose Frappe functionality safely to external systems or build REST APIs for your app.

How this skill works

The skill generates and documents Python methods decorated with frappe.whitelist() that become accessible via /api/method/{app}.{module}.{file}.{method}. It includes patterns for allow_guest and permission checks, parses JSON inputs, validates and sanitizes data, logs errors, and returns consistent response shapes. Common helpers cover pagination, file uploads, bulk creates, and API key or token authentication.

When to use it

  • You need custom REST endpoints for a Frappe app
  • You must whitelist Python methods for API access
  • You are integrating external systems or third-party services
  • You need secure file uploads or bulk data operations
  • You want standard patterns for pagination, validation, and error handling

Best practices

  • Always validate and sanitize incoming data before processing
  • Check permissions with frappe.has_permission() and throw on denial
  • Return consistent success/error payloads and use HTTP status codes where possible
  • Log unexpected errors with frappe.log_error() and avoid exposing stack traces
  • Version public APIs and consider rate limiting for guest endpoints

Example use cases

  • Expose customer details via an authenticated whitelisted method for a mobile app
  • Create sales orders from an external system using a POST handler that parses items and submits the document
  • Provide paginated product lists with filters for a storefront or analytics service
  • Accept file uploads tied to a document using save_file and return file metadata
  • Run bulk create operations for migrating data or batch imports with error reporting

FAQ

Put API functions in apps/<app_name>/api.py or apps/<app_name>/<module>/api.py so they map cleanly to /api/method/ routes.

How do I expose a public endpoint?

Use @frappe.whitelist(allow_guest=True) and implement rate limiting, input validation, and strict output sanitization to protect sensitive data.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational